2022 has already brought with it multiple cyber attacks
As companies and security experts take stock of the implications of these breaches though, it’s important to take a step back to reflect on the lessons from last year.
In 2021, some cyber attacks, such as the Colonial Pipeline attack, dominated the media and conversations, whereas others were overshadowed by competing news, or simply brushed aside. What’s apparent though is that, whether they made headline news or not, many of these breaches deserve a second review, with most still holding key information to assist in the fight against threat actors.
I believe the three most significant cyber attacks from the last year which warrant a second look to be:
The Verkada breach: The dark side of IoT
With billions of linked devices and a huge attack surface, the Internet of Things (IoT) poses a serious cybersecurity dilemma for enterprises.
This weakness was exploited in March 2021 where hackers broke into Verkada, a cloud-based video security service. Using authentic admin account credentials discovered on the internet, the attackers were able to browse live feeds of over 150,000 cameras installed in factories, hospitals, classrooms, jails, and other locations, as well as access sensitive material belonging to Verkada software clients. It illustrated just how IoT devices, like sensitive network assets, are vulnerable.
It was eventually revealed over 100 personnel inside the company had “super admin” rights, giving them access to thousands of client cameras – highlighting the hazards of overprivileged users. Fortunately, the incident resulted in minimal damage, but things could have turned out much worse.
While the incident revealed how dangerous unprotected IoT may be, it also brought additional problems and fuelled continuing privacy disputes about how surveillance technologies should be utilised, how sensitive data should be retained, and how access to this data should be handled: such as bedside film of a hospital patient or proprietary manufacturing processes in action.
The Florida water facility attack: A widespread issue in critical infrastructure
In what could have been a very dangerous attack had it not been for swift remediation, a threat actor attempted to poison a Florida city’s water supply in February 2021. During the attack, the pointer on a local water plant operator’s computer screen began moving independently and accessing apps which controlled water treatments. As a result, the perpetrator allegedly increased the sodium hydroxide concentration in the water by a factor of 100.
After quick discovery and action to stabilise water levels, no damage was done. However, this highlighted the very real and major cybersecurity issues which still exist within critical infrastructure.
The public utilities industry is particularly vulnerable to threat actors for a variety of reasons. For starters, much of the infrastructure that governs industrial control systems (ICS) – the systems which support important services – was created in the 1980s and 1990s. The architects of these systems had to prioritise system availability and interoperability over security due to the critical nature of utility operations. Making them enticing targets for hackers.
Despite increased government and private sector spending on cybersecurity operations and maintenance, many utility companies are still failing to keep up with increasingly sophisticated and highly targeted attacks; and the stakes are high. As this event demonstrated, not only could public safety be compromised, but the risk of brand damage and substantial regulatory fines runs high.
The Twitch data breach: A lesson in least privilege access
Most recently, Twitch, a major video game streaming network, was the target of a possibly catastrophic data breach. Threat actors are said to have leaked the platform’s whole source code as well as 125GB of sensitive data, including top user pay out information, to “encourage greater disruption and competition in the online video streaming business.”
According to a statement, the situation was caused by a “system configuration change that allowed improper access by an unauthorised third party.” Misconfigurations like these are prevalent, especially in cloud-based setups, and can expose sensitive assets like source code and other intellectual property. Because of the cloud’s dynamic nature, traditional change control techniques for optimal configuration are extremely difficult.
While Twitch later said the incident did not result in the access or disclosure of user passwords or bank account information, privacy-conscious users were not waiting to find out. Global web searches for “how to remove Twitch” jumped by 733 per cent the day the news broke, hinting the platform’s popularity could suffer as a result of the attack. The incident brought to light the difficulties businesses confront when it comes to cloud security, as well as the need of least privilege access in minimising risk and fighting against both internal and external threats.
As cyber techniques evolve and threat vectors multiply, a glance back at the past can teach us crucial lessons to help the good guys win in the future. The cyber attacks of 2021 faded quickly from view, but the battle on the cyber front continues, and the more knowledge firms have, the better their chances of fighting back.
About the Author
David Higgins is EMEA Technical Director at CyberArk. CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.
Featured image: ©Frame Stock
