The last few days have been good for Equifax, all eyes have been focused on Deloitte security news!
This week’s Deloitte security news were dismissed by the company as a small incident; however, security researchers and Pentesters have been finding security holes all over the internet.
The Guardian were tipped off by a reader a collection of Deloitte’s corporate VPN passwords, user names, and operational details lurking within a public-facing GitHub-hosted repository. The information were removed recently but the reader was quick enough to snap few screenshots.
In addition to the potential leaks of corporate login details, Deloitte has internal and potentially critical systems open to the internet with remote desktop service (RDP) enabled. Such services should be protected and hidden, according to top consultancy firms, ironically.
“Just in the last day I’ve found 7,000 to 12,000 open hosts for the firm spread across the globe,” security researcher Dan Tentler, founder of Phobos Group, told The Register today. “We’re talking dozens of business units around the planet with dozens of IT departments showing very different aptitude levels. The phrase ‘truly exploitable’ comes to mind.”
As an example, a Deloitte windows server 2012 in South Africa was found with RDP wide open, acting like an Active Directory server, and with updates still pending.
Here is a system with NetBIOS open:
… And another example with RDP open on Active Directory:
… And some systems with pending updates:
All of these Deloitte security news are embarrassing to the company, labeled a top security consulting agency in the world. The firm makes millions selling their security tech guru services on an hourly basis.
Another name that is being dealt with these news is #Gartner. The company said that “Deloitte ranked as the No. 1 global consulting organization for the 5th consecutive year.”
New York, NY, 11 June 2015 – For the fifth consecutive year, Gartner has ranked Deloitte member firms (Deloitte) as the number one global consulting organization based on 2014 market share revenue in their report Market Share Analysis: Consulting Services Worldwide, 2014. Gartner defines Consulting as Business and IT Consulting and includes revenue from Deloitte Consulting practices and advisory businesses globally.
“Developing actionable strategies and delivering on them with clients is critical to being a leader in this industry – but it isn’t enough to be the number one consulting organization,” said Jim Moffatt, Deloitte Global Consulting Leader. “Drawing on the breadth and depth of our network capabilities, investing the time to understand clients’ needs, and collaborating with them to create value – based on their definition of value – is what we feel has set Deloitte apart for five years running.”
The report notes, “The worldwide consulting service market grew 6.1 percent to $125.2 billion in 2014 from $118.1 billion in 2013. The top 10 consulting service providers combined grew at a fast pace of 6.8 percent compared with the overall market.”