The LastPass data breach. Ransomware on The Guardian and Royal Mail. Hackers exploiting the platform CircleCI with zero-day malware.
January is not even over and major hacking incidents or the aftermath of last year’s exploits have already been headlining the news.
Some malicious cyber activity took place in December that has been discovered now or not yet remedied. Other major cases such as Royal Mail are still ongoing.
What can others learn from these major incidents and how can endpoint security, anti-ransomware solutions, and phishing prevention aid companies to secure their most valuable assets?
Royal Mail: Long Road to Recovery After Nightmare Ransomware
The type of malware that encrypts files to demand ransom (mostly in crypto) in exchange for regaining access to documents is known as ransomware.
Behind these major cases are malicious ransomware groups such as LockBit, Black Cat, and Hive. Most of them operate from Russia due to a lack of sanctions for this type of criminal activity in the country.
On January 10, Royal Mail, the major British distribution service, was targeted with ransomware.
A member of the ransomware gang LockBit has confirmed that they are behind this damaging cyber attack.
The aftermath of the hack is still ongoing and sending or receiving international parcels has been disabled for a week. The company is working on restoring its services.
Businesses that rely on the shipments via Royal Mail have already said that they’re been losing their ratings, customers, and lack of service is already causing major financial losses.
The Guardian: Phishing Is Not Going Anywhere Anytime Soon
Social engineering techniques are often the first step for cybercriminals because it’s easier to “hack” people than systems that are protected with all types of security measures and solutions.
The most common type of social engineering is phishing.
Hackers use emails, social media, or phone calls to target their victims and pressure them to either click the infected link that leads to the infected link, download malware hidden in the attachment, or reveal their passwords.
To prevent it, companies invest in advanced tools that filter emails and phishing awareness training that teaches teams to recognize the most common phishing attempts.
On December 20, The Guardian Media Group discovered the cyber incident within their network. It was identified as ransomware and they said that the malware infected their system following the successful phishing campaign.
Luckily, workers could continue their work and publish digitally and via the app.
The bad news was that private information of the UK staff has been obtained by the threat actor. The data of readers and subscribers haven’t been accessed by the malicious actor.
However, their IT systems have been disrupted (internal WiFi was taken down) and until that is remedied completely workers have to telecommute until February.
CircleCI: Mind Your Endpoint Security
With the rise of remote work, the security of all of the devices workers use to connect to the company’s network (AKA endpoint devices) is essential for preventing cyberattacks.
Employees connect to the company’s network from various home devices and maybe even bring their own laptops to work. If all those devices aren’t protected, the companies that rely on global teams have a major vulnerability that can be exploited for hacking.
Endpoint security is the term that refers to a solution that is designed for protecting data, preventing threats, and identifying advanced zero-day attacks (which are difficult to detect because hackers rely on previously unknown flaws).
On December 16, the DevOp platform known as CircleCI was the victim of a zero-day attack.
The company was notified of the suspicious activity on December 29 and started investigating the issue and securing the platform.
They identified the exact scope and what kind of hacking took place on January 4. Also, they notified all customers of the security incident and advised them to rotate all secrets within CircleCI and review internal logs.
The sophisticated hackers exploited a device one engineer has been using for work. They managed to infect it with malware that bypassed the antivirus software. Once they gained unauthorized access, they could impersonate the employee.
LastPass: How You Handle Data Breaches Matters
Data breaches affect both the business that has been breached and the individual whose information has been leaked.
They can occur after a successful phishing incident in which another person revealed their credentials, unauthorized access after exploiting a vulnerability, and other methods.
On December 22, LastPass, a well-known password manager, made an update on the data breach they experienced on November 30. They revealed that the incident had worse repercussions than they initially claimed.
Namely, the threat actor managed to access password vaults as well as user data.
The company hasn’t provided their customers with more information for a week after that update and security experts have suggested that users switch to something else.
The lack of transparency has caused many users to change to another service.
Key Takeaways and Lessons Learned
Let’s start with Royal Mail. This ransomware shows how the cyber attack on critical infrastructure affects businesses and prompts consumers to question whether they could have been better protected against possible hacking threats.
It takes a lot of time for companies to stand back on their feet following an incident. During that time, they lose money on the remediation and fall behind on their tasks.
Regardless of how prepared your company might be for hacking activity, zero-day attacks can still wreak havoc on systems.
Cyber incidents are often interlinked – as is evident from The Guardian hacking where the hacker was able to deploy ransomware following a successful phishing attack.
At the end of the day, there is no ideal security measure because security incidents can occur even within well-protected and managed infrastructures.
Once the attack or data breach occurs, it’s important how the news is communicated to those that are affected by the incident – that is, to be transparent and not leave worried users in the dark.