It’s been a pretty successful year for hackers when it comes to data breaches. Some of them were against some pretty high-profile targets too. Surprisingly, only one of the 10 largest and highest profile cyberattacks so far this year was a ransomware attack. Only one was due to malware making its way onto a point of sale system (POS). A lesson that can be learned from the below list is that it is incredibly important to properly configure cloud servers. Of the ones listed below, half were due to misconfigurations on Amazon Web Services (AWS) servers.
All this data is out there and it's all for sale. What does that mean for you? Well it means that cybercriminals might know a lot more about you than you think. This gives them the ability to put together some very specific phishing attacks. Knowing this, it should be a hard and fast rule that you never click on unexpected email or text links or attachments. If a cybercriminal knows you shop at Home Depot, you can be sure they will use that against you. If you want to check on your Home Depot order, log into their site to check your information in a secured environment.
The second most important rule for online safety is having a unique password for every site. If passwords are stolen, criminals will try to log into all major sites with that information. You will be protected if every password is different. This way you only need to change the one password that was breached.
Here they are in no particular order:
Arby’s – Malicious software was found on the POS of about 1,000 of its corporate stores. The intrusion occurred between October 25, 2016 and January 19, 2017.
E-Sports Entertainment Association – Over 1.5 million subscribers were victims when hackers stole their data. The perpetrators offered to keep quiet if the company paid $50,000. It didn’t.
America’s Job Link – In March, 4.8 million jobseekers were victims of a breach of this site. It was determined that code for the site was misconfigured.
Kansas Department of Commerce – Hackers were able to steal 5.5 million records from people across 16 states. Social security numbers were part of the stolen data. Another 850,000 records were also stolen that did not include the SSN.
Dun & Bradstreet – A third party was blamed for allowing hackers to steal 52 gigabytes of data including records of 33.7 million subscribers to its various publications.
And now the misconfigured AWS server victims:
OneLogin – This single sign on and identity and access management company was victimized in June. Hackers gained access to the company’s infrastructure through an AWS database.
Dow Jones & Company – In July, 2.2 million subscribers were victims of another misconfigured AWS server. It’s unclear if the data was exposed to hackers or others who may have used it in an unauthorized manner, but the number of victims is expected to increase to 4.4 million.
World Wrestling Entertainment (WWE) – Wrestling fans were victims of this breach when information of 3 million of them was exposed. Blamed for it was a misconfigured AWS server. Data was stored in plain text and not password protected.
Verizon – In July, it was announced that data of 14 million of its customers was left unprotected by a third party on an AWS server. This number represents approximately 10% of the company’s subscribers.
Republican National Committee (RNC) – In June, 200 million records were left publicly accessible by a third party contracted by the RNC. A misconfigured AWS server again took the blame.
Education and awareness training on identifying phishing are key aspects to a strong cybersecurity strategy. In addition, ensuring that all servers are properly configured and kept updated with patches, especially security related ones should be a priority as well. While the above are against larger or well-known companies, this applies whether you are an organization of five or 5,000. Cyberthieves don’t care about budget or the size of the workforce. They care about data and as long as there are weaknesses, whether with hardware, software, or humans, cybercriminals will work overtime to take advantage of them.