Posted by Trevagh Stankard on Thu, Feb 18th, 2021
In 2020, 37 billion data records were reported as a result of data breaches. Data breaches cost money, reputation, and time to rectify. And cybercriminals never seem to tire of creating sophisticated and complex attack methods to thwart security measures. Once lost, the stolen data then becomes the gift that keeps on giving, as the data is sold on to be used in a variety of further fraudulent acts. Positive security measures such as smart content filtering solutions can turn the tables on cybercriminals. By looking at recent data breaches, an organization can understand what measures are needed to make its cybersecurity posture positive enough to stop the flood of exposed data.
Analysis of a Recent Mega Data Breach
Nitro PDF is a service that is used to digitally sign, often sensitive, corporate documents and contracts. The company was the victim of a recent cyberattack that resulted in the breach of the personal data of over 77 million users. The company acted quickly and placed a notice on its website with some details of the breach and remediation actions.
However, it was by then too late, and a hacking group known as ‘ShinyHunters’, had placed the stolen data up for sale: These data included around 1TB of PDF documents, along with the data records of 77 million users, including names, email addresses, and bcrypt hashed passwords. The theft affected many large tech companies including Amazon, Google, and Microsoft. The attack on Nitro’s service was identified in September 2020. However, back in May 2020, Cisco Talos published several vulnerabilities found in Nitro’s “Pro” service, triggered via a user running malicious code, such as that found in many phishing websites or email attachments.
The ShinyHunters hacking group has been behind numerous attacks, including a breach involving Microsoft Private GitHub repositories. Since the attack on Nitro, ShinyHunters has been involved in several further breaches exposing almost 130 million data records.
ShinyHunters is not an isolated example. Individuals and groups alike are continuously hunting for weaknesses in an organization’s infrastructure to take advantage of.
The Long-Haul Fallout of a Data Breach
The methods used by hacking groups like ShinyHunters as well as individual cybercriminals, are various and can often be multifaceted. Techniques often involve phishing or spear-phishing emails that lead to stolen login credentials that can be escalated to privileged access of sensitive data and other resources. Other breach tactics include server misconfiguration vulnerabilities and poor security hygiene and credential management. This intricate web of connected techniques can lead to poor preventative measure effectiveness unless a smarter approach is used. Cybercriminals continue to run rampage over traditional security solutions like anti-virus software because it is not a proactive way to stop evolving threats. Groups, such as ShinyHunters, are fast-moving, changing their tactics to circumvent and evade detection.
Data breaches often only come to light days if not weeks or months after the data has been breached, thus compounding the issue of finding the correct cyber-threat prevention. During this time lag, cybercriminals exfiltrate data, collate it, filter it, place it on auction sites, and move it onto other fraudsters, who then use it to commit continued cybercrimes. Fraud such as identity theft and account takeover, are escalating, with the technique of ‘credential stuffing’ being harnessed to execute fraudulent account access and control. The result of lost data is far-reaching and long-lasting. Account takeover, for example, has been shown to have a serious negative impact on merchants as well as customers. In a recent survey of the impact of account takeover, 65% of customers would stop buying from a merchant if their account was compromised.
The theft of data creates a spiral of further cybercrimes that feed upon each other and make any more reactive measure defunct.
Real-Time Control of Data Breaches
Static (more reactive) approaches to securing data are almost a red rag to a bull when it comes to fraudsters. Unless an organization has a proactive cybersecurity posture, hacking groups will continue to run rampage across cloud services and beyond. Instead, an organization should use an approach that implements advanced and real-time measures to close the door before the digital horse has bolted. In the case of hacking groups such as ShinyHunters, the use of multiple techniques to hack cloud services makes it harder to detect and prevent cyber-threats. A combination of mitigative measures is the way to stop these attacks:
- Pre-emptive protection to stop phishing emails before they land in users' inboxes. An email and spam prevention solution prevents malicious emails from entering employee inboxes. Also, spear-phishing can be prevented by scanning emails in real-time and blocking the email before it hits a user’s inbox.
- Web-borne threat protection tools such as an HTTPS Content Filter checks that a website is safe and does not contain malware. The tools can also check if a site is a phishing site – if all is OK, a user can then be allowed to access the.
- The use of robust sign-in credentials, such as two-factor authentication, can help prevent stolen credentials from being used in account takeovers.
- Security awareness training across the organization can help prevent security hygiene issues, such as password sharing.
- Test a system for security weaknesses against the OWASP top ten web application vulnerabilities, which include areas such as misconfiguration of web servers and databases.
By using a pro-active approach to data breach prevention, the cybercriminal rampage across your enterprise services can be prevented. Read our ‘Guide to Data Breach Prevention’.
Protect your organization from cybercriminals and data breaches with WebTitan. WebTitan is an advanced web filter providing both protection from HTTP and HTTPS security threats as well as advanced DNS filtering. Start WebTitan Free Trial