It has been a cat and mouse game between cybercriminals and network security for many years now. Security has improved leaps and bounds. But cybercriminals still attack at will. Here are some major heists in 2019.
The Big Breaches of 2019
January 2019: The Month of Data Breaches
Many big-time data breaches took place in January 2019. A breach involving the Blur Password Manager greeted the cyber world the day after the New Year. Hackers exposed a file containing account details of about 2.4 million Blur users. Two weeks later, on 17 January, a similar breach occurred at MEGA, the storage website. Hackers compromised a huge database containing one billion-plus email and password records. On 19 January, Cebuana Lhuillier, the Philippines based financial-services company, suffered a breach. Hackers accessed email servers and exposed sensitive information related to 900,000+ customers. The common thread running through these breaches were human error and carelessness. Negligence of security protocols exposed sensitive databases to attackers.
Toyota’s Two Major Breaches
Hackers now identify their victims upfront and launch targeted attacks. Toyota, the Japanese car major, suffered two breaches in February and March 2019. The hackers breached the company’s IT systems in Australia, Thailand and Vietnam. They stole sensitive data related to about 3.1 million people from the second breach alone. The attackers used APT32, an advanced persistent threat (APT). The jury is still out on the perpetrators. Industry sources point fingers at the OceanLotus, a Vietnamese hacking group.
Phishers Subvert Wipro’s Systems
On April 15, 2019, Wipro, the Indian IT outsourcing and consulting giant, suffered a major breach. Cyber attackers used Wipro’s systems as “jumping-off points” for phishing expeditions on its customers. The attackers used ScreenConnect, a remote access tool to compromise employee machines. They launched “zero-day” attacks, targeting vulnerabilities without patches. The attacks were a sequel to an earlier 2015 attack and reused the infrastructure of the previous attack.
The Citrix Breach
On March 6, 2019, the US FBI contacted Citrix, the corporation producing secure access software. The news was sombre – Iridium, an Iranian backed hacker group had hit the company. Hackers had bypassed the multi-factor authentication in place to access the company’s network. The breach was intermittent, between October 13, 2018, and March 8, 2019. The hackers stole with six terabytes of emails, blueprints and other sensitive documents. The FBI is still investigating the details.
Microsoft Email Services Data Breach
All this while, between January 1 and March 28, cybercriminals had access to email accounts ending with @hotmail.com and @msn.com! None other than the IT giant Microsoft had suffered a breach. The hackers gained access using a Microsoft customer support agent’s login credentials Microsoft claims the impact was only on “a limited number of customer accounts.” Disabling the hacked user credentials ended the breach!
How to Preempt the Breaches
Good network hygiene and basic security precautions keep most cyber attackers at bay.
Sound coding and testing practices pre-empt vulnerabilities. Downloading the latest patches prevents hackers from exploiting existing code vulnerabilities.
Enterprises running the code could keep most hackers at bay through various interventions:
- Installing sound antivirus and antimalware suites and updating it regularly. Anti-malware suite and robust security firewalls are the first lines of defence.
- Deploying two-factor authentication and other access controls, as part of a layered security approach.
- Deploying protective network monitoring over authentication endpoints accessible from external servers. The system looks out for abnormal activity and password spraying attacks. Significant increases in network inquiries, access, or slowdowns also raise red-flags.
- Implementing robust encryption. Encryption keeps cloud-based data secure, making it indecipherable to prying eyes. Installing Multi-factor access authentication and physical locks as additional enterprise-level security layers. Likewise, strong password hygiene and bi-metric access could preempt compromising user accounts.
- Periodic systems check. Routine checks unearth easy access points, back doors or risky privileges. Periodical review of active accounts may unearth user accounts slipped in by hackers, as it happened with Microsoft.
What’s in Store in 2020
All the above threats remain rife in 2020 as well. Cyberattacks increase in both sophistication and speed every year.
The proliferation of IoT amplifies existing threats and raise new ones. The popularity of the cloud prompts hackers to target cloud misconfigurations. Exploiting misconfigured firewalls allow hackers to breach cloud servers and siphon off data. The attack on Wipro is a portent of things to come in 2020. Cybercriminals will look to target the Remote Access Tools (RAT) used by service providers. They would commandeer RAT to launch devastating attacks.
One threat likely to gain ground in 2020 is cannibalizing IT resources for crypto-jacking. The attackers do not take the entire system hostage as in the case of ransomware attacks. They rather install crypto-currency mining software or DDoS bots by stealth. Such software works “under the radar”, consuming the victim’s processor cycles and electricity.
Artificial Intelligence identifies abnormal behaviour and makes systems more secure. But smart cybercriminals could manipulate weak AI algorithms to subvert security. Enterprising cybercriminals may also use AI to identify vulnerable systems.
Attackers are spreading their wings, and the stakes getting higher. But it need not be all doom-and-gloom. Enterprises that remain vigilant and make proactive interventions to pre-empt threats keep cyber-attackers at bay.