Top 2018-2019 Breaches and IncMan SOAR’s Breach Protection Technology

Back to all articles

Breach Protection Technology

Large-scale company breaches are starting to become a re-emerging trend with little end in sight. For 2019 it's still a little early in the game to experience the catastrophic breaches that we are still dealing with today that occurred in 2018. With the advent of digital currencies like bitcoin making it a universal method to unanimously barter and trade in illegal activities, the buying and selling of a companies' data and its employees' personal information have become a very lucrative construct amongst threat actors.

Image Source: Ponemon Breach Report 2018 I4XMWWCBsVkQrpvJ4CWxbDCgAPckvLGIPdJDWBMcSLVbQ0LGjULbIVOlIMr7IkCW4niR64uFNG6_pVysMuZMAalP7jY3xGczoVFhoZdjOGqDTKUzumcxa9LBMDifeDfF-DjEE4_u

Moreover, as the dark web and black market continue to rise in popularity because of their ease-of-use, availability, and anonymity factors, the means of acquiring company data and employee Personal Identifiable Information (PII) has never been easier. It is very likely that you have been hacked at some point in time during your life and if you own a Facebook account, use Uber, or are an Equifax member then you have definitely been hacked.

OPM Office of Personnel Management is a data center that houses the information for individuals that occupy a security clearance. Your security clearance level will dictate how in-depth your investigation is and how much PII is maintained.

For example, my current clearance level requires that my personal history date back 15 years and encompasses all personal information imaginable. OPM has been breached three times within the last 5 years so it is safe to say that anything that you could ever possibly want to know about my history can be bought on the dark web for less than $5. At the moment, the average cost to buy somebody's history and PII portfolio range between $3-10 on the dark web.

Common Breach Attack Vectors

Currently, there are countless attack types and attack vectors used to fulfill a breach. Additionally, these attack vectors that are used to successfully breach large-scale organizations are continually morphing in sophistication, while new types are being developed at the nation-state level on a daily basis. I will briefly mention a few of the common attack vectors that are currently being applied that will presumably remain foundational when it comes to companies being breached.

Improperly Managed or Non-Existent Threat and Vulnerability Management Program

  • One of the easiest methods to hack a system is by exploiting a vulnerability in an organization’s assets. I briefly touched on this topic during the Hacker Lifecycle Phases blogs in the ‘Scanning and Footprinting’ stage. If a proper Threat and Vulnerability Management (TVM) program had been in place, a large majority of the industries and companies that fell victim to the Wannacry ransomware attack could have been protected.

Seemingly, utilizing outdated operating systems that can no longer be patched creates a huge attack surface that has made a few people very rich. This will continue to be an effective method of breaching an organization because it will always be a struggle to justify the need to invest in security and validate the ROI.

Supply Chain Attacks

  • Supply chain attacks are another vector that has been successful in the past and will continue to be successful for the present and future. In 2013 Target suffered from a supply chain attack which cost the company nearly $20 million dollars. Most companies are dependent upon third-parties to help support their business model. For example, a company might outsource its logistics, operations, shipping, information technology, and even human resources to do their job. Oftentimes these third parties do not follow the best security practices and therefore introduce vulnerabilities into the companies they are working for.

As it becomes increasingly more difficult and time-consuming for hackers to infiltrate a network new methods are being invented to breach companies. From a supply chain attack perspective, an example might be a hacker implanting some type of malware into an update server that a company's employees must employ to obtain they're patches or updates. Henceforth, not only are they getting the update they needed but they are also getting some type of malware family as well.

Insider Threats

  • Any seasoned cybersecurity professional will tell you that the greatest threat to any company is its own employees. There are various reasons ascribed to this but the main culprit is that the employees have direct access to data or information on a daily basis. It could take anywhere from days to years for a hacker to infiltrate a company to gain access to this information that a new hire would be able to obtain within a matter of hours or a couple of days.

The industry and organization will dictate the type of intelligence he or she seeks, but some universal examples might include source code to proprietary software, trademarked secrets, patents, sales and marketing data, and intellectual property.

Moreover, rogue employees also known as moles will work for a company to merely perform reconnaissance work linked to employees and daily operations of the company. There are multiple classifications of insider threats that span far beyond this blog but for simplicity sake, I will break it down into two main categories which are malicious and non-malicious insider threats.

Malicious - Will perform and initiate actions that are intentional and ill-disposed in nature. Edward Snowdeon and Chelsea Manning are two prime examples as to what defines a malicious insider threat. Moreover, malicious insider threats usually have some type of vendetta with the company and try to sabotage it through whatever means possible.

