Recent Security Breaches - SearchInform

Recent Security Breaches

24.10.2022

Back to blog list

Recent Security Breaches

Young generation exposes companies to security breach risk

A new Centrify study has examined the youngest generation of employees pose security risks to businesses. Raised in a digital world, younger employees have different expectations and attitudes toward the use of social media, digital apps and their work devices. However, security gaps are partly homemade. Every other young employee is said to have engaged in questionable online behavior at work, which includes the use of corporate computers, laptops and cell phones, for example, for computer games (28%), unauthorized applications (8%) and for sharing apps with colleagues (12%).

 

DIGITAL NATIVES APPARENTLY OVERESTIMATED

According to Centrify, the current findings are based on a survey commissioned from Censuswide. 500 office workers aged 18 to 24 and 250 decision-makers in the companies of various sizes and industries were surveyed. The aim was to find out whether the new generation of employees poses a greater IT security risk because, as "digital natives", they have a different approach to digital technologies and social media than older generations.

For example, 43% of the surveyed managers worried that the younger generation of employees would share social media posts that could damage the company, its reputation and security. Around 40% feared data privacy and confidentiality breaches, and 35% saw a risk that young employees would not comply corporate security requirements.

 

YOUNG EMPLOYEES AND MANAGEMENT NEED TO CATCH UP

Managers' concerns are justified. After all, more than a quarter (28%) of 18- to 24-year-olds surveyed said they only "occasionally" or "never" followed corporate security policies, even though two-thirds (66%) of companies had disciplinary procedures if employees violated one of the security policies.

Interestingly, companies themselves are doing little to improve their security and protect from breaches. A full 43% of employees surveyed said they had unrestricted access to all files on the corporate network. Only 13% would have to ask for permissions to access specific files.

 

CONVENIENCE AND CURIOSITY AS A SECURITY RISK

Although the risk of shared or borrowed passwords is giving more than half (53%) of decision makers sleepless nights, one-third (32%) of users are likely to create and manage their own password. In doing so, 15% used the same password on their work and personal devices, and 16% had not updated their password in more than a year. In addition, 15% of 18- to 24-year-olds admitted to sharing passwords with colleagues.

The ease with which the younger generation navigates the digital world may also pose other risks for security. For example, 50% of surveyed young employees said that if there was a problem with their device – such as a computer virus – they would try to fix the problem themselves.

 

YOUNG EMPLOYEES OF TODAY MAY BE LEADERS OF TOMORROW AND ZERO TRUST SECURITY

According to the European Union Agency for Cybersecurity, the number of ransomware attacks increased by 150% in 2021 and this trend will continue in 2022.

Threat actors have the best tools to carry out various malicious activities, and as organizations adopt new technologies, cybersecurity risks increase daily. Here are the top recent cybersecurity news stories.

 

Hacker group Lapsus$

The hacker group Lapsus$ has been attacking major companies such as Microsoft, Nvidia, EA, Samsung, Okta, etc. The security attacks led to many headlines about email security breaches and heavy losses for the companies.

Microsoft announced that the hackers stole source code of 37 GB for over 250 projects owned by Microsoft. Similarly, Nvidia became another victim of the hacking group in other recent email security news. The company preferred not to disclose what was stolen, but Lapsus$ claims it stole 1 TB of Nvidia hardware and software data. 

IcedID malware

IcedID, or BokBot, is a modular banking Trojan that targets financial data of users and serves as a dropper for other malware and credentials for online banking sessions. Then, it used the stolen data to control bank accounts and automate fraudulent transactions. 

Microsoft Exchange servers recently faced email phishing activity in which IcedID compromised PCs. A generated response to a previously stolen email was used to trick the victim into opening the attachment, which is critical because it makes the social engineering attack much more believable.

Recent email security news like this shows once again how much a large enterprise and its security can suffer without adequate protection.

Facestealer infects more than 100,000 Google Play users

Recently, a cybersecurity firm alerted the Google Play team to a malicious mobile application currently being distributed through Google Play. More than 100,000 users have already downloaded it. The hackers have injected an Android Trojan called "Facestealer" into the application, which uses social engineering to steal Facebook credentials. After that, they gain full access to victims' Facebook data, credit card details, private conversations, search queries, etc.

Malicious actors discovered using CAPTCHAs to bypass email security scanners

Another email security news story concerns the "Completely Automated Public Turing test to tell Computers and Humans Apart," also known as CAPTCHAs. A new phishing campaign has been discovered that uses CAPTCHA verification tests to bypass secure email gateways. Since CAPTCHA requires a human interaction to be solved, the phishing link hides from automated checks.

 

Conclusion

As you can see, 2022 was full of phishing attacks against large enterprises, malicious acts, data and security breaches. Companies need to assess cybersecurity and email security risks and stay up-to-date with the latest information to develop a cybersecurity strategy for today and the future.

Since the stakes are very high, here are recommendations for security teams.

1. Evaluate the current situation. Gather as much information about the security breach as possible. When a third party is involved in a compromise, it can be difficult to build a complete picture of what happened. Include multiple sources of information in your analysis, preferably including assessments from independent security experts, to gauge the scope of the incident.

2. Determine the approximate timeline of the security breach. News about a security event sometimes does not become known until weeks or even months after the attack event. To find as many IoCs (Indicators of Compromise, ed.) as possible, cast a wide net and determine a realistic period within which malicious activity may have occurred.

3. Take an inventory. You can't adequately protect what you don't know. Therefore, it is critical to get a complete picture of all the entities the provider serves in order to cover all the consequences of a security breach.

4. Review recent activity in logs and any alerts that have been triggered. Check the logs for any relevant changes in the system configuration within the previously identified timeframe. This will help you identify what could pave the way for attackers to enter your organization: new administrative users, elevated privileges, newly installed applications, logged-on devices, etc. 

5. Investigate any other changes that could enable redundant access. It is worth reviewing the current security settings to see if anything unusual has been changed.

6. Disable harmful changes. All detected malicious changes in the settings should be undone immediately. The details of the change should be recorded comprehensively to get a complete picture of the compromise and to be able to support further forensic activities.

7. Reset user passwords. If you suspect that individual user accounts have been compromised, it is advisable to request the renewal of all user credentials.

8. Reset keys and certificates in some circumstances. Resetting credentials of applications and services is usually a much more complex and labor-intensive activity than resetting passwords. Therefore, you should make sure that this step is mandatory before you start it. 

9. Revoke all far-reaching permissions from third-party providers. Some identity providers sometimes ask user companies for permission to access and change user settings. If the provider is compromised, it is advisable to revoke any access rights already granted.

10. Strengthen protection measures. Reviewing current security settings is another obvious step. A security-related incident is a good opportunity to review and improve your current security settings. 

11. Install a monitoring solution. Even a security solution that is optimally configured according to current standards is not immune to security breaches. To respond to incidents, you need an effective detection and response solution to monitor malicious activity and stop attackers from proceeding.

12. Develop and implement incident response plans. Ideally, you already have and are executing a plan to respond to an incident. Those who are not yet adequately prepared should use security incidents as an opportunity to implement a response plan.

13. Third-party audit. Once the dust has settled, it is a good idea to have a reputable security provider conduct an audit of your security measures. 


Employee monitoring ransomware Third party


Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.