Like many years before it, 2017 has seen a large number of high-profile cyberattacks. But what stands out this year are the sheer number of breaches that have originated from compromised accounts, third party software, or from hackers gaining privileged access to sensitive data.
With the year coming to an end, it’s worth looking at some of the biggest privileged account hacks of 2017, and identifying what businesses can learn from them to avoid such attacks in the future.
It was actually in October 2016 that two hackers obtained the login credentials to Uber’s Amazon Web Services account and made off with the personal data of 56 million customers. Instead of notifying those affected (as regulation demands), the ride-sharing giant covered up the breach for over a year, even offering the hackers $100,000 to quietly delete the stolen information. Needless to say, once it became public knowledge in 2017, Uber suffered huge reputational damage and potential legal action.
The lesson learned: Encrypt data held in public cloud servers, and notify those affected when a breach occurs.
A third of NHS trusts were disrupted by the WannaCry ransomware attack, resulting in thousands of appointment cancellations. While the progression of the attack was fairly complex, it happened because many NHS systems were still running unsupported versions of Windows, relying heavily on XP devices that were connected to LANs. This combination of unsupported old tech and unpatched new tech meant that the malware could move quickly through entire networks, causing outages as it went.
The lesson learned: Migrate away from vulnerable, unsupported older software at the earliest possible opportunity.
It was discovered in March that attackers had been digging around the accountancy firm’s email servers from as early as October 2016. The attackers gained access to emails from a variety of its major clients through an admin account that gave them unrestricted access. What’s more, the hackers had had access for months without anyone even realizing.
The lesson learned: Your security strategy should include some kind of capability for actively monitoring privileged accounts and identifying suspicious behavior.
In June, just under 90 email accounts in the UK parliament were compromised by a brute force attack targeting accounts with weak passwords. While the attack was successfully isolated and shut down, it was found that the breached accounts had failed to follow the official guidelines on password safety.
The lesson learned: Employee education and training on good security hygiene is crucial.
The credit reference agency Equifax suffered a breach in May, during which attackers stole the names, social security numbers and other data of 143 million customers. Hackers exploited a vulnerability in the Apache Struts software, a third-party web development platform, and used it to gain access to Equifax’s network. Unfortunately, Apache Struts had issued a patch for this security gap in March, meaning Equifax actually had two months to address the risk and failed to do so.
The lesson learned: Regularly check for patches for third party software and install as soon as they are available.
To prevent these kinds of attacks in the future, businesses must not only understand the methods criminals use to compromise credentials, they must also understand the tools that help them protect against them. Our free whitepaper, “Understanding Privileged Identity Theft”, can help you better comprehend the threat. Download it here.
With 2017 now done and dusted, it’s time to think ...
Like many years before it, 2017 has seen a large ...
This is a guest post by Adrian Asher, CISO at London ...
“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”
– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser