Key Takeaways from 2019 Cyber Data Breaches

Back to all articles

2019 Cyber Data Breaches

2019 has been a prolific year for both attackers and defenders. While new threat actors and APT groups have spun up and taken action across the globe, defenders have improved their resilience and self-reliance.

A few of the data breaches so far are going to have a lasting impact. Millions of individuals have had their personal privacy invaded, and their financial data apprehended. Enterprises across the spectrum of markets have been targeted even more precisely by threat actors looking for more than merely money. It has been a busy year full of cyber data breaches to learn from for sure, here are a few takeaways.

We can learn a lot the Capital One breach. First, determined individuals are still a threat, and can create the highest impact breaches. This attack was performed by an individual, Paige Thompson, a software developer. Next, security teams need to be aware of more than their specific enterprise. The initial point of compromise of this breach was a misconfigured web application firewall operated by a third-party contractor. As a defender, this is a very tough problem. How can our team defend what we don’t own from what is not targeting us directly?

A similar shade of this problem was noted in FireEye's M-Trends report for 2019, noting the issue of business management’s effect on security. Modern businesses are incredibly reliant on support technologies. As businesses grow, merge and acquire one another, technology stacks change, teams interact, and there is a risk of chaos being created from the shifting tides of technology choices. Capital One fell prey to an individual noticing this problem, causing the biggest breach of financial data in history. Other enterprises have suffered the same fate at the hands of cybercrime groups and APT’s.

My takeaway from this breach is about getting back to the basics. Hardware and Software asset management is key, even outside of your business context. While Capital One may not have operated or managed the compromised device, they needed to be aware of it, aware of its configuration, and aware of the threat to their network it posed. Another takeaway worth noting is cloud adoption practices. The WAF, in this case, was part of an AWS cloud environment. It is not safe to assume that this misconfiguration was the product of newness to cloud, but at the same time, it can serve as a reminder that this technology is new.

The Whatsapp and iPhone cyber breaches, on the other hand, show an even darker side of 2019’s breaches than clear monetary gain. Both Whatsapp and iPhone were compromised this year with the express intention of surveillance. The cybersecurity community often says that APT’s are after whatever is worth more than money. In this case, the APT groups that carried out these attacks have been tied to nation-state actors that have been questioned on a global stage about activities targeting their citizens. An Iranian group has been attributed to the Whatsapp breach, a breach that would be of a certain value to a nation-state with active social technology-driven populist protests. The iPhone breach has been tied to Chinese efforts to surveille Uighur Muslims. Several of the malicious links that led to compromise were hosted on sites specifically designed to target Uighurs. What can we take away from this? Advanced attackers are getting aggressive with mobile attacks and are willing to use trusted software to attack users.

The data breach of Epic Games’ account management for Fortnite and the subsequent abuse of thousands of user accounts is an interesting case in breaches exacerbated by public disclosure. Fortnite like many games today has a virtual market full of in-game currency, ie, something valuable. An old public-facing web page allowed for attackers to arbitrarily log into accounts without credentials. Knowledge of this page was shared publicly and flowed through the Fortnite and general gaming communities. Via youtube videos, attackers taught players how to compromise accounts and the activity became widespread before Epic Games responded.

Users are an asset, but they can also be a threat. In markets like gaming, where users are in a constant competition by the nature of the product, like Fortnite as a game, knowledge of an easy opportunity for advantage or abuse may be more tempting. It is also important to take away from this breach that a review of public-facing web pages should be done regularly.

2019 has been interesting. Gamers have attacked gamers. The Nation States are trying to watch individuals. And individuals are putting fists up to credit card companies. We’re an odd bunch here on this planet. For each of our businesses’ sake, we will do ourselves well to take care when adopting new networking technology, recognize and act to improve our ability to detect deception when clicking links on mobile devices and strive to manage technical assets wholly and completely.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo