3 examples of serious cyber attacks organizations can learn from

Hacks happen everyday, but some breaches remain etched in our memories– either because they involved iconic household brands or due to the sheer magnitude of the event itself. Just as with any historical incident, these infamous events serve as valuable lessons. They remind us of the importance of proactive security measures to protect our organizations from becoming the victim of a similar cybercrime.

Join us as we take a stroll down memory lane and dissect three of the most serious cyber attacks from recent years and discuss how to prevent a similar fate.

How Equifax learned the hard way

First up is Equifax, a multi-national credit bureau that offers individuals online access to their credit score. It goes without saying that they store massive amounts of sensitive and personal data. 

When they were breached back in 2017, it led to the exposure of over 140 million Americans’ highly sensitive personal information. This might seem like old news, but as recently as 2023 they were still paying the price for the breach. 

What was the cause?

Hackers initially acquired access into the Equifax systems because of an unpatched Apache Struts vulnerability. But poor security practices turned a bad situation worse, enabling the attackers to easily move undetected through their systems for over two months.

Here are the key security issues that enabled the breach:

• Failure to patch a known vulnerability.
• Lack of network segmentation allowing lateral movement.
• An expired encryption certificate masking data exfiltration.
• Plaintext storage of passwords further opening access.

The data that hackers accessed in this breach has not appeared on the dark web. This leads investigators to believe Chinese state-sponsored hackers carried out the attack for espionage.

The fallout for Equifax included:

• Over $1.4 billion spent on upgraded security.
• A $1.38 billion settlement with the FTC.
• Executive departures and credit rating downgrade.

If that’s not enough, 6 years after the breach, Equifax is still paying for the incident – in October 2023, UK watching Financial Conduct Authority fined the company a further $13.4 million.

Like most others, this incident could have been avoided with some basic security hygiene including: 

• Regularly scanning systems and prioritizing critical patches.
• Segmenting their network into smaller isolated zones, use firewalls, and regularly test segmentation effectiveness. 
• Set up automated monitoring and alerts for certification expiration. 
• Prohibit the storing of passwords in plain text and regularly audit applications and databases to ensure compliance with secure password storage practices. 

Why Uber keeps getting attacked

Next, let’s talk about Uber. The ride sharing enterprise has been breached not one, but three times. The latest one happened in January 2023 via a third-party vendor, Genova Burns LLC. Genova Burns LLC is a law firm that has access to Uber driver records. The breach resulted in the personal data of over 77,000 Uber and UberEats drivers being stolen, including their names and social security numbers.

The breach augments existing criticism of Uber’s history of security lapses

• In 2022 a hacker gained access to Uber’s internal systems just “for fun”.
• In 2016 57 million customer and driver records were breached and then allegedly concealed.

After their drivers’ sensitive personal information was compromised for a third time, the consensus amongst security experts is clear. Uber must reinforce both their technical and human vulnerabilities across their entire ecosystem of access. 

This latest incident marks their second breach in just six months, sparking renewed scrutiny of their security posture. 

What do the experts say?  

• Uber’s “traditional approach” to cybersecurity doesn’t cut it.

• There’s a need for end-to-end security versus their current siloed approach.

• They need to minimize vulnerabilities from supplier and partnership access through 3rd party risk management.

• Uber needs to reduce human-related vulnerabilities through employee security awareness as well as implementing stricter technical controls.

The EU cybersecurity directive, NIS2 places an emphasis on supply chain cybersecurity and risk management. Learn more about navigating the directive with our guide.

How slow response time was JBSs downfall

Poor security practices and slow response can turn a bad situation worse. That was the case when attackers targeted JBS, a meat processing giant, with a ransomware attack in 2021. The attack resulted in halted operations until they paid up.

Here’s what happened: 

In May 2021, a ransomware attack on JBS disrupted operations globally until an $11 million ransom was paid.

JBS had rampant malware and was “extremely slow” to address their vulnerabilities, which is especially worrying as food production is part of critical infrastructure. In addition, their attack surface was made even larger through lack of segmentation and a high prevalence of outdated systems– weaknesses which made them a tasty target for cybercriminals and ripe for exploitation. 

Post-attack, the FBI warned the sector of increased targeting. Breaches occur daily but rarely become public. JBS highlights the need for basic security hygiene like patching and upgrading legacy systems.

The attack itself began months prior and progressed through these common stages:

• Employee credentials were leaked online.

• Hackers infiltrated systems and extracted data.

• Ransomware was activated, resulting in halted operations.

This attack highlights how aging infrastructure and relaxed security practices can result in a costly fallout and underscores the critical need for modernization and resilience across the food supply chain.

JBS could have easily avoided the incident through cybersecurity best practices

What makes things worse is that the entire scenario could have been avoided through basic security hygiene including:

• Addressing security vulnerabilities in a timely manner.  
• Segmenting their network into isolated zones.
• Regularly updating their systems.

90% of breaches are avoidable

According to Verizon, about 9 out of 10 security breaches could be prevented with proper security measures in place. 

If we can take anything away from these three examples it’s that, in many cases, breaches are preventable. By understanding the attack vectors threatening your organization’s data and infrastructure and implementing a proactive security strategy, you can significantly reduce the risk of becoming tomorrow’s news. 

One of the most effective ways to do this is to practice Attack Surface Management. By evaluating your digital assets through the eyes of a hacker, you gain a clearer understanding of your organization’s digital footprint and how malicious actors might exploit vulnerabilities associated with it. This enables you to take swift, prioritized actions to remediate risks and fortify your defenses.

Attack Surface Management is the systematic process of:

1. Identifying all digital assets.
2. Profiling each of those assets in detail.
3. Scanning for weaknesses and prioritizing risks.
4. Developing and implementing security measures.
5. Establishing ongoing surveillance to adapt to changes and prioritize mitigation efforts.

Proactively managing your attack surface is more than just a strategy, it’s a necessity in today’s threat landscape. 

Interested in learning more about enhancing your organization’s digital security?

Book a demo.