We all like to pretend that our data is safe and sound. Whether it’s an individual entering their credit card information for an online purchase or two employees sharing confidential information from offices around the world, it’s scary to think that the data being sent across the internet could be intercepted or stolen from the database’s stored in. Unfortunately, even with the most modern cybersecurity tools and methods, we still regularly hear about major security breaches for most people’s liking.
Even now, data breaches continue to be commonplace. Fortunately, we can often learn from these breaches and take steps to prevent new ones. Usually, a data breach brings to light a backdoor or other vulnerability that quickly gets patched, blocking that avenue of attack. That’s why it’s important to know about the most recent cybersecurity breaches. You can’t learn from them if you don’t know they occurred. Here are some of the most significant cybersecurity breaches in the past 12 months (September 2021 to mid-September 2022) and what they revealed about the companies affected.
The LastPass Hack Shows How they Learned from the Past
On August 25, 2022, LastPass announced that they had been the victim of a security breach. This immediately sent waves of panic through the 25 million people who used the company’s password storage vault. They feared that the usernames and passwords they stored with LastPass were compromised. Fortunately, that wasn’t the case. However, before anyone could breathe a sigh of relief, LastPass revealed what was stolen: proprietary technical data and “portions of source code.”
In some ways, this is much scarier than if the hackers had just stolen usernames and passwords. While LastPass hasn’t released any more details about what was taken, it is possible the source code that was stolen could reveal additional avenues of entry into the company’s databases. Of course, it’s also possible the stolen source code won’t be too helpful, and LastPass may be able to modify the in-use code to make the stolen information useless.
LastPass made the news back in 2015 when they were also victims of a hack. They did recommend all users change their master password after that attack, but they have not done so this time. The company seems certain that no customer information was accessed. This shows that they likely did increase their security in 2015 to better protect customer data, as they should have. They learned from that breach, just as they will hopefully learn from this recent one.
Even huge companies that you would expect to have the best cybersecurity around have fallen victim to breaches. In March of 2022, Microsoft was attacked by a cyberterrorist group. The hackers claimed that they had compromised a number of Microsoft products, including the Bing search engine and Cortana personal assistant. Some data was stolen, but Microsoft later reported that no customer information was compromised and only a single internal account had been affected. They also stated that their cybersecurity team quickly detected the attack and moved to stop it.
The fact that a hacking group was able to penetrate Microsoft’s defenses at all left many people shocked. However, while most breaches damage the public’s trust in the company, this breach actually had the opposite effect. Microsoft’s security team was praised for how quickly they deployed their defenses and locked down data. This case is a great example of why 24/7 activity monitoring is vital. Had Microsoft not been actively monitoring its network for strange behavior, it may not have noticed the breach until greater damage had been done or customer data compromised.
The Red Cross Hack Shows that Even Nonprofits Aren’t Immune
When people think of likely targets for cyberattacks, they usually think of retailers, credit card companies, and others who have financial information that hackers could use. Others think of companies with extensive databases of private information that could be sold. Few think of nonprofits. However, many nonprofits do fall into the second category.
The Red Cross attack of January 2022 showed exactly how much data large nonprofits have. The organization stated that over 515,000 people who had worked with the red cross had their personal information accessed. Specifically, the hack targeted those who were part of the Restoring Family Links program that helped those separated by violence or migration find each other.
Red Cross cybersecurity experts were forced to temporarily take the organization’s servers offline in order to protect other information and remove all access. Unfortunately, the exact identity of the hackers hasn’t been determined yet. Experts determined that the hackers had accessed the system months before it was discovered, and they could trace the breach back to November 2021.
This hack, like the Microsoft one, highlights that monitoring your systems is vital and illustrates how a single vulnerability in a single module can leave your system wide open. Had this vulnerability been located before, the attack would not have been as successful if it had succeeded at all. Software needs to be updated as soon as new patches become available, especially if those patches address security issues.
While hackers are often anonymous people out to simply make some quick money or damage a company for fun, sometimes they have a personal vendetta. That was the case in April 2022 when Cash App was attacked by a person who had previously worked for the company. This employee accessed customer data, including their stock trading portfolios, account numbers, and more.
In total, over eight million people were potentially affected, though Cash App quickly stated that the former employee could not access any login credentials or passwords. Much of the information that was taken had no identifiable data with it, meaning that while the hacker may have had stock portfolio values, they had no idea who those portfolios belonged to.
What can we learn from this attack? One takeaway is that while many attacks do come from the outside, it’s also possible for cyberattacks to originate from within the company or from those who have recently left. Cash App didn’t say if the employee hacked into the system or still had access to their account. If it was the latter, then Cash App failed to properly remove the employee’s access. This happens more often than you’d think, with as many as 25 percent of all former employees having access to companies they previously worked for, at least for some time after they left that company.
When employees leave, your IT department needs to terminate all accounts immediately. This includes email, slack, Microsoft Teams, and any other access the employee had to internal systems. Even if the access seems highly restricted or is to a tool that doesn’t seem important, don’t risk it, especially if the employee didn’t leave voluntarily or on good terms.
The GiveSendGo Hack Wasn’t for Any Sort of Financial Gain
While many cyberattacks are driven by financial gain or revenge, some are political in nature. GiveSendGo, a fundraising website, was attacked in February 2022 by people who were protesting the Freedom Convoy. This convoy was made up of truckers in Canada who were raising money to back their political movement during the pandemic. The hacker redirected the website to one of their own, a type of attack known as a Distributed Denial of Service or DDoS attack. They also stole and published information for more than 90,000 people who had donated to the cause.
What did the hackers want? In this case, they didn’t try to sell the information they stole or access any financially sensitive information. They simply wanted to make a political statement in opposition to the Freedom Convoy.
Suppose you’re a nonprofit, politician, or business executive who has made statements or publicly taken a stance on a divisive topic. In that case, you have to be aware that you could be attacked for that stance. Even if it’s not a division topic, someone could still disagree and attempt a DDoS or another form of cyberattack on your servers. Taking measures to protect yourself if you have any sort of public standing or following is just as important as if you were running a business, especially if you’re a high-profile individual or hope to become one.
What Can You Do to Protect Yourself?
Protecting yourself from cyberattacks starts with acknowledging that they exist and recognizing that you must take cybersecurity seriously. Out of the examples of recent hacks, you want to be like Microsoft—able to quickly detect and address attacks to limit how effective they are. You can learn something from all these hacks, which will help you build better defenses and prepare better disaster recovery plans.
You can build those cybersecurity defenses by reaching out to Wooden Spoon IT. As a managed IT services provider, we have years of experience helping companies build cybersecurity systems. We will help safeguard your sensitive data while proactively monitoring your network for suspicious activity. We can also help streamline your networking processes and boost your efficiency. Reach out to Wooden Spoon today to learn more.