The latest cyber data breach headline is the Which? & Red Maple Technologies research. How has cybersecurity threats changed during Covid-19 and how can we mitigate risk?
The release of Which? & Red Maple Technologies research found that stolen Tesco Clubcard, Deliveroo & McDonald’s accounts are being advertised cheaply on the dark web. This headline is just another data breach from a large organisation in recent history. These breaches of cybersecurity seem to have taken an increase wince the first instigation of lockdown in 2020. How has cybersecurity defences changed throughout Covid-19, with remote working and restricted social rules during the global pandemic?
Rob May, Commercial Director at ramsac, IT support consultancy, a TEDx speaker and the UK Ambassador for cybersecurity for the IoD discusses exclusively for Security News Desk UK the best practices for securing your business defences in 2021 with Covid-19 heightening cyberthreats.
The usual suspects for targets of cybercriminals are the more prominent, or government, agencies. Yet, as malicious attacks are more often launched by opportunists, any business lacking a robust and sophisticated cybersecurity strategy is at risk.
A data breach of any scale is damaging, but uncovered by Verizon’s “2020 Data Breach Investigations Report” (DIBR), the cost and risk is usually much higher than most firms anticipate. This annual report, which feels the pulse of cybersecurity trends, reads the wider landscape of security threats for industries. The cost associated with cybercrime is, however, a growing risk. Record-breaking fines, plummeting share prices, and sky-high legal fees – these can jeopardise the financial stability and reputation of any business.
Just as threats are forecasted to multiply in 2021, awareness about cybercrime continues to build momentum as a sustainable and positive force, enabling firms to prepare for, and prevent, future data breaches. Yet there are even more tools available when it comes to fortifying your operation against data breaches.
Email phishing is saturating inboxes
The overwhelming majority of breaches in 2020 happened via email phishing attacks. This means that cybercriminals were exploiting employee inboxes to intercept, steal, and even alter critical (and often private) information. Employee inboxes provided an entry point for external crime, which was identified in the report as a common area of weakness amongst businesses. The kinds of harmful activity ranged from stolen credentials (including passwords) and financial information, to frauded invoices.
According to Verizon, amongst the most common types of crime was the use of password attacks, where a site or application’s logins were targeted for unauthorised access. This high volume of crime is from external actors – internal threats, though rising, are less frequent – and the most common gateways into a firm’s private data was through employee inboxes and old passwords.
A strong measure of vigilance married with policy will deter easy entry points for cybercriminals, creating more obstacles to prevent this type of cybercrime. A dynamic security strategy should identify these weak points and fortify them with routine password changes and by ensuring employees are familiar with the tells of a phishing scam – i.e. unfamiliar senders or suspicious requests for information.
Malware declines, but patching is still relevant
Malware, including ransomware, declined throughout 2020. This is likely the positive outcome of greater layers of protection, including anti malware solutions. Historically, this type of activity has been rife. Motivated by a desire to curb malicious influence on a business, the recorded drop-in ransomware incidents, according to Verizon, shows the importance of a patch process in treating system vulnerabilities.
Critically, as the report notices, layering protection solutions means that a firm can focus its attention on more threat varieties, rather than treat common ones that can more easily be discouraged by a basic security strategy and deterrent software.
Those who patch regularly are more fortified to emerging vulnerabilities; the likelihood of an attack is greater where a hacker can gain access in three steps or fewer. Anything more sophisticated, where a system is well defended, and threats are more easily discouraged.
Is artificial hacking intelligence a threat?
The dystopian forecast of a fully autonomous, highly intelligent artificial threat is over a decade away from production. Increasingly, the evolution of business is spurred by new and exciting technological advancements, including buzzwords like AI (artificial intelligence) and the more common ML (machine learning). AHI (artificial hacking intelligence) describes the exploitation of these autonomous tools in order to scout for deeper system vulnerabilities.
The possible mutations of AHI are abundant, especially where verifying authentic users from external actors can become problematic. The new boom of persuasively fake events, media and footage – known as deepfakes – relies on a troubling similarity between fiction and reality to puzzle our understanding of the truth. This application of machine learning has already been highly manipulative online and can mutate to rot our current security protocols. Authenticating users and devices, for example, could become more complicated than ever before.
It would be too convenient to anticipate the worst from AHI, but the early evidence from Verizon’s report shows how machine learning is curbing the influence of malicious attacks by identifying risk and treating breaches with prompt action.
