Another Day. Another Hack.
- Published: Tuesday, March 9, 2021
Breaches, stolen credentials, ransomware. Somewhere in the world it's happening. Stories like these hit the news multiple times a day. Let's take a look at some of the recent popular attacks, how they do it and how it can be prevented.
Water Treatment Hack
Last month a water treatment facility in Oldsmar, Florida, experienced a breach of their system. The villain gained access to the system and increased the amount of lye in the water system, elevating it to dangerous levels. Fortunately the hack was stopped immediately and no damage was done.
Poor configuration of remote access software and Windows 7 (end of life) hardware led to the breach of the system. Although it is not known, or not reported, who the crooks were, it could be a malicious insider who initiated this hack.
eCommerce company, Yandex, experienced a data breach in February, compromising almost 5,000 accounts. In this case, an employee with elevated privileges gave unauthorized access to attackers. It is suspected that the employee was seeking personal gain by selling access to users' mailboxes.
Half of the reason for insider threats is due to the access controls set forth in an institution. It is a huge challenge for IT to distinguish between normal and unusual behavior. Controls that use the concept of least privilege can help to prevent these types of attacks. Role-based access that allows employees to access only the data or systems they need can also prevent an insider threat. Insider threats can be purposeful or accidental. That is why it is critical to maintain access controls.
Ransomware, a malicious form of malware, will seize your device and worm its way through your network, delivering poisonous code, harvesting sensitive information and encrypting data. It can render a user's computer unusable and data unaccessible until a ransom is paid to the attackers. Ransomware can be extremely destructive and disruptive. Not only can systems have blocked access, but there is also the risk of stolen data.
Technological controls can obstruct some ransomware infections. However, end user education is key in recognizing the potential risks associated with online behavior. Offline backups are a crucial component to your defenses should you fall victim to this assault.
Threat actors seek vulnerabilities in systems. Outdated hardware, software and poorly secured remote access provide ripe atmospheres. End-user training can help employees recognize the threats and condition them on how to take action.