Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

Lessons From the Goldcorp Extortion

Unfortunately, another breach has made the headlines and it’s déjà vu all over again. The narrative surrounding the Goldcorp breach is similar to other doxing attacks: Attackers appear to have...
Michael Buckbee
1 min read
Published May 5, 2016
Last updated October 21, 2021

Unfortunately, another breach has made the headlines and it’s déjà vu all over again. The narrative surrounding the Goldcorp breach is similar to other doxing attacks:

  • Attackers appear to have had undetected access to confidential information for months,
  • Sensitive files and emails were stolen,
  • And multiple GBs of data were exfiltrated without sounding an alarm.

The hackers in the Goldcorp incident claim they have emails showing corporate racism and sexism. But they were not entirely motivated by ideology. Instead, they also asked for money to not release the 1.8 GB of data they say is in their possession.

The hack also resulted in personal information about employees (ids, passwords, salaries) being disclosed.

The CEO of Goldcorp, a Vancouver-based mining company, points out that because they’re a public company, sensitive data is automatically in the public domain.

In any case, the breach underscores yet again the need to monitor access to confidential documents and mailboxes as if they were bank accounts.

And this incident is on top of the hacking of U.S. Steel for its IP involved in lightweight steel technology.

Our opinion on all this?

Perimeter defenses will not stop hackers from getting in. Period.

You’ll need to monitor file and other system activities. And the most effective way to interpret this activity is to compare it against a baseline, and use that to decide who’s a hacker (or insider), and who’s doing legitimate work.

In other words, you need User Behavior Analytics or UBA.

Got UBA? Learn more about how tracking behaviors can help mitigate your breach risks.

 

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

why-every-cybersecurity-leader-should-‘assume-breach’
Why Every Cybersecurity Leader Should ‘Assume Breach’
Any system, account or person at any time can be a potential attack vector. With such a vast attack surface, you need to assume attackers will breach at least one vector.
what-is-zero-trust?-architecture-and-security-guide
What Is Zero Trust? Architecture and Security Guide
Zero trust is a security model that protects against both malicious insiders and external attacks that have breached your perimeter.
securityrwd---introduction-to-aws-elastic-compute-cloud-(ec2)
SecurityRWD - Introduction to AWS Elastic Compute Cloud (EC2)
Concerning headlines about threat groups targeting major security and technology vendors are keeping more than a few security and IT professionals up at night. Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team discuss why advanced attackers target technology like SSO and why organizations must "assume" breach. Watch now for helpful tips to harden your environment and protect your data.
speed-data:-thinking-from-a-cyberattacker's-perspective-with-dalal-alharthi
Speed Data: Thinking From a Cyberattacker's Perspective With Dalal Alharthi
Dr. Dalal Alharthi talks about the importance of organizations anticipating a breach and seeing the world through the eyes of an attacker.