The recent system breach of French IT company Centreon is another example of how important strong cybersecurity is and more knowledge on the space is needed.
Each week there is news of another hack or data breach happening at a major organisation. Worryingly, almost half of financial services firms have encountered a cyberattack since the Covid-19 pandemic began, according to research from HelpSystems. Furthermore, it claimed that 65% of large financial institutions had experienced a cyberattack in the past year.
Not all attacks are successful, but there are still a lot that are. In 2019, CapitalOne was victim to a major data breach, which saw 109 customers’ data compromised. Four months passed until the hack was uncovered thanks to a user of the developer community GitHub noticed someone posting about it. On top of the damages it would have experienced from the breach, the bank was hit with an $80m fine from the Office of the Comptroller of the Currency.
This is just one example of many attacks that are happening fairly frequently. Video game developer and publisher CD Projekt was hit by a major data breach last week, in which ransomware was installed onto their system and demanded millions of dollars for the compromised data to be returned. The data, which included source code for several games and internal business documents, was allegedly sold online via an auction.
Even cybersecurity companies themselves are not safe from attack. Cygilant revealed that it had experienced an attack late last year. The ransomware strain was believed to be NetWalker, a ransomware-as-a-service group, according to TechCrunch.
The threats firms face is still a major threat and more needs to be done to mitigate such attacks. As a result, firms are putting more money into their security infrastructure. Spending on critical infrastructure cybersecurity is expected to total $105bn in 2021, according to data from ABI Research.
The pandemic caused a lot of unforeseen challenges, with guaranteeing cybersecurity measures are maintained whilst staff work remotely among them. In those early days of getting employees working from home, it is estimated around 85% of CISOs sacrificed cybersecurity to quickly enable remote working, according to data from Netwrix. As pressures to safeguard systems continue to rise, here are five big cyberattacks from the past year.
Centreon hit by three-year long hack attack
The French IT company Centreon has been targeted by a three-year long hack attack, which enabled the actors to break into clients’ organisations. The Agence nationale de la sécurité des systèmes d’information (ANSSI) revealed the attack via a report, according to Reuters. While the name of the attack was not offered, it claims to have similarities with the Russian cyberespionage group nicknamed Sandworm.
Centreon came out to clarify the situation of the attack and stated it focused on obsolete systems that were more than five years old and are no longer supported by the company. The most recent version of its compromised system was initially released in 2014. In a post announcing the situation, Centreon said, “This version is not only no longer supported for more than 5 years, but has apparently also been deployed without respect for the security of servers and networks, including connections outside the entities concerned.” The company stated companies should follow ANSSI’s compliance on installing and securing software.
It is believed only 15 entities were the target of the attack, all of which are using the outdated system. Centreon claims that none of its customers have been impacted, but is contacting them all to ensure their systems are up-to-date and comply with ANSSI’s guidelines for a Healthy Information System.
Wawa payment data leak
At the start of 2020, US retailer Wawa revealed it had been victim of a hack that left payment data exposed for customers that visited its 850 store locations.
It was later found that criminals were claiming to be selling 30 million records from the incident. The information was allegedly put up for sale on underground marketplace Joker’s Stash, according to a report from KrebsOnSecurity. The data included card accounts from more than 40 US states.
This malware attack was identified on December 19th 2019, but the payment card processing systems are believed to have been exposed for nine months. Stolen data included credit card data, but Wawa claimed PIN codes and the three-digit security code on the back of cards were not leaked.
After the data was found for sale Wawa spoke to KrebsOnSecurity. It said, “We continue to encourage our customers to remain vigilant in reviewing charges on their payment card statements and to promptly report any unauthorised use to the bank or financial institution that issued their payment card by calling the number on the back of the card.
“Under federal law and card company rules, customers who notify their payment card issuer in a timely manner of fraudulent charges will not be responsible for those charges. In the unlikely event any individual customer who has promptly notified their card issuer of fraudulent charges related to this incident is not reimbursed, Wawa will work with them to reimburse them for those charges.”
SolarWinds attack likely compromised thousands of companies’ data
IT management software developer SolarWinds was the recent victim to a hack attack that left their software open to illicit players. The breach enabled hackers to access the SolarWinds software to access organisations. It is believed the incident could have left thousands of customers’ data exposed.
Those behind the attack were able to tap into the data streams of 425 of the Fortune 500, as well as several government agencies, a report from The Guardian claimed. It is not certain how big this breach is, but SolarWinds has more than 300,000 customers around the world. The U.S. Treasury and Commerce departments were among the many governmental agencies affected by the hack, The Wall Street Journal reported.
Cybersecurity firm FireEye uncovered the attack while investigating a breach of its own. It is believed the hackers were able to instal malware that was then in place in updates to SolarWind’s platform introduced between March and June this year.
Several of the sources speaking with The Wall Street Journal described the hack as “among the most potentially worrisome cyberattacks in years, because it may have allowed Russia to access sensitive information from government agencies, defence contractors and other industries.”
BancoEstado shuts down its bank branches following attack
Chilean bank BancoEstado was reportedly forced to shut down all of its branches following a ransomware attack last year. The financial institution informed customers via Twitter that its branches would remain shut, but the attack was not given as a reason. A source told ZDNet that the bank had been violated by the REvil ransomware, and was later confirmed by the bank.
The attack is believed to have stemmed from a malicious Microsoft Office document opened by an employee and allowed the attackers to gain a backdoor into the bank’s system. They then installed the ransomware onto the bank’s network.
Internal servers and employee workstations were left largely encrypted, the report claimed. ZDNet claimed BancoEstado had managed to limit the extent of the encryption by properly segmenting the internal network.
The bank stated ATMs, its website, mobile app and banking portal was not affected by the incident.
HMRC was hit with 11 ‘serious’ attacks
The UK’s HM Revenue and Customs (HMRC) reportedly reported 11 ‘serious’ data breaches during the most recent financial year. The extent of the attacks are not clear, but it could have affected over 23,000 people, according to a report from Verdict.
One of the personal data breaches experienced by the non-ministerial department involved an attack that left 64 employees’ personal information being obtained through three PAYE schemes. This data included their name, contact details, ID data. The attack impacted a total of 573 people.
However, not all of the incidents involved malicious external players. One incident occurred when incorrect details around national insurance numbers were sent out to 16 year-old children. Another blunder included paperwork related to an employee was left on a train.
Copyright © 2018 RegTech Analyst
