More and more organizations suffer from large data breaches each year, resulting in brand-damaging news coverage. Although the news coverage is short-lived, the effects for organizations and consumers are long-lasting. Dealing with legal issues and investigations is expensive and time-consuming for organizations, and consumers have faced challenges with identity theft for years. Here are a few notable data breaches and fraud incidents for 2022.
Uber – Social Engineering and Two-Factor Bypass
Uber suffered a data breach in 2016 and again last year in September. A hacker announced the data breach in a private Uber Slack server, which was later reported and investigated. Uber later confirmed the data breach as a result of an attacker gaining access to a contractor's credentials. Although Uber enabled two-factor authentication (2FA), the hacker made continual automated authentication requests against the application using the contractor's stolen credentials.
A message was sent to the legitimate account holder's smartphone for every authentication request on the contractor's user account. The attacker used social engineering to convince the contractor to divulge the 2FA identification number after several automated attempts. From there, the attacker could access an internal consumer information database, bypassing 2FA protections.
Cryptocurrency – Blockchain Vulnerabilities
The cryptocurrency industry saw several scams in 2022, but blockchain technology powers cryptocurrency. Without getting into much detail, blockchain technology creates an immutable audit trail on a "chain" for every transaction. Every transaction is a block on the chain, and blocks cannot be modified. Blockchain vulnerabilities banked attackers about $1.4 billion by bridging separate chains in 2022.
Because cryptocurrency transactions aren't reversible, the stolen money is rarely recovered. Bridging vulnerabilities are the most common exploit on blockchain technology, and several investor-backed corporations were hit this year. Wormhole, backed by Wall Street investors, was the most significant loss this year, totaling $320 million from blockchain exploits. Other losses were $100 million for Harmony Horizon and $200 million for Nomad, both large investors in blockchain technology.
Microsoft - Social Engineering, Infrastructure Misconfigurations, Supply Chain Vulnerabilities, and Application Vulnerabilities
Big technology companies are considered the best at cybersecurity, but they also contain millions of records, which makes them high-risk but high-reward targets. Microsoft suffered from several data breaches in 2022 and 2021 stemming from various vulnerabilities, including social engineering and account takeover, misconfigurations of endpoint infrastructure, and vulnerabilities in their applications. SolarWinds, a third-party server logging application vendor for several enterprise corporations and governments, suffered from a compromise of their supply chain that affected Microsoft and others.
Some Microsoft data breaches only affected internal records, but others exposed millions of customer records. In 2022, almost 550,000 user records were exposed in 2.4 terabytes of data from an endpoint misconfiguration. The social engineering account takeover gave the cyber-criminal group, Lapsus$ Group, access to various application data, including Bing, Cortana, and others.
Los Angeles School District - Ransomware
Several schools and educational institutions suffered from ransomware attacks in 2022, but the most notable was the Los Angeles school district. Schools often need better cybersecurity strategies due to budgets and talent availability, making them good targets for attackers. An attacker extorts the school district out of millions of dollars with ransomware in exchange for encrypted stolen data. School districts with no backups are powerless against ransomware, so they often pay the price.
The Los Angeles school district is the second largest in the US, so disruption of services affected over 600,000 students across 1000 schools and 26,000 teachers. While students could still return to school after the Labor Day holiday, several applications suffered from downtime, including email, faculty computer systems, and applications. Although law enforcement is usually involved in ransomware attacks, the threats often come from cyber-criminals outside the US, and prosecution options are limited.
Cash App - Insider Threats
Financial institutions not only store customer data, but they also store valuable bank account and credit card numbers on darknet markets. Several money transfer applications have suffered from data breaches, and Cash App is no exception. In 2022, a former employee of Cash App Investing downloaded approximately 8.2 million user records. The employee had legitimate access to these records while working for Cash App, but poor user account management allowed the employee to download records after no longer being employed.
Cash App Investing announced the data breach soon after it happened, but they said it only affected US accounts with stock trading activity. The data downloaded did not include usernames, passwords, or social security numbers, but users were encouraged to change their passwords anyway and enabled two-factor authentication.
Protecting Your Data from Common Threats
The cybersecurity landscape changes every year as more corporations implement better defenses. Cybercriminals constantly develop new ways to bypass security defenses, so corporations must stay ahead of changes. The constant cat-and-mouse game requires scalable strategies to stop attackers even with zero-day exploits and newly developed threats.
Cybersecurity strategies must mold to the type of attack. For example, your strategy to stop phishing differs from eliminating account takeovers and automated authentication requests. Most of today's threats start with credential theft from phishing and social engineering and end with account takeover from bots that detect poorly secured user accounts. Here are a few ways you can help protect your users and application data from common threats:
- Educate users on the dangers of social engineering and phishing. Two-factor authentication stops automated attacks on applications, but social engineering can trick account holders into divulging the 2FA identification number used in the final step in account authentication. Users should know the signs and be wary of requests for their 2FA code.
- Penetration test applications. Blockchain vulnerabilities are difficult to detect if your developers are unaware of the common bypasses and exploits. Experts in penetration testing can uncover numerous vulnerabilities so developers can patch software before a data breach occurs.
- Review infrastructure configurations. Because of cloud resources, infrastructure is more vulnerable to attack if misconfigured. Exploits on misconfigured infrastructure are quickly becoming one of the more common threats to organizations. Large enterprises have thousands of moving parts in the cloud that must be monitored and maintained. One way to reduce the risk of a compromise from security misconfigurations is to have a third party review them.
- Implement email filters. Email filters with artificial intelligence are much better at detecting phishing links and messages than employees. Instead of relying on human intervention, your email server should actively see and quarantine suspicious email messages. One of the most common ways ransomware affects corporations is from an initial malicious email message, leaving data breach potential to human error.
- Monitor applications for suspicious automated activity. An attacker usually attempts authentication against more than one account. Unless the attack is narrowly targeted, bots iterate through thousands of credentials to find vulnerable accounts. Identification solutions such as Fingerprint can be used to detect bots and stop automated account takeover attempts.
To find out more about Fingerprint, try our demo or sign up to get started.