2021 has been a busy year for cybercriminals. The year is not yet over, and the number of publicly-reported data compromises through September 30, 2021, has exceeded the total number of events in full-year 2020 by 17 percent, according to the Identity Theft Research Center data breach analysis. A new report from IBM Security revealed the average cost of a data breach in Canada was $6.75 million per incident in the 2021 survey year. On all levels, this could be a record-breaking year for data breaches. That's up from $6.35 million the year before, and the highest since the survey included Canada seven years ago.
What are the top security breaches of 2021? Sentia has compiled a list of recent data compromises and the lessons we can learn from them.
Pumps in the eastern U.S. screeched to a halt this year after a ransomware attack on a pivotal fuel provider disrupted the gas supply chain. With the pipeline carrying 2.5 million barrels a day – 45 percent of the East Coast's supply of petrol, diesel, and jet fuel, the Colonial Pipeline hack took down the most significant pipeline and led to shortages across the region. Sources said a criminal gang called DarkSide may have likely caused the ransomware attack. The hackers stole almost 100 gigabytes of data, threatening to leak it onto the internet other than locking the systems.
The Colonial Pipeline data breach gives prominence to the importance of system monitoring. In the Colonial Pipeline attack, the hackers launched their heinous activity in the early hours of May 7. However, the initial breach apparently occurred on April 29, more than a week before. Without a doubt, this observation follows a familiar pattern used by threat actors – gain access to a system, then conduct stealth reconnaissance while setting the groundwork for a widescale attack. Consequently, advanced threat intelligence, coupled with monitoring and detection capabilities, can help recognize malicious activities that signal early attack stages before real issues begin.
2.SocialArk Data Breach
SocialArk, a Chinese social media management firm, experienced a data breach through an unprotected database, exposing the account and personal information of at least 214 million people on social media. The perpetrators initiated the attack through a misconfigured ElasticSearch database owned by the Chinese social media management company. Even worse, many high-profile celebs and social media were among the 400 GB of personal data leaked.
Remarkably, the SocialArk breach is not just another incident both in its impact and sophistication. The attack was initiated through a vulnerability that erroneously exposed data stored in ElasticSearch instances. Such a data breach should ring a bell for organizations. Notably, ElasticSearch is built on top of Apache Lucene's open-source search engine, enabling developers to build search functionality into their applications quickly. The SocialArk incident is an apt reminder that open source vulnerabilities are on the rise. The 2021 Open Source Security and Risk Analysis (OSSRA) report affirms the fact that open-source software provides the foundation for the vast majority of applications across all industries. Unfortunately, many organizations struggle to manage open source risk and license compliance. The report further reveals the widespread use of 'abandoned' open-source components across all industries. Unlike the commercial software with vendors actively pushing updates to users, open-source tools rely on community engagement to thrive, resulting in significant security issues if the rendezvous is not there.
Malicious actors posted personal data of over 500 million Facebook users online from 106 countries, including 32 million records on users in the U.S. and 11 million on users in the U.K. The leaked information included full names, phone numbers, email addresses, Facebook I.D.s, location, and biographical information. Unquestionably, the leaked data provides valuable information to cybercriminals who use people's details to impersonate or scam them into handing over other sensitive information such as login credentials.
From a security standpoint, Facebook cannot do much to help users affected by the breach since much of the leaked information is already out in the open. As a result, the incident illustrates the catchphrase that cybersecurity starts with you. Every time your employees use the internet, they face a myriad of choices related to the organization's security. Should a website be accessed, a link clicked, or public Wi-Fi joined? The Facebook data breach is a reminder that your security and that of your organization depend on making secure online decisions and taking responsibility for our own cybersecurity posture.
4. Microsoft Exchange Hack
Security researchers reported that a zero-day attack had infected companies of all sizes across multiple industries early this year. The data breach is still in progress for organizations that haven't patched the on-premises version of the software yet. The Microsoft Exchange hack was problematic enough that the FBI was quietly removing the web shells from infected systems unbeknownst to citizens, action on a warrant issued by the Department of Justice. Such an action uncovered the fact that so many organizations still lack adequate cybersecurity expertise or focus needed to deal with data breaches.
A properly-trained cybersecurity personnel team helps organizations examine their systems for tactics, techniques, and procedures (TTP) and indicators of compromise (IOCs). In addition, security analysts can conduct essential forensic activities that involve the collection of artifacts, such as memory, registry hives, Windows event logs, and web pages for analysis to identify anomalous activities. Finally, the Microsoft Exchange data breach underscores the inevitability of system patching. Typically, organizations should regularly run systems to detect vulnerabilities and install patches automatically.
Wiping the Slate Clean with Sentia
Recent top security breaches suggest cybersecurity efforts may have lagged as companies rapidly adapted remote work during the pandemic. Our analysis of these data compromises is a wake-up call, especially now that organizations are operating in a perimeter-less environment that makes it difficult to defend a multiplicity of inputs. Moreover, from politically motivated attacks to disruptive activities on supply chains, cybersecurity is no longer a topic just for I.T. departments. With attacks like ransomware and phishing becoming household words, the need to safeguard your business' network, data, and systems has never been more critical. What's more, the management, security, and monitoring of your network, along with increased compliance requirements, only add to the complexity.
Fortunately, Sentia's network and security practice has the experience and expertise to consultatively assess, design, and manage your network and systems across a broad spectrum of solutions.
Our security suite includes:
- Secure managed networking
- Enterprise network security
- SD-WAN/SASE solutions
- Next-gen firewall
- Compliance consulting
- Managed security services
Contact us today to get started on the path a more secure, cyberthreat-proof future.