Firms should not merely shy away from new tech, but should embrace it to more actively identify and manage wider system breaches, rather than rely on manual processes for frontline protection. As new tech becomes increasingly integrated, and encourages innovation in security programmes, the potential for a new ally in machine learning seems positive. The growth of new assistive technologies will promote greater control and regulation over data, allowing security to match, if not outpace, any developments in cybercrime.
Defence measures to master in 2021
The annual Verizon report is much more than a prediction: it is a credible and measured investigation on the changing landscape of security threats for many industries. The uncertainty of the moment, with new remote measures, has a greater capacity to innovate security, rather than undermine it.
Jeremy Hendy, CEO, Skurio
We welcome the fact that Which? and Red Maple are highlighting this problem. We see large quantities of loyalty card information being circulated on the Dark Web and dump sites – it’s an easy and lucrative way for criminals to make money from compromised credentials. If you’ve used the same password on multiple websites, all of those accounts will be compromised from a single data breach. You’re then only a keystroke away from letting the bad guys in, where they will empty your account of all those hard-won points and rewards. The breach of financial or personal data can also allow bad actors to assemble full identity packages for illegitimate purposes – some of which we have seen selling for less than $5 on the Dark Web in 2020.
With businesses like Tesco, McDonalds and Deliveroo holding data on tens of millions of individuals, it’s historically been difficult to detect breaches and leaks from those large, uncorrelated customer datasets. So, it’s important to routinely monitor exposed data outside the organisation’s network as it is critical to know it’s happened as soon as possible – and then act immediately. Early breach detection is a fundamental expectation of GDPR and companies who take a lax approach can expect to face growing regulatory fines.
Consumers should make sure they create strong, individual passwords for each of their online accounts or apps immediately as a precaution. The easiest way to do this is to use the ‘forgot password’ link, and then let their phone or browser suggest and store a unique password for that account. Even better is to use a password manager– the safest password is one that you can’t remember.
Paul Prudhomme, Head of Threat Intelligence Advisory, IntSights:
This is a significant breach but it is not unsurprising to find this type of data selling on the dark web for so little. Because this database is so huge, these cyber criminals will be able to make a significant profit off the data they have stolen. Passwords, email addresses and names have been stolen – information which can be used over and over to access other sites and sources, meaning further data breaches and further implications for the victims.
Not only are Tesco Clubcard customers heavily impacted, but so are Deliveroo and McDonalds, all of which are big names and all of which have probably seen an uptick in online users and sales due to nationwide lockdowns.
Cyber criminals thrive off popular, in-demand tools and applications so it is essential organisations are doing all they can to secure and protect the data they hold. Retail outlets need to ensure that they employ their security solutions to the fullest, applying context and real time threat intelligence to have full visibility and awareness of the same security parameters on any third-party application or systems they employ”.
Ziv Mador, VP, Security Research at Trustwave SpiderLabs
Consumers need to be mindful of their login credentials and account activity. Dark web monitoring services can help mitigate the effects of data breaches or leaks. From a consumer perspective, if criminals are found to be advertising credentials stolen from a particular company, the victim will be alerted and will be able to ensure that all compromised passwords are changed, as well as look into mitigation strategies such as enabling two-factor authentication (2FA) on their accounts.
Similarly for organisations, identifying stolen or leaked data on the dark web with enterprise-grade monitoring can help to confirm the scope of a breach or leak and aid with customer outreach and compliance demands.
Elisa Costante, VP of Research at Forescout
Connected cameras are supposed to provide an additional layer of security to organisations that install them. Yet, as the shocking Verkada security camera breach has shown, the exact opposite is often true. Worryingly, the attack wasn’t even very sophisticated and didn’t involve exploiting a known or unknown vulnerability. The bad actors simply used valid credentials to access the data stored on a cloud server
In this case, the bad actors have seemingly only resorted to viewing the footage these cameras have captured. But they are likely able to cause a lot more damage if they choose to do so, as our own research team has discovered. We were able to intercept, record and replace real-time footage from smart cameras by exploiting unencrypted video streaming protocols and performing a man-in-the-middle attack. This effectively gives criminals a virtual invisibility cloak to physically access premises and wreak havoc in the real world.
In fact, based on our own research, the Verkada cameras are in widespread use within government and healthcare, leaving those organisations particularly vulnerable to these kinds of attacks. The only way for organisations to adequately protect themselves is to ensure they have a comprehensive device visibility and control platform in place.
To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922