We have all seen how fast things can change in 2020 but the one thing that has not changed is the number of security breaches. In fact, the coronavirus increased the security threat landscape. One reason for this increase is due to the working from home (WFH) environment created more vulnerabilities and avenues for attacks.
What 2020 breaches during the Pandemic can teach us
As the saying goes “Learn from the mistakes of others – You will never live long enough to make them all yourself”. In terms of your business, making some of these mistakes could end that business which you have spent years building, so buckle in and prepare for a journey you will not want to experience firsthand.
Largest breaches to date – to learn from
1. Travelex felt the pain of ransomware
To illustrate how damaging a cyber-attack can be, Travelex is the best example of the year so far. It was reported that the business cost of these attacks in Q1 was £25 million with about £4.6 million demanded as ransom from the attackers. Unconfirmed reports of the breach were said to be due to an unpatched vulnerability that allowed attackers to execute code remotely. This cyber-attack and the effects of the pandemic have been factors that led to them going into administration being part of the top security breaches in 2020.
Travelex is not alone in being affected by attacks such as these, but they were unfortunate that the attack happened during the pandemic. The main lesson we learn from this is that breaches can be more costly than ever due to financial strains businesses have, so security should be a higher priority than before. This can be difficult due to the financial strain but maintaining security updates should never be overlooked or the next company forced into administration could be yours.
2. Twitter has a mole
Insider threats can be a difficult problem to discover. If you don’t take the time to uncover and prevent this threat – it can cause extreme damage to you or those who use your products/services. The scam on Twitter appeared to have been done using an insider to distribute an administrative tool. Part of this attack was also due to the admin tool being accessible to hundreds of Twitter employees, which allowed them to reset passwords of users (among other things). Once attackers got access to it, they used social engineering to convince people to give them money via bitcoin by saying that they would send them to double the amount in return.
In essence, it is similar to the classic Nigerian prince scam but appears more believable due to verified accounts being used for the message. This highlights 2 main lessons, with the first being how employees can be targeted or can be used to deliver a devastating blow to your business. The second lesson is how most people (who may also be employees somewhere), lack basic social engineering training to be able to identify these messages as a social engineering attack.
3. Marriot gets struck again
The Marriot hotel revealed around 5 million customers had personal information exfiltrated by attackers who gained access to two employee accounts. Marriot claimed the breach took over a month to discover, which is not unusual. It should be noted that this is Marriot’s second breach in 24 months, albeit through different methods.
This story illustrates how the threat from attackers never stops, so security should be treated as a journey and not a destination. If measures such as two-factor authentication had been in place it would have made the attack much more difficult. To help mitigate this type of risk; a company should consider monitoring user accounts for suspicious behaviour and implementing multi-factor authentication.
4. Clearview AI’s files become clear as day
Sometimes, a data breach is not caused by out-of-date software or social engineering, but a misconfiguration in the service. Clearview AI provides a good example of this – as they had a misconfiguration that allowed anyone to sign up for an account, which contained a repository for Clearview’s files. This repository was essentially only protected by a password and the misconfiguration allowed users to create an account making this control ineffective.
As a result, lots of sensitive information was available to include source code, secret keys, and credentials. This demonstrates how important it is to have a secure configuration to prevent access to sensitive files. Mitigating this risk requires first finding configuration settings that could be exploited and changing them to prevent attackers from taking advantage of this weakness.
5. Zoom’s passwords are for sale in the market
Zoom is a prime example of how people have not learned from the mistakes of others. Attackers used databases of OLD passwords dating back to 2013 leading to around ½ a million Zoom credentials being gathered. Additionally, multiple IPs were used to stop the attack from being blocked.
With every breach, there are lessons to be learned and this is no exception. Most users prefer convenience to security, and therefore more should be done to help them create secure passwords. The other part of this is making sure users do not reuse their passwords across applications, which can be difficult even if using the same credential databases as the attackers to check each password entered. Companies like Zoom cannot easily solve this problem without the help of users. However, Zoom could incorporate multi-factor authentication and passive checks on logged-in users to make this much harder for attackers to do.
Who will be the next on the 2020 breach list?
If you do not want to follow in the footsteps of these companies in terms of breaches, learn from their mistakes and do not let your security fall behind. Attackers have not stopped in 2020 and so neither can you. Breaches are not 100% preventable but poor decision making and not being proactive with security make it more likely that they will occur.
The first part of solving a problem is knowing what it is. However, if you do not know what your security weaknesses are, security assessments can help you identify vulnerabilities and how to mitigate them.
Risk Crew provides a full portfolio of security testing solutions that range from Security Vulnerability Scanning to Red Team Testing. See all the Security Penetration Testing Services here.