Data breach in OSIsoft

Share this…

The software company has suffered a data breach that would have compromised all the domain accounts

OSIsoft has issued an alert on a security breach affecting employees, interns, consultants and contractors, as reported by information security and digital forensics specialists from the International Institute of Cyber Security.

The company offers real-time data management solutions; its main product is the open enterprise infrastructure, PI System, which allows connecting data, systems and people based on sensors. OSIsoft customers use PI System to collect, analyze, and view data to improve their internal processes, according to experts in cybersecurity and digital forensics.

Malicious actors used stolen credentials to remotely access the company’s systems, as reported in the company’s incident notification, filed with the California Attorney General Office.

“OSIsoft is experiencing a security incident that could affect employees, interns, consultants and contractors. Stolen credentials were used to remotely access OSIsoft’s computers”, the company mentioned in the data breach notification.

“OSIsoft’s digital forensics experts alerted the IT team about anomalous actions in the company’s systems. Our information security service provider has collected direct evidence of the attack, as well as access theft, a situation involving 29 computers and 135 accounts. The evidence has allowed us to conclude that all OSI domain accounts have been affected”.

Threat actors would have accessed the OSI domain logon account name, email address, and user password.  Although Active Directory (AD) uses cryptographic protection methods, users’ personal credentials may have been compromised.

Thanks to the notification that the company presented to the California prosecutor, it has been possible to know that the company is not exactly aware of when the incident was presented, since OSIsoft has stated that it occurred sometime between March 23 2017 and July 26 2018.

The company is still investigating the security breach, meanwhile, has developed a risk mitigation strategy.

OSIsoft is re-establishing committed passwords, also encourages affected users to change their passwords for other platforms if they are the same passwords they use for their OSI account, and invite the user to inform the enterprise on suspicious activities, as well as disabling or restricting remote access and file sharing functions on users’ devices.