Ever since the major Target data breach in 2013, it seems like every year has been dubbed “the year of the data breach.” Even as cybersecurity budgets increase, attackers are finding creative ways to bypass advanced defenses to achieve their goals.
The fight to defend against advanced attackers might seem impossible to win. But when you look back at some security incidents, you can see that many attacks were entirely avoidable— had the proper systems and strategies been in place.
These six 2018 security incidents illustrate why the World Economic Forum listed cyber attacks as a top risk for businesses in all industries. The worst part? With the right approach to endpoint security, they could have been avoided.
1. Spoofing in the education sector
Universities and school systems have long had a reputation as easy targets for cyber attackers. Their IT infrastructures are complex and they often lack the internal expertise to proactively address vulnerabilities and threats.
The education sector is reporting more attacks than ever, with incidents increasing 43% in 2018. Iranian threat group Cobalt Dickens targeted these vulnerabilities with an intricate campaign aimed at stealing student login credentials.
In August 2018, researchers uncovered the campaign, which was using URL spoofing techniques to build fake login pages for 76 universities in 14 different countries. Students would enter credentials on the fake site before being redirected back to the real university website.
Because the threat was launched outside of the network perimeter, attackers could steal credentials before a university’s firewall could block malicious activity. User awareness is essential for avoiding these threats. However, advanced endpoint protection solutions like URL filtering and browser isolation can help universities block spoofed web pages and add another layer of protection for students.
2. Internal breaches in financial services
The financial services industry holds large volumes of valuable customer data, making it an attractive target for attackers. The volume of data breaches in this industry increases each year and, at $206 per stolen record, compromised firms face more costly consequences than those in most other industries.
As a result, some employees in financial services launch internal attacks, collaborating with external cybercriminals to cash in on valuable customer data. One employee at SunTrust tried to steal the data of 1.5 million customers by printing information like PIN numbers, user IDs, and passwords for a malicious outsider.
Just because the information was printed to hard copies doesn’t mean it’s not an endpoint protection issue. Network-connected printers are also endpoints, meaning that even relatively low-tech attacks like these could be stopped with more effective activity monitoring and real-time notifications.
3. Phishing for patient records in healthcare
Much like the financial services industry, healthcare has been a high-profile target for attackers due to the value of patient records. When ransomware attacks exploded, healthcare was the prime target, contributing to the 70% increase in data breaches in this industry between 2010 and 2017.
In April 2018, UnityPoint Health suffered its second data breach of the year and notified 1.4 million patients that their records may have been compromised. Attackers launched a targeted phishing campaign against UnityPoint employees and were looking to exfiltrate payment data for both vendors and payroll.
One key to minimizing the chances that this type of attack will happen again is security awareness training for employees. Training can cut down on human error, but must be bolstered by secure remote access solutions, two-step user verification, and strict access controls across endpoints.
4. Ransomware targets government networks
When the World Economic Forum named cyberattacks as a top business risk, leaders called on global governments to collaborate and build stronger defenses. However, the fact remains that many government IT infrastructures and cybersecurity solutions are struggling to keep pace with the expanding threat landscape.
This weakness was on display in March 2018, when the City of Atlanta fell victim to a ransomware attack. Just months before the attack, an audit found nearly 2,000 vulnerabilities in the Atlanta government’s IT infrastructure. The attackers were able to use SamSam ransomware to brute-force their way into the network without being detected by anti-virus.
While there are a number of ways for SamSam ransomware to compromise a network, one entry point is vulnerable remote desktop protocol instances. With stronger endpoint protection in place, the Atlanta government could have resolved many of the vulnerabilities that led to this data breach.
5. Critical vulnerabilities for telcos
Telcos house some of the richest customer datasets in addition to operating critical infrastructure. This combination makes major communications providers prime targets for government-sponsored attackers and other international groups.
The August 2018 T-Mobile data breach, which impacted 2 million customers, gave international attackers access to a significant amount of personal data as well as a set of encrypted passwords.
Not many details have been disclosed regarding this attack, but company spokespeople said attackers gained access to company data through a vulnerable API. Whether by firewall failure or some sort of access mismanagement, endpoint protection issues helped attackers compromise this vulnerable API and launch the larger data breach.
6. Vulnerabilities of cloud computing and its providers
Even the most traditional companies and industries have had to adapt to new cloud computing norms. But the agility, flexibility, and cost-efficiency of cloud computing comes at the cost of on-premises security and control.
Cloud computing introduces new vulnerabilities to traditional networks. In addition, cloud computing providers can be compromised by the same endpoint protection missteps as any other company. In July 2018, photo app Timehop suffered a data breach impacting 21 million users. According to the company, attackers were able to infiltrate the network by stealing credentials for an account that didn’t have multi-factor authentication in place.
With so many endpoints extending the edge of your network, it’s more important than ever to ensure multi-factor authentication is in place to prevent breaches.
Endpoint protection requires multi-layered security
The only way to avoid data breaches like the ones listed here is to go beyond traditional security strategies that focus on the perimeter of your network.
No matter the industry, the best way to avoid data breaches is to take a multi-layered approach to security that includes endpoint protections such as:
Traditional firewalls and anti-virus software as a foundation
Strict access control procedures and segregation of duties to avoid single points of failure
Multi-factor authentication for all user accounts and across all endpoints
Whitelisting known-good accounts to improve user experience without sacrificing protection
Remote access solutions to safeguard the remote desktop protocol that attackers often try to compromise
Zero-trust security technologies that harden systems against malicious activity
Advanced security event log management to pinpoint root causes of attacks
Strong user management systems for centralized control over endpoint usage.
As the threat landscape grows, attackers become increasingly sophisticated, and your network of endpoints expands, multi-layered security strategies give you the tools necessary to create blanket protection across your organization.
Don’t let your network become a system of single points of failure and ineffective security solutions. Adjust your security strategy for more effective endpoint protection.
Ilan Paretsky is Chief Marketing Officer at Ericom Software and is responsible for the global marketing activities of the company. Prior to joining Ericom in 2005, Mr. Paretsky held various leadership positions in marketing, business development, project management, and software development in the global software and telecom industries.