Learn from The Lessons of The Past

Learn from The Lessons of The Past.jpg

Learn from The Lessons of The Past

Learn from The Lessons of The Past
Publish Date : 01-02-2024
Tags :
Author : Open-CISO

Learn from The Lessons of The Past

 Over the last decade, security breaches and hacks have become less of a surprise and more of a way of living for the world's citizens. It's been a daily norm for news anchors worldwide to come across such news almost every day. Sometimes it's a business that is impacted, and other times billions of regular people are victimized. Some lose their data, face invasive scrutiny, and have had their identities stolen. In contrast, some wake up in the morning only to realize that a stranger was lurking in their bank account. Humans have started to believe they are in the middle of a cyberwar against the merciless inhumane security hacks of all time. This state of cyberwar was inevitable when artificial intelligence and machine learning technologies kicked in, in the early 2000s. However, the evolution of digital threats has only been growing every year, and security experts around the globe have no idea whether humans or bots have attacked them. With all the sophisticated attacks, hacks, and dispassionate art of cyber combat, the computerized world would constantly invite never seen before types of threats and ruin every festival. 

Here are a few disastrous security breaches and hacks that the world has experienced in the last decade and how they could have been avoided. So take an anxiety-inducing walk down the memory lane that changed many lives, and stay safe. 

1. T-Mobile

Date: August 2021 

Impact: 54 million users 

Attack: While the world was still recovering from the pandemic-ridden losses across the planet, a few hackers had a different plan. A plan to attack North America's one of the largest telecom companies - T-Mobile, by attacking its data center access point. Internet addresses are often a soft target for the majority of the telecom companies in the world. T-Mobile was no exception. The hackers scanned T-Mobile's weak internet addresses, wherein a few vulnerable ports were left open to the internet or the dark web. This led the cybercriminals to take advantage of the opportunity by accessing one of the access points via an unprotected router of a data center. This, in turn, led them to more than 100 servers via an unauthorized breach of confidential credentials, only to attack T-Mobile's data files a week later. 

Business Impact: The data files were made up of social security numbers, names, phone numbers, and addresses, device identifiers, and PINs were obtained from a few unluckier ones. These included commercial businesses too. 

Security Advice: Routers act as the foundation of Internet Service Providers (ISPs) but do not stop there. The list of secure Internet Service Providers' data centers can be a challenging task at first. A few salient areas and ways to secure them without fail are: 

  • A constant network scan to identify unmanaged devices across the data center. 
  • Unprotected access points to be identified via a wireless controller and block all unnecessary ports. 
  • Encrypt data-in-transit as well as data-at-rest. 
  • Provision of robust access control mechanisms for all users and employees. 

2. U.S. Federal Government

Date: December 2020 

Impact: Undisclosed 

Attack: The United States of America had just set new records of thousands of new infections running all-time high, approaching records on par with countries like Italy and Spain, which were at the epitome of the holocaust. A technology company named SolarWinds, which works with multiple companies worldwide, also happened to work with the U.S. federal government. It was reported that 18,000 SolarWinds customers downloaded a malicious software update that enabled the hackers to spy on highly confidential information. The attackers were able to find a software vulnerability in SolarWinds Orion product - which is used by the majority of the fortune 500 companies around the globe, to enter into their customer's network and create a backdoor within SolarWinds to exfiltrate information that cannot be blocked from their network management tool.

Business Impact: The attackers were able to compromise a data breach on U.S departments of Treasury and Commerce, partial breach of the Defense department while there was also news that the State Department and the National Institutes of Health were also hacked. 

Security Advice: This cyber-espionage could have been avoided had SolarWinds and other businesses had focused on: 

  •  Robust access control mechanisms. 
  •  Avail 360-degree visibility of its network because "you cannot protect what you cannot see." 
  •  Rigorous product security testing. 
  •  Provision of reliable email security tools. 
  •  Avoid fancy hi-tech tools and focus on essential tools as per the nature of the organization's business and user activity. 

3. Lifelabs

Date: December 2019 

Impact: 15 million patients 

Attack: The heartless hackers targeted a healthcare company this time that affected at least 40% of Canadians and stored private information like names, email addresses, postal addresses, healthcare information, login IDs, passwords, and even birth dates. The attackers found unsecured and misconfigured database systems that led to this massive data breach. 

Business Impact: Healthcare information and lab test results for hospitals were exposed and plausible data manipulation scenarios. Imagine the damage to 15 million lives by playing around with 15 million lab test results. The era where cyber attacks could also be a reason for the loss of human lives had just begun. 

Security Advice: Healthcare organizations have learned the hard way that technology can save lives and be a good reason for the loss of lives. Business executives were awakened to a new trend of ransomware attacks on healthcare and hospitals. Some security improvements to make before focusing on just saving lives are: 

  • Encrypt user information at fixed timeframes. 
  • Secure the encrypted databases to add another security layer. 
  • Strictly follow the least privilege principle to authorize limited users only. 

4. JP Morgan Chase

Date: July 2014 

Impact: 83 million accounts 

Attack: When the unsympathetic cybercriminals didn't leave aside a healthcare sector, it comes with no surprise that why would they spare a financial institution - or rather "multiple" financial institutions to attack all of them at once. The JP Morgan Chase attack on the banking sector was facilitated with one of the biggest hacks in the banking industry that also targeted companies like Fidelity Investments, E-Trade, Scottrade, and financial news organization Dow Jones. The hackers exploited a security vulnerability in an encryption tool called HeartBleed that opened doors for them into their network and into multiple other companies in New York, Boston, St. Louis, Omaha, and Charlotte that ran the encryption tool. 

Business impact: JP Morgan Chase customer data was used to manipulate a few penny stocks to inflate artificially and were also sold to gain exponential profits. The attackers also got hold of the emails, and hundreds of spam emails were sent to customers via executives' email accounts. This led to negative stock inflation and enormous losses for a large chunk of their investors. 

Security Advice: Financial hacks are not a surprise for the world, but the magnitude of the attack is undoubtedly an element to be concerned about. There are a few significant security components that could be focused on safeguarding critical financial institutions. 

  • Rigorous vulnerability management 
  • Adopt an integrated risk management 

In the end, an effective threat response plan is imperative to respond to daily threats. Amidst a world pandemic and a cyberwar, enterprises are forced to transition from a laid-back business only attitude to a security-first attitude in no time. Businesses and security experts have realized that it is crucial to avail complete visibility of their network estate from on-premises over to the cloud and demands a vision to oversee their third-party vendors. It is simple - you cannot protect what you cannot see. 

Therefore, it is observed that the majority of the organizations fall short of these essential security elements that we specialize. We at FnCyber specialize in security consultancy by providing expert security advice like the ones you see above and helping avoid potential security hacks.

There are ways to Shorten the Learning Curve