Looking back at cybersecurity in 2022, at least one thing is clear: the hybrid corporate network provides hackers with an expanded attack surface. As organizations continue to rely on cloud-based services and applications, malicious players are adopting increasingly sophisticated methods.
We’ve put together a rundown of this year’s most concerning data breaches. From extremely well-orchestrated attacks, to accidental data exposure – this list reflects the biggest threats and risks to today’s corporate network. We’ve also provided our insights on how to address the rising risks, and help companies protect themselves – and their customers – from malicious attacks.
On Thursday, September 15th, Uber confirmed reports of an organization-wide cybersecurity breach. According to the New York Times, the hacker gained access to multiple internal systems, including Slack, email, cloud storage, code repositories, and more. Following their investigation, Uber explained that a malicious player obtained an external contractor’s account credentials and performed an MFA fatigue attack to log into the account. This led to the hacker accessing other employee accounts, and gaining admin-level permissions for several internal systems and third party applications – including HackerOne, used for reporting on security vulnerabilities.
MFA fatigue attacks are a new and increasingly popular type of social engineering attacks, where threat actors that have obtained account credentials need to bypass multi factor authentication (MFA). They achieve the MFA approval by sending repeated MFA prompts to a user until they are granted access.
In August, communications giant Twilio reported that hackers had accessed data of 209 of its customers. The attackers breached the network by launching an SMS phishing – or Smishing – attack, sending employees messages impersonating Twilio’s IT team, requesting employees click a fake web address and provide their credentials. The hackers then used the employee credentials to enter internal Twilio systems and obtain sensitive customer data.
This phishing attack is concerning not only because of the high level of sophistication, but also because it allowed hackers to launch a potentially widespread supply chain attack. Some of the companies and applications reported to be affected by the breach include Authy, Okta, Signal, and DoorDash – to name a few.
In February Nvidia, the largest microchip company in the US, was breached via a phishing account. Infamous ransomware crew LAPSUS$ took responsibility for the attack, claiming it had exfiltrated 1 TB of data from the organization, and threatened to expose it if their requirements weren’t met.
It’s estimated that passwords and email addresses of approximately 70k Nvidia employees were compromised, and some have already circulated in the dark web.
In early 2022 SafetyDetectives revealed that it was reported that a Securitas, a top security services provider company, accidentally exposed close to 1.5 million files, or approximately 3TB of data, dating back as far as 2018.
The exposed data included employee personally identifying information (PII) such as names, photos, occupations, and national ID numbers, in addition to sensitive data from at least four airports in Colombia and Peru. Other critical data exposed included Exchangeable Image File Format (EXIF) photo data that included GPS coordinates, as well as time and date stamps.
A misconfiguration of an Amazon S3 Bucket caused the massive data exposure.
Amazon Web Services Simple Scalable Storage (AWS S3) is an extremely popular cloud service for storing large amounts of data, and a relatively popular vector for malicious players.
In March, French public health insurer Caisse Nationale de l’Assurance Maladie (CNAM) reported that malicious players stole the personal data of over half a million policyholders, including names, birthdates, social security numbers, and more.
The hackers obtained the sensitive patient data by compromising the email accounts of 19 healthcare professionals, to then login to the private insurance portal with credentials stolen from the email accounts.
Keeping the corporate network secure in today’s quickly evolving cybersecurity threat landscape is a challenge that IT and security professionals must address every single day. As attack methods become more sophisticated, so do cybersecurity strategies, practices, and tools. In order to stay one step ahead of the hackers, there are a number of processes and technologies that organizations can implement, and continuously improve as the challenges evolve.
Security awareness is key. Make sure all users are aware of the cybersecurity threats, and that they are mindful of where they are entering their credentials, or approving authorization requests – whether it’s via SMS, email, or voice calls.
The human factor is behind some of the most common exploit attempts. Employees need to be trained to be extra cautious when responding to messages, or when clicking on links, no matter how legitimate the sender seems to be.
This is an extremely important method to limit users’ access to the network. There’s no reason for Kelly from Accounting to have access to GitHub, and Angie from the Dev team shouldn’t have credentials to the payroll app. Users – both internal and external – should only be granted access to the applications and services that they need. This helps ensure that even if a threat actor gets their hands on someone’s credentials, access to sensitive company resources is limited.
Implement Device Posture Check (DPC) technology to ensure that all connections to the network comply with corporate security policies. DPC allows security and IT teams to define restrictions based on parameters like location, device type, and more. This will enable administrators to easily block non-compliant – and potentially insecure – devices from accessing the corporate network.
Ensure online safety with Web Filtering technology, as part of your Secure Web Gateway. With the right web filtering methods, IT and security teams can block risky sites, and prevent phishing attacks.
ZTNA, based on the Zero Trust principles of “trust no one, always verify”, helps organizations reduce risk by minimizing the attack surface, as well as users lateral movement. This makes it hard for malicious players to gain access to the network, and helps protect company resources and data.
In order to effectively implement Zero Trust strategies across an organization, it’s important to choose a solution that won’t slow down your IT and Security professionals, or your employees’ connection. Perimeter 81’s ZTNA platform is an easy-to-use, cloud-based solution that enables companies to provide quick and secure network access to its hybrid workforce, and ensure the organization’s sensitive resources remain secured – whether they are on-prem, or in the cloud.
Want to see how it works? Book your demo with Perimeter 81 today.