With a new year comes new resolutions, new goals, new IT budgets, and whatnot. But it is always a good practice to pause, rewind and examine the year that went by instead of being in a gold rush to start the New Year. The year that we just wrapped up always carries with it learnings, there are important take always the year gone by has wrapped for us, so it is only foolish if we don’t pause and look at them. So, let’s take a moment and see how the year 2019 in the Cybersecurity Space was.
In the cybersecurity world, if there is a thing or two that we can learn from the year that went by, it is the fact that our data is never safe and can be compromised at any given point. 2019's cyberattacks showed to us how very easy it is for our data to fall into the wrong hands. Every kind of cyber-attack showed its ugly face to use throughout the year, be it data breaches, phishing scams, advanced attacks, ransomware attacks, password spraying, and even state-backed hacking campaigns got its fair share of the spotlight.
I understand our busy schedules may not allow each one of us the luxury of time to research on the cyber-attacks that kept 2019 up on its toes. So to make it easier for you we have here compiled here your top 5 cybersecurity breaches that made headlines.
**Please note these are not listed in any order of scale of impact but are chosen to highlight the kind of attacks we are faced with today.
- The Facebook User Data Leaks
In April 2019, about 540 million records about Facebook users were exposed. They were published on Amazon's cloud computing service by two third-party app developers. This was the second big attack that the social media giant faced in two consecutive years. The first one being the Cambridge Analytica scandal. However, the 2019 Data Leaks had no hacker involvement. Instead, Facebook had accidentally made public more than a million user emails.
These two attacks of 2018 & 2019 show exactly the scale of information that corporate giants like Facebook work with and very easy it is for a simple mistake in data management to turn into a huge privacy issue for millions of people. Then in September, despite Facebook’s announcement that it was making security improvements by restricting access to data, 419 million records including unique Facebook IDs and phone numbers were found to be unprotected by any password at all.
Learning: This latest incident increases the risk of spam calls and SIM-swapping attacks on users’ smartphones — a tactic that relies on tricking cell carriers to transfer phone numbers to a hacker.
- Capital One Hack
Capital One confirmed in March 2019 that a hacker had broken into their server by exploiting a configuration susceptibility in a web application firewall. The person retrieved personal information for more than 100 million Capital One customers in the U.S. and 6 million in Canada, making this hack one of the biggest ever in the sheer volume of data that got leaker. The compromised information included names, addresses, phone numbers, and dates of birth, along with 140,000 Social Security numbers, 80,000 bank account numbers, credit scores, and transaction data. The infiltrator was considering distributing the Social Security numbers publicly, according to the FBI agent who investigated her.
Learning: Applications and services running and hosted on the cloud need to be scrutinized similar to how we would an internally hosted server, if not more. There needs to be regular perimeter security and firewall assessment performed to ensure that patches have been applied and access to configuration settings are restricted.
- Citrix Systems Inc. Data Breach
The company said the hackers had intermittent access to its network between October 13, 2018, and March 8, 2019. They also established that the attackers removed files from their systems. Some of these files stored information on current and former employees and, in some cases, beneficiaries and/or dependents. The compromised data includes names, social security numbers, and financial information. The company provides services to approximately 400,000 companies and other global organizations, however, it’s unclear how many people have been impacted by the incident.
Learning: The Company believes the hack resulted from a technique known as "password spraying" which gains access by scanning systems and infiltrating those using commonly used weak passwords. Thus a few quick takeaways for every enterprise here are around
- Using strong passwords
- Protective monitoring for password spraying attacks and enforcing multi-factor authentication
- Perform a routine systems check
- First American Data Breach
First American’s data breach is referred to as the second-largest data breach affecting nearly 900 million compromised records. The first in line being Yahoo!’s hack in 2013 impacting nearly 3 billion accounts. The data breach at First American allegedly involved mortgage documents dating back to almost 2003 and the leaked data supposedly included personal identifying information, bank account numbers, driver’s licenses, Social Security numbers, tax records, and other stolen information. What’s interesting about these attacks was that it was discovered by a real estate agent and First American ignored his warnings which were later taken up by a journalist specializing in cybercrime.
Learning: With each cyberattack, the importance of timely upgrades and security patches becomes more evident. Continued vigilance by employees and training to help them recognize potential phishing scams, ransomware attacks, cybercriminal tactics and security best practices can help mitigate the risks significantly.
- American Medical Collection Agency (AMCA) Data Breach
The recent breaches of Quest Diagnostics and competitor LabCorp should get your attention because of the implications for those involved. The billing service vendor AMCA, for the healthcare industry, disclosed that its records were exposed to hackers between August 1, 2018, and March 30, 2019. The documents exposed could contain patient's social security and insurance information, two valuable data points for those seeking to create false identities, which makes this a valuable haul for hackers. The large lab testing company, Quest Diagnostics, was among those affected with up to 12 million records being compromised. Others impacted include LabCorp, Bio-Reference, Clinical Pathology Laboratories, Austin Pathology, Natera, CBLPath, and South Texas Dermatopathology.
Learning: Since so much of criminal activity happens online, it is impossible to say with any clarity as to when such a thing will hit you. So, it is extremely imperative for an organization to ensure they tighten and review their security posture at regular intervals and be equipped to hunt for threats instead of just taking a reactive approach to security.
With these examples, it is well-established that our data has never been secure. With each cyberattack, the importance of timely upgrades and security patches becomes increasingly evident and thinking you are immune to these attacks is the worst thing you can do for your organization. Continued watchfulness by employees and training to help them recognize potential phishing scams, ransomware attacks, cybercriminal tactics, and security best practices can help mitigate the risks significantly. As an Enterprise your Security methods must focus on both detection and the ability to mitigate the impact after an attacker gets in. You need to evaluate a security model holistically and gain visibility and control not just at the endpoints but across the extended network and the entire attack continuum before an attack happens, during the time it’s in progress, and after it has damaged systems or stolen information. So you need to have a Security Dynamics that can deal with the Pre, During, and Post impact of an attack.