A cybersecurity threat is the risk posed by a successful cyber or Internet-based attack. A cyber attack is a malicious, intentional effort to breach an individual or organization’s systems. Cyber attacks can be carried out by professional hackers, amateur criminals, or automated tools. This article reviews the worst cybersecurity attacks of 2019, and offers protection best practices to help you avoid facing similar threats.
Worst Cybersecurity Attacks of 2019
Unfortunately, the number of cyber attacks has consistently grown in the past few years. You can learn about some of the worst attacks of 2019 below.
Blur
Blur, a password manager developed by Abine, announced a breach stemming from an unsecured server. In this breach, around 2.4 million users’ data was exposed. Data included encrypted passwords, password hints, names, email addresses, and IP addresses. The company’s response was to urge users to change their passwords and enable two-factor authentication.
Evernote
Evernote, a note-taking and productivity app, experienced an attack on it’s Web Clipper Chrome extension. This attack was accomplished by exploiting a flaw in the Evernote source code. It resulted in the exposure of data of at least 4.6 million users; the total effect of the attack is unknown. Data included financial information, private communications, and authentication information. Evernote responded by correcting the code.
Clinical Pathology Laboratories (CPL)
CPL, an independent lab company, disclosed an attack that revealed the data of 2.2 million patients. Data exposed included names, dates of birth, addresses, phone numbers, dates of service, treatment providers, and balance information. Also exposed was the banking and credit card information of 34,500 patients.
Hy-Vee
Hy-Vee, a grocery chain, reported a breach stemming from its point-of-sale system. This breach affected customers of its various restaurants, drive-through coffee shops, and fuel pumps. The breach was discovered by KrebsonSecurity, who reported that the details of 5.3 million credit and debit card accounts were put up for sale on the Dark Web.
Facebook announced a breach stemming from an unprotected server. The breach exposed data of more than 419 million users. This data included user IDs, phone numbers, names, locations, and genders.
DoorDash
DoorDash, a food delivery service, reported a breach that occurred due to an issue with a third-party vendor. This breach exposed the data of 4.9 million users, including customers, employees, and merchants. This data included employee bank account numbers, customer credit cards, driver’s license information, names, addresses, hashed passwords, and phone numbers.
Wyze Labs
Wyze Labs, a developer of smart home devices, reported a data leak caused by unsecured servers. The leak exposed the data of more than 2.4 million customers. The data included personal health information, access tokens, WiFi network information, camera names, email addresses, and usernames. According to the company, no passwords or financial information was leaked.
Cybersecurity Protection Best Practices
To avoid becoming a victim of a cyber attack, like the companies discussed above, there are a few best practices you should implement.
Multi-Factor Security
Although you can rely on a range of security tools to keep you protected, you are overlooking a significant gap in methods if you don’t enforce strong authentication measures. Multi-factor authentication (MFA) can markedly increase your security and help you address the following concerns:
- Evolution of attacks— criminals are constantly refining attack techniques and using a range of methods to gather credentials. These include keylogging, monitoring wifi traffic, brute force attacks, and phishing.
- Targeted attacks— although breaches of large organizations are what make the news, many smaller organizations are targeted since they often have weaker defenses.
- Data privacy—you have a responsibility to your clients, employees, and shareholders to keep stored data private and secure.
- Compliance—many compliance regulations require stricter standards of protection, including multi-factor authentication.
Despite its benefits, you may find it challenging to implement MFA due to lack of organization support, costs, complexity of deployments, and gaps in technical knowledge. Additionally, MFA can be seen as a hassle for users, making them resistant to adopting the practice or encouraging them to look for ways to bypass the system.
To overcome this, take the time to evaluate your systems and consider implementing MFA only for the most privileged credentials first. This gives you time to refine the implementation.
Encryption of Data At Rest
Much is made of protecting data-in-transit; this makes sense since in-transit data is more vulnerable. However, data-at-rest can also be vulnerable and needs to be protected. This data represents larger amounts of information and often includes highly sensitive documents. At-rest encryption can add an extra layer of protection to your data on top of any access controls or device security you’re already using.
By encrypting data at rest, you help ensure that even if your systems are breached, data is not readable by your attackers. It can help protect you in case of stolen devices, accidental credential sharing, and inadvertent permissions granting. It can also help prevent unintended access or modification from within your organization.
Incident Response Automation
Incident response is a strategy for detecting, identifying, and responding to possible security breaches. This includes any breach of policy or law affecting your systems and devices.
Fast incident response can help reduce or eliminate the amount of damage that is done by attackers and ensure that your systems stay functional. By automating incident response, you increase the speed and ensure that incidents are handled uniformly. This helps you ensure that your systems are protected 24/7 and can provide more comprehensive response.
Data Loss Prevention (DLP)
DLP is a set of strategies and tools you can use to ensure that your data is not stolen or lost. It can help protect you from breach, accidental deletion or modification, and hardware failures. DLP solutions can help you inventory and classify your data and ensure that compliance regulations are appropriately followed. This includes HIPAA, GDPR, and PCI-DSS. You can use DLP to maintain greater visibility of your data, including auditing access and tracking any transfers or modifications.
Endpoint Protection
Endpoint Protection Platforms (EPP) are tools you can use to monitor and protect your endpoints from malware, malicious traffic, and other security threats. Endpoints are any device on the periphery of your network, including smartphones, laptops, desktops, and open ports.
These platforms often include a combination of traditional security tools and Endpoint Detection and Response (EDR) solutions. EDR tools enable you to evaluate endpoint events and automatically block attacks. To keep you protected, these tools typically include machine learning, behavior analysis, whitelisting, and automation capabilities.
Conclusion
As networks become more distributed, visibility becomes an almost impossible task. You have users connecting from privately-owned devices and Internet of Things (IoT) devices that are not controlled by the organization. There are private clouds, multiclouds, hybrid clouds architectures that involve third-parties, as well as users connecting from any physical location of their choice.
This distributed nature is further aggravated by the increasing incorporation of open source components into commercial codebase. Vulnerabilities and everywhere. Cybercriminals, equipped with automation and smart intelligence tech, are making the most of every exploit they can find. To ensure the continual health of networks, organizations must leverage manual and automated monitoring, access control, and incident response mechanisms.
Author Bio
Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.LinkedIn: https://www.linkedin.com/in/giladdavidmaayan/
Cyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist & investigator. He is a cyber-security researcher with over 25 years of experience. He has served with the Intelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development of cyber security solutions. He has aided the government and many federal agencies in thwarting many cyber crimes. He has been writing for us in his free time since last 5 years.
