This year, Krebs made a list and checked it twice… the result? Lots of hackers were naughty, and far fewer were nice. As we approach the holidays, we’re looking back on the worst cyber incidents of 2019 to see the worst of the cyber grinches this year.
In the midst of the summer heat and Black Hat preparations, the security industry was shocked when news broke of the Capital One breach last July. Needless to say, the Seattle-based software engineer, Paige Thompson, is at the top of Santa’s naughty list after stealing more than 140,000 Social Security numbers, 80,000 bank account numbers, over 1 million Canadian social insurance numbers and more.
What can Capital One do to stay on Santa’s good side? According to Krebs and his team of expert peers, the problem stemmed in part from a misconfigured open-source Web Application Firewall (WAF) that was assigned too many permissions. The intruder was able to conduct a “Server Side Request Forgery” (SSRF) attack to exploit the vulnerability and run commands that it should never have been permitted to run. Organizations such as Capital One should treat this as a learning experience to adopt security best practices such as always properly configuring and updating security technologies, setting strict rules and permissions, and more. In fact, SANS has even gifted the industry with this Firewall Checklist to get them started this season.
Ransomware… and lots of it
With 2019’s influx of ransomware attacks, it’s hard to pinpoint just one that devastated the industry the most. According to researchers, more than 50 cities and towns have been attacked this year. Government organizations were the intended victims of nearly two-thirds of all ransomware attacks, bringing a wave of damage to schools, libraries, courts, and other entities nationwide.
Most recently, CyrusOne, one of the biggest data center providers in the US, suffered a ransomware attack from the same ransomware family that hit several managed service providers in June, over 20 Texas local governments in early August, and 400+ US dentist offices in late August.
In order to avoid becoming the next ransomware target, organizations must constantly monitor their networks and adopt strong threat detection and response plans. They should also consider outsourcing this work to third-party services to maintain the highest level of visibility and monitoring— potentially identifying threats that were previously overlooked. Lastly, we recommend they review the US-CERT recommendations for protecting against ransomware while they have some downtime before ringing in the New Year.
Just before the holidays, the TrueDialog breach took place, exposing 604 GB of data. According to the researchers, this included nearly 1 billion entries of highly sensitive data. Fast Company reported, “such data included two-factor codes, university finance application data, job alerts, codes to access online medical services, password reset and login codes for Facebook and Google, email addresses, read receipt indicators, phone numbers, and more. Access to the SMS messages would have allowed malicious actors to impersonate the receiver.”
To avoid exposing personal credentials for all to see, organizations should prioritize strong authentication protocols, especially when mass amounts of data are stored in a centralized repository. By adopting a standards-based approach, organizations will be able to prevent adversaries from gaining access to sensitive information—like that prized Christmas cookie recipe that your family keeps locked up for safe keeping.
With 2019 coming to a close, it's time for security pros to look back on the past year and learn from the biggest attacks. Organizations should begin prepping their defenses before next year's round of new threats emerge.
Want to keep up with the hottest news and trends entering the new year? Check out more of Merritt Group’s security blogs or contact us to learn more!