3 Cybersecurity Incidents And What To Learn From Them

Cybersecurity incidents are a fact of life. Love them (if you belong to the hacker community) or hate them (if you’re on the receiving end), they will not go away. The media tends to cover the high-profile breaches. But there are thousands upon thousands of them that go unreported. And an even higher number of data breaches is not yet detected in the first place.

Like it applies to our general lives, observation is one of the best ways to learn. Cybersecurity incidents, too, are here to teach us. And then it’s up to us to do our very best to prevent history from repeating itself. Thus, let’s take a look at three cybersecurity incidents as well as the accompanying takeaways.

The Vodafone insider breach

In 2013, an insider caused the Vodafone data breach where the perpetrator got away with the following:

• Birth dates
• Addresses
• Names
• Bank account numbers

The breach affected 2 million Vodafone customers. Passwords, phone numbers, and PINs, though, remained safe from harm, so the incident had a somewhat good ending. But data breaches don’t end well every time. Hackers can use the leaked data for all sorts of nefarious purposes, including constructing sophisticated phishing attacks. And if the phishing campaigns are successful, more of your information is on the line.

Speaking of Vodafone breach, it also helped that the German police had identified and apprehended the suspect on time. As it turns out, one of Vodafone’s subcontractors was to blame for it. The main problem was that this unauthorized individual had all the necessary credentials to conduct the breach.

Lesson: Third-party subcontractors may be potential malicious insiders

Paranoia is never healthy, but a small dose of apprehension goes a long way. Every third-party subcontractor is a potential threat. So you should avoid giving them full authorization. Assign on-demand access whenever necessary instead. Besides, two-factor authentication and temporary login credentials improve the cybersecurity of your organization.

Tip: Encrypt your sensitive files

Encryption software keeps the contents of specific files locked even if someone else uses your computer. Thus, using a secure file encryption software like NordLocker serves as an extra layer of security. A malicious insider would have to get a hold of two different keys to access whatever is inside.

The Yahoo breach

In 2013 and 2014, Yahoo sustained a massive breach. And the public found out about it only in 2016 – a couple of years after. Nowadays, many regard it as one of the most significant cybersecurity breaches of all time. In 2013 alone, the hackers managed to steal the following:

• Phone numbers
• Passwords
• Email addresses
• Names

This breach affected a whopping one billion users, with 500 million more affected the year after. To this very date, no one knows whether there’s a connection between 2013 and 2014 breaches. The investigation is still in full swing as there is still a bunch of questions left unanswered.

Lesson: Late discovery means more serious damages

The fact that such a massive-scale cybersecurity incident was only discovered in 2016 is frightening. On top of that, remediation costs get higher as well. Thus, it’s essential to keep possible security threats in mind and detect them before it’s too late.

Tip: Monitoring tools are your friends

A monitoring solution will allow you to see when something is not right and take action right away. It shows you what every user is doing at any given time, allowing you to notice any critical system changes as they happen.

The Dyn DDoS attack

During the Dyn DDoS attack, the DNS service of the company was taken down. Since major companies like Amazon and Twitter relied on it, it caused havoc all around the internet. As a result of the attack, their respective websites went offline. It caused heaps of lost customers and sales.

The attackers used a botnet of more than 20,000 malware-infected IoT devices to make such a grand-scale attack possible. Together they flooded the target with traffic that caused the denial of service.

How did that many devices get infected in the first place? The malware detected vulnerable devices that used common default usernames and passwords. Since a lot of the users don’t bother changing the default login credentials, it’s pretty easy to enslave them and use in a botnet. This particular botnet, the infamous Mirai, laid dormant until it was time to strike. Thus, it was next to impossible to detect them on time.

Lesson: Change the default login credentials

Don’t leave the default login credentials unchanged on your devices. You’re making it easy for the bad guys to take advantage of your carelessness. They can take over your IoT devices in no time.

Tip: Have a backup DNS provider

This way, you’ll be more resilient toward DNS attacks. Also, you can set up filters that will help you distinguish the real traffic from the fake one.

Conclusion

The real-world examples offer plenty of lessons to learn from. Take the time to study them, and the hackers will have to work hard to get past your defences.