As the end of 2021 and the start a new year come into sight, now is the perfect time to reflect.
It has been much reported, that this year has brought new challenges to businesses in the wake of the COVID-19 pandemic. With businesses now actively promoting home working, many have fallen prey to cybercriminals. While we cannot confirm if these breaches were a direct result of changes in businesses due to the pandemic, we know that the window of opportunity for cybercriminals has never been larger.
Gov.uk now reports that nearly 40% of businesses have reported cyber security breaches or attacks over the last 12 months. As in previous years, the reported figures are higher among medium to large businesses. We can infer from these statistics, that if you have more to lose as a business, cyber-criminals will no doubt be more interested in trying to access your data.
With more to lose, it is easy to guess the financial consequences:
- Among the 39% of businesses that have identified attacks, one in five ends up losing money, data, or other assets
- One-third of businesses report being negatively impacted regardless of whether there is any concrete loss, as they then must focus more resources on post-breach measures, which can cause business-wide disruption.
Even if you’re a smaller business or even self-employed, it is still highly recommended to have a plan of action to prepare for the worst-case breach scenario, rather than assume it will never happen to you. Take some of the following examples to see understand the potential impact and scale of an attack on your own business…
Microsoft Exchange Server Breach
In March 2021, Microsoft identified multiple zero-day exploits being used to attack on-premise versions of Microsoft Exchange Server. These exploits were originally described to be ‘limited, targeted attacks’.
However, over 30,000 organisations in the US alone were attacked as hackers exploited multiple Exchange Server vulnerabilities. With this, cybercriminals gained access to email accounts and installed web shell malware, allowing the cybercriminals admin access to the victims’ Exchange Servers.
According to the Microsoft Threat Intelligence Centre, these attacks were suspected to have been caused by a Chinese hacking group called ‘Hafnium’.
What did Microsoft do to address these attacks?
- Released an emergency security update to address the exploits in Exchange Servers versions 2013-19
- Released a ‘one-click’ on-premise migration tool to help customers without dedicated IT security to apply updates to their exchange servers.
- Announces that their Defender Antivirus and System Centre Endpoint Protection would now automatically mitigates CVE-2021-26855 on any vulnerable server.
Unfortunately, cybercriminals will often seek to carry out their attacks on organisations that don’t pay closer attention to legacy software. Recently, more customