When you think of October, you might picture pumpkins, sweets and scary movies. However, for many organisations this month, October has been frightening for all the wrong reasons.
Last year, Q4 saw a rise in the number of attacks increased by 7.2 per cent against the previous quarter, which was caused by a rise in the number of ransomware attacks after a decline in Q3. Will 2022 follow a similar pattern? Join us as we dig into October’s biggest breaches.
Microsoft
This month found Microsoft embroiled in a contested data breach, with the tech giant acknowledging a breach whilst calling into out the firm that reported the event and claiming inflated numbers.
Here’s what threat intelligence firm SOCRadar claims: several improperly designed cloud storage systems, including six big buckets containing information on 150,000 businesses in 123 different countries were found.
The company referred to these buckets as BlueBleed, and they contained an improperly configured Azure Blob Storage instance that allegedly had information on more than 65,000 entities in 111 different countries. SOCRadar deemed it “one of the most significant B2B leaks.”
In a heated statement published on the MSRC blog, Microsoft attacked SOCRadar and claimed that the threat intelligence company had “greatly overstated the severity of this issue.”
Although the extent and cause of this breach is currently unknown, it highlights the fact that even tech giants like Microsoft are susceptible to data breaches.
See Tickets
Customers have been informed of a serious breach of their financial and personal information that lasted for more than two and a half years by the world’s largest ticket seller, See Tickets.
The business said that it took a coordinated investigation with a forensics company nine full months following the original notice to completely stop the illicit activities.
When the company finally realised that customer credit card information had been hacked, it took them another eight months.
The evidence revealed so far potentially suggests the presence of card data-stealing “skimmer” malware on See Tickets systems during a 2.5-year period, even if the details of the incident have not yet been confirmed. Several years ago, a Magecart crew notably infiltrated the company’s adversary Ticketmaster in this manner.
Verizon
After multiple T-Mobile USA breaches this year, it is now Verizon’s turn to draw public outrage and cause significant alarm among its customers over its failure to protect those customers’ personal information from the mayhem-causing activities of “bad actors.”
One such “third party actor,” whose identity is either concealed or has not yet been made public, managed to hack “approximately” 250 prepaid wireless accounts.
Verizon alerted a number of customers that hackers had gained access to their accounts and were utilising SIM switching attacks to take advantage of the exposed credit card information. According to Verizon, the final four digits of the credit card that was used to make automatic payments on consumer accounts were accessed by a third-party actor.
In the weeks since, Verizon has moved to undo any SIM card changes that could have taken place, stopping the bleeding but not the reputational damage.
Medibank
This month, Medibank, the largest health insurer in Australia, disclosed that 100 of its 4 million clients’ sensitive health information had been taken by a hacker, who then requested payment to return the information. The thief possessed data on an additional 1,000 users, according to Medibank.
According to Medibank, the hack will probably cost the corporation at least $25 million and $35 million. This is because Medibank lacks cyber-attack insurance, and the anticipated cost does not account for customer compensation, regulatory fees, or potential litigation or other costs incurred by the corporation.
Although Medibank is in contact with the hacker, who acquired the compromised credentials from another hacker on a Russian cybercrime site, the corporation has not said if it will comply with any ransom requests.
What can we learn this month?
The word on everyone’s lips this month seems to be ‘ransomware’. While ransomware is not a new cybersecurity risk, it has recently drawn attention from the highest levels of government. People’s access to medical treatment, fuel for their cars, and grocery shopping were all impacted by ransomware – far from ideal in a cost-of-living crisis.
Ransomware is a real threat to organisations of all sizes, but it’s not impossible to stop. Here are the steps you can take to resist ransomware attacks.
How to protect your organisation against ransomware attacks
Maintain a defence-in-depth security program
- Having multiple layers of defence is a key best practice. Many data backup companies now have options for multi-layer backups which can protect your organisation.
Perform frequent backups of critical data
- Ransomware’s biggest target is data. By having reliable backups, the risk of losing data can be minimised.
Educate employees about the risks of social engineering
- Employees are frequently the main cause of issues when they click on phishing sites or other social engineering tactics, but risk may be considerably reduced with the right cybersecurity awareness training.
90% of successful data breaches result from phishing attempts, which continue to be one of the most destructive attacks against any organisation. Our affordable simulated phishing training program equips your staff to recognise and thwart phishing attempts before they cause harm.