Cybersecurity incidents are on the rise, which isn’t a surprise to most in the industry. Hackers become more sophisticated every day, exploiting vulnerabilities and cyber defense mechanisms. While it’s impossible to prevent every cybersecurity attack, there are lessons and takeaways from these that could help strengthen your framework and enhance your team’s awareness.
In this post, we’ll examine some of the latest cybersecurity incidents and discuss why they happened and what you can learn from them.
Why Are Cybersecurity Incidents Rising?
There’s no one answer to this question. The pandemic definitely played a role. Companies had to transition employees to work from home, which opened up more areas of entry for cybercriminals. Since businesses had to rush to do this, they might haven’t been able to follow best practices or embed the best defense positions.
Since the beginning of the pandemic, the FBI reported an increase of 300% more cybercrimes. The healthcare industry was one of the biggest targets, with cybersecurity incidents increasing by 58% in 2020. COVID-19 and stimulus check scams were attractive to hackers, costing Americans over $97 million.
Remote work, as noted, isn’t a new vulnerability. According to IBM, it increased the average cost of a data breach to $137,000. Further, remote workers caused a security breach in 20% of organizations.
All these stats can seem defeating for cybersecurity professionals. Hackers got smarter, opportunities became available because of the pandemic, and those protecting data and networks felt under pressure. It’s a perfect storm for risk and challenges.
However, with each devastating breach or occurrence, there is the chance to perform an evaluation and take something from it to make the future different. Let’s look at some recent events that illustrate these possibilities.
Zoom Accounts Compromised, Sold on Dark Web
The use of Zoom accelerated once the country began to lock down and work from home. It’s so prevalent that Zoom became a part of the cultural vernacular. While the video conferencing platform enabled companies to stay connected and continue work, security issues weren’t always perfect.
There was a massive credential stuffing attack, allowing hackers account access. Such an attack includes hackers targeting a site and analyzing site login sequences and processes. With this knowledge, they can then write an automated script to test stolen credentials.
The company wasn’t checking registered usernames and passwords against lists of known breached account credentials. Those accounts, ranging from users at large banks to universities, were then found on sale on the dark web. The value to cybercriminals is they can impersonate the actual user, eavesdropping on calls, accessing previous meetings, or sending malware files to others.
Takeaways
- Zoom did begin to check usernames and passwords of new accounts against breached credentials, prompting new passwords. Organizations that use these platforms or any cloud-based application should also have robust password criteria and consider cybersecurity education on password usage to employees.
- Two-factor authentication is another option to thwart credential stuffing. Companies should seek this out for the solutions they deploy.
- Requiring a meeting password should also be part of cybersecurity best practices for users.
Molson Coors Experiences Hack, Disrupts Brewing Operations
In March, Molson Coors reported a cybersecurity incident that disrupted its operations in a regulatory filing. An investigation immediately occurred, and the company hired a leading forensic IT firm for help.
Several sources suggested it was ransomware and that taking operations offline was a defensive move to stop the spread. Ransomware attacks have been steadily rising, as hackers attempt to extort businesses by requesting payments to release their files.
Takeaways
- Cyber attacks are expanding to include areas beyond breaching data and consumer personal information. They can also impact operational practices. These types of disruptions create new risk, as IoT (internet of things) devices become more common in manufacturing. It expands infrastructure as well as endpoints to exploit. Cybersecurity professionals will need to consider all these threats moving forward.
Verkada Breach, Hackers Access Live-Camera Feeds
Video surveillance has been a part of public and private spaces for some time. It’s obviously become much more sophisticated. Much of these systems were on-premises, and the cloud-enabled them to be more accessible. Verkada, a security-camera startup, was hit with a massive hack, exposing over 150,000 live-camera feeds. Infiltrating the system allowed the hackers to post videos from schools, prisons, hospitals, and even manufacturers like Tesla. Those cybercriminals were able to view live feeds and archived videos.
The U.S. Department of Justice (DOJ) announced an indictment of Tillie Kottmann as being responsible for the hack and many others. Kottman’s response, per a statement provided to Bloomberg News, was that they were “motivated to expose the scope of private surveillance practices.”
It’s unknown if their motive was purely altruistic. But whatever their reason, other hackers can certainly see the value in having this information and access. That’s because it’s much more than just looking at the content. It can be an easy way for initial access to the larger network. This incident wasn’t the first of its kind and won’t be the last, as most people are bombarded by widespread surveillance by the tech they use.
Verkada’s response was to say they’d be making security, privacy, and trust their top priority. One might question why it wasn’t already. As regulators and litigation play out in this area, certain companies could be open to fines from the Federal Trade Commission (FTC).
Takeaways
- Private companies and government entities will continue to use surveillance systems and likely expand them, but they need to consider the entire ecosystem when they do. Is such a system a good candidate for private cloud usage? That’s a possibility.
- The risk around these hacks is rising, and those organizations that don’t invest in cybersecurity standards to limit it will continue to be vulnerable.
- Users of technology platforms can’t be solely dependent on the developers for robust security controls. Vendors are often a weak link in cybersecurity incidents, so vet them well, install updates as soon as available, and protect it as an entry point.
Microsoft Email Hack Impacts Over 30,000 U.S. Organizations
Flaws in Microsoft Exchange Server software allowed a Chinese cyber-espionage unit to hack email accounts. They were able to steal emails from users and take complete control of the systems. The type of accounts compromised was internet-facing Microsoft Outlook Web Access (OWA), not the cloud-hosted version.
Microsoft responded by releasing an emergency security update to plug four security gaps for versions 2013 to 2019. However, those that didn’t install the patches continued to be a target. Hackers left web shells, which are password-protected hacking tools. They can use these to gain administrative access and could still be present even for those patched systems.
Takeaways
- Patch everything and always, no matter the level of confidence in the software. Those patches must be enterprise-wide, no matter where the user is. You can’t rely on individual users to manage this.
- Cloud-hosted email exchange is likely the best configuration. Microsoft, like any other software provider, is going to nudge people to the cloud. This incident demonstrates some software providers may be less inclined to keep older systems updated.
Hospital Breach Exposes 34,000 Patients
A hospital in New Hampshire reported a breach affecting over 34,000 patients. The announcement came in March, and the attack occurred in July 2020. Patient names, demographics, and Social Security numbers were part of the breach. The organization said it was also no longer using the network system involved. The forensics revealed hackers had access to a file for a “short period,” and the third-party firm performing the analysis was unsure if they copied it.
The hospital assured patients that they had new safeguards in place and agreed to offer complimentary credit monitoring and identify theft protection services to impacted individuals.
Takeaways
- Healthcare organizations are ideal targets for hackers. They understand that healthcare data is valuable and know there are lots of challenges that health IT faces around compliance, data exchange, and interoperability.
- Lack of standardization in this industry is a risk. Healthcare entities can protect themselves by adopting the cloud, using simple yet impactful cybersecurity frameworks, and always monitoring every application that lives on their network.
Protecting Against Cybersecurity Incidents
Having the right processes and systems in place is critical to defending against cybersecurity attacks. But those aren’t the only things that matter. The right team does as well, which means a high-performing cybersecurity team with technical and soft skills. To improve on the latter, you can learn from my book, The Smartest Person in the Room. It’s a revolutionary approach to cybersecurity. Get your copy today.