The covid-19 pandemic has turned out to be more than just an attack on human lives. It’s also been the cause for a significant increase in the number of cyber-attacks and security breaches. With a newly remote workforce and a lack of proper protection for thousands of businesses across the globe, the environment was ripe to be taken advantage of by cyber criminals. They did just that. According to reports issued by the Identity Theft Resource Center (ITRC), the number of data breaches through September 30, 2021, exceeded the total number of events in the full year (FY) 2020 by 17%. Between politically motivated hacks to disruptive attacks on supply chains, cybersecurity became a household word that affects nearly everyone.
Here’s a roundup of the 8 biggest security breaches of the year.
1. Volkswagen data breach
Volkswagen reported a data breach by an unauthorized third party in June. Impacting over 3.3 million customers, an electronic file left unsecured by their marketing vendor was the cause behind the breach. The file contained customer data used for sales and marketing purposes spanning between 2014 to 2019. The hacker was identified by the alias “000” and wanted to sell the contents of the database for approximately $5,000. The information that was leaked consisted of names, postal addresses, mobile numbers, social security numbers, driver’s license numbers, tax ID numbers, and make and models of vehicles purchased/leased/enquired about.
2. SocialArk data breach
SocialArks, the China-based platform that spearheads marketing, brand building, and social customer management suffered a massive data breach in January. The leak stemmed from a cloud misconfiguration that exposed 318 million records consisting of 400GB of public and private profile data – including celebrity and influencer profiles – of 214 million social media users from around the world.
All of the data exposed was obtained from users’ Facebook, Instagram, and LinkedIn profiles and contained their names, country of residence, contact information, position of work, subscriber data, and direct links to their profiles. The attack was initiated through a vulnerability in their ElasticSearch database that exposed their server without any usernames or passwords to protect the data it stored.
Image Source: istockphoto
3. Kaseya ransomware attack
In July 2021, IT management and security software company Kaseya suffered a ransomware attack by the Russian hacker organization REvil demanding $70 million. The company’s remote monitoring and management (RMM) solution was targeted due to an SQL vulnerability leading to nearly 1500 businesses – including schools, hospitals, and a Swedish supermarket chain – being affected by the attack.
The hackers used a zero-day exploit to bypass authentication protocols and run arbitrary command execution in Kaseya’s Virtual System Administrator. Then, a malicious payload was injected into their clients’ systems through a fake software update. Up to a million systems were encrypted and held for ransom.
4. ParkMobile data breach
The cashless parking app ParkMobile suffered a data breach in March compromising its users’ personal information. The breach was due to a vulnerability in a third party software integration that resulted in critical customer data such as phone numbers, email addresses, license plate numbers, vehicle nicknames, and addresses of 21 million customers being leaked and sold in the dark web. Although encrypted passwords were accessed by the hackers, the encryption keys necessary to read the passwords were not.
5. Colonial Pipeline ransomware attack
Image Source: istockphoto
In April, a pivotal fuel provider Colonial Pipeline experienced a ransomware attack that disrupted its gas supply chain. A hacking organization called DarkSide targeted the firm’s billing system and internal business network and stole almost 100 gigabytes of data.
The company’s legacy VPN system was missing multifactor authentication which made it easily accessible through a single password without the need for a second step text or email verification to keep the hackers out once they figured out the password. The ransomware attack shut the line for several days that led to a spike in gasoline prices, fuel shortages, and panic buying.
6. Android data breach
In May, the personal data of more than 100 million Android users was exposed due to numerous configuration errors in third party cloud services. The personal information was found in unsecured real-time databases used by 23 applications, the download numbers ranging from 10,000 to 10 million. All of the sensitive data – names, email address, chat messages, date of birth, gender, photos, location, passwords, phone numbers, payment information, and push notifications – could be accessed by anyone. The cause for this breach was misconfigured cloud services – something that a company as big as Google can be susceptible to.
7. T-Mobile data breach
Telecommunications giant T-mobile was subject to a data breach that compromised the personal information of nearly 54 million people, in August. There were two batches of exposed data. The first one consisted of customers’ social security numbers, birth dates, addresses, and driver’s licenses while the second one contained customers’ IMEI and IMSI numbers. The hacker responsible for the attack gained access to T-Mobile’s internal infrastructure through an unsecured router.
What can we learn from these data breaches?
Enforce endpoint protection
Businesses need to properly identify and secure all their devices and systems with endpoint protection. They should also monitor every single device connected to their network.
Check third-party vendors
Before partnering with third-party vendors, enterprises should ensure whether or not they are legitimate and trustable. Access controls for third party software within organizations should be monitored and maintained frequently.
Encrypt sensitive data & use RBAC
It is essential to encrypt sensitive data and store it in secure locations. Businesses need to control who has access to sensitive data. And controlling access to important data includes both physical and digital access to systems and data. All systems and physical places should be protected with multiple security layers and should only be accessible to authorized personnel.
Keep systems up-to-date
Organizations should regularly run system checks to detect vulnerabilities and install patches automatically.
Train employees, partners & users on security
Enterprises should ensure their employees and users are making secure online decisions and taking responsibility for their cybersecurity posture. It is important that organizations screen all their current and potential employees. They should also enforce effective training for their employees to teach them security best practices as well as ways to minimize damage when a breach occurs.
Employing multifactor authentication is essential to keep users safe – whether this is for end-users or employees. It is easy to implement, and one of the strongest safeguards against an attack.
Data breaches are always a question of when, not if, since they can occur because of a wide variety of attack vectors where every single one is as dangerous as the other. Businesses must stay one step ahead of attackers to safeguard user information and other sensitive data. This article highlights some of the major breaches of this year while also serving as a guide to learn from them.
Featured Image Source: istockphoto