Non-Malicious - From a lack of understanding and knowledge on the underlying basics of cybersecurity hygiene, employees unknowingly perform actions that have resulted in a compromise leading to a potential catastrophe. An example might be a new employee who doesn't understand the security practices of the company and chooses to go to gambling sites or other websites deemed inappropriate that could introduce a host of malware families into the network.

Top 2018/19 Breaches

Although it's still early in the game to mention any epic 2019 breaches, there have been a few major breaches worth noting. Let's quickly recap on two breaches that occurred in 2018 that are arguably considered several of the biggest breaches in history to date:

Noteworthy 2018 Breaches:

  • Equifax - An incredibly damaging event that could have been completely thwarted if not mitigated had the proper security modifications been enforced. Routine security system audits identified vulnerabilities that if exploited would result in catastrophic compromises. Unfortunately, these vulnerabilities were never fixed and this resulted in nearly 150 million user profiles being leaked. The majority of the information included your basic PII data such as social security numbers, phone numbers, addresses, gender, drivers license, and payment card info just to name a few.

  • Cambridge Analytica - In part due to poorly written API calls developed by Facebook, used for scraping data on its users was exploited to the fullest causing excessive damage worldwide. The overall impact of this breach resulted in roughly $134 billion dollars in lost revenue and more than 2 billion user profiles scraped and released to the public for the right price.

Noteworthy 2019 breaches:

  • Fortnite - For all you gamers out there I am sure that this breach does not come as any surprise. Reports on the incident indicate that there were several epic vulnerabilities that where later exploited. Once exploited, this granted the criminal with access to all of the account information to any of the players. There are currently 80 million Fortnite account holders that may have been hacked.

  • Oklahoma Department of Securities - the Department of Securities was hacked late January of this year resulting in a slew of incidents. Classified information pertaining to FBI investigations, criminal cases, and all of the PII associated with those cases. This compromise could have been easily prevented if conventional procedures were followed.

Foundational Security Requirements

Unfortunately, there is not one single security tool that can solve all of our cybersecurity concerns. To effectively protect your home network, company, and depending on what type of industry the organization resides in, it is imperative to combine numerous security appliances and practices to uphold security depth/breadth. I will list a few security practices that are highly underrated and yet should be the capstone to any robust cybersecurity assurance.

User Awareness Training

  • All companies should have mandatory cybersecurity and network usage policy awareness training for all employees from CEO level and down. Sadly, a large number of security incidents that occur are attributed to employees not following the basic fundamentals of proper security hygiene. As mentioned earlier the greatest threat that any company faces is its own employees and that's why conducting mandatory training on a minimum quarterly basis should be an obligatory occurrence.

Threat and Vulnerability Management

  • As expressed earlier the value of a solid TVM cannot be underestimated. A significant amount of cybersecurity attacks both large and small could be avoided through the implementation of a TVM program.

Essential Security Tools

  • As the saying goes, “When the only tool that you have in your toolbox is a hammer, every problem looks like a nail.” It is imperative to incorporate the right security tools when it comes to defending against certain malware family attack types. Moreover, it's equally, if not more important to ensure that the tools that are being used are properly configured to produce the most optimal results possible.

This small list only scratches the surface when it comes to all of the security measures that should be exerted to adequately protect an environment. However, it is foundational that these listed precautionary measures are implemented when building out an information security program.

IncMan SOAR’s Breach Protection Technology

IncMan SOAR technology will drastically reduce the impact your organization will face in the event that they are victim to a breach. It is not a matter of if but a matter of when. DFLabs’ specially crafted Playbooks and Runbooks designed specifically for your company and its needs will incorporate your company's current security tools and generate automated an orchestrated functionality for optimal protection.

The Runbooks that will be created will eliminate any guesswork on what actions will need to be taken in the event of a compromise. Moreover, strict guidelines are incorporated to adhere to any special compliance measures like GDPR, HIPAA, PCI, and SOCII. Additionally, IncMan SOAR supplies a very complete ‘Timeline’ feature that could be used in a court of law as evidence if required.

In Summary

This concludes our breakdown on the current status of breaches within the cybersecurity realm. Even though the large-scale breaches that we have witnessed within the last few years have been on a steady decline they have come back with a vengeance. Thankfully, with the right training, user awareness, security tools, and security automation the majority of breaches can be circumvented if not completely stopped altogether. The reliance on SOAR technology, such as IncMan SOAR from DFLabs, provides the assurance that all of your security tools and appliances are providing the essential measures in an automated fashion to sustain the needed security posture of your organization.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo