The key takeaways from 2017’s biggest breaches

Published on 18 December 2017

Like many years before it, 2017 has seen a large number of high-profile cyberattacks. But what stands out this year are the sheer number of breaches that have originated from compromised accounts, third party software, or from hackers gaining privileged access to sensitive data.

With the year coming to an end, it’s worth looking at some of the biggest privileged account hacks of 2017, and identifying what businesses can learn from them to avoid such attacks in the future.

1. Uber

It was actually in October 2016 that two hackers obtained the login credentials to Uber’s Amazon Web Services account and made off with the personal data of 56 million customers. Instead of notifying those affected (as regulation demands), the ride-sharing giant covered up the breach for over a year, even offering the hackers $100,000 to quietly delete the stolen information. Needless to say, once it became public knowledge in 2017, Uber suffered huge reputational damage and potential legal action.

The lesson learned: Encrypt data held in public cloud servers, and notify those affected when a breach occurs.

2. NHS and WannaCry

A third of NHS trusts were disrupted by the WannaCry ransomware attack, resulting in thousands of appointment cancellations. While the progression of the attack was fairly complex, it happened because many NHS systems were still running unsupported versions of Windows, relying heavily on XP devices that were connected to LANs. This combination of unsupported old tech and unpatched new tech meant that the malware could move quickly through entire networks, causing outages as it went.

The lesson learnedMigrate away from vulnerable, unsupported older software at the earliest possible opportunity.

3. A top 4 accounting firm

It was discovered in March that attackers had been digging around the accountancy firm’s email servers from as early as October 2016. The attackers gained access to emails from a variety of its major clients through an admin account that gave them unrestricted access. What’s more, the hackers had had access for months without anyone even realizing.

The lesson learned: Your security strategy should include some kind of capability for actively monitoring privileged accounts and identifying suspicious behavior.

4. UK Parliament

In June, just under 90 email accounts in the UK parliament were compromised by a brute force attack targeting accounts with weak passwords. While the attack was successfully isolated and shut down, it was found that the breached accounts had failed to follow the official guidelines on password safety.

The lesson learned: Employee education and training on good security hygiene is crucial.

5. Equifax

The credit reference agency Equifax suffered a breach in May, during which attackers stole the names, social security numbers and other data of 143 million customers. Hackers exploited a vulnerability in the Apache Struts software, a third-party web development platform, and used it to gain access to Equifax’s network. Unfortunately, Apache Struts had issued a patch for this security gap in March, meaning Equifax actually had two months to address the risk and failed to do so.

The lesson learned: Regularly check for patches for third party software and install as soon as they are available.
To prevent these kinds of attacks in the future, businesses must not only understand the methods criminals use to compromise credentials, they must also understand the tools that help them protect against them. Our free whitepaper, “Understanding Privileged Identity Theft”, can help you better comprehend the threat. Download it here.

by Balabit

Balabit, a One Identity business, is a leading provider of Privileged Access Management (PAM) and Log Management solutions. Founded in 2000, Balabit has a proven track record of helping businesses reduce the risk of data breaches associated with privileged accounts.

share this article
Mitigate against privileged account risks
Get in touch

Recent Resources

The top IT Security trends to watch out for in 2018

With 2017 now done and dusted, it’s time to think ...

The key takeaways from 2017’s biggest breaches

Like many years before it, 2017 has seen a large ...

Why is IT Security winning battles, but losing the war…?

This is a guest post by Adrian Asher, CISO at London ...

“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”

– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser