Recent breaches involving sensitive data from approximately 50 global enterprises highlight the risks of inadequate cybersecurity measures. Key victims include Pickett and Associates, a U.S. utility engineering firm, Sekisui House of Japan, and Spain’s largest airline, Iberia. The cybercriminal, known as Zestix or Sentap, has been exploiting compromised cloud credentials to access corporate file-sharing systems.
Hudson Rock, an Israeli cybersecurity firm, reported that none of the affected companies implemented multi-factor authentication (MFA), facilitating the breaches. The attacker infiltrates systems by having employees unintentionally download malware that steals credentials from their devices. This malware includes types like RedLine, Lumma, and Vidar, which harvest saved login information and browser histories.
Since 2021, Zestix has targeted enterprise file synchronization and sharing platforms, such as Progress Software's ShareFile. A spokesperson from Progress stated that the unauthorized access resulted from previously stolen credentials rather than vulnerabilities in their systems. They emphasized the critical need for organizations to adopt MFA to mitigate such risks.