Dark Web Posts Highlight Panasonic Breach
The November security breach at electronics giant Panasonic may have been the result of a security breach that was marketed to cybercriminals earlier this year.
Researchers at security provider Webz discovered that an SQL injection vulnerability possibly used in the attack was announced on RaidForums, a popular dark website, on January 16, 2021. According to a Webz report released Thursday, an article announcing the bug has been cataloged. but not immediately noticed by the security company’s team.
After the attack was announced, researchers searched their archives and finally found the two forum posts that had been published about ten months earlier.
“We were able to scan it and retrieve it the same day. We also scanned the second message the next day. But since Panasonic is not one of our customers, our cyber team was not monitoring these incidents in real time,” said a spokesperson for Webz told SearchSecurity. “We do have the data though, so once we learned that it had been breached our team took a closer look to see if we could find any footprints leading up to the attack.”
Panasonic disclosed a breach approximately 10 months after the November 26, 2021 post, informing the public that the breached file server contained the personal information of the company’s customers and employees.
According to Panasonic’s disclosure, the company detected the breach earlier this month on November 11, but attackers were likely sitting on its network before then. Webz cited Japanese news reports claiming that the attackers had access to Panasonic’s server for four months prior to the discovery.
“After detecting the unauthorized access, the company immediately reported the incident to the appropriate authorities and implemented security countermeasures, including measures to prevent external access to the network,” said a statement. press release from Panasonic at the time.
It is not known if the vulnerability was the cause of Panasonic’s breach, but Webz said some of the information appears to match. “Using this vulnerability, threat actors could gain access to company servers, which Panasonic announced is the method behind their breach.”
Panasonic did not respond to a request for comment on the Webz report.
Webz said such lulls in activity are not unheard of, as intruders often bide their time before making a move and entering a network – in this case, the SQL database that held employee information and Panasonic customers.
“It’s important to remember that vulnerabilities are typically used as a back door to break in,” said the spokesperson for Webz. “It takes a few more steps and traps, in other words – long months, before the breach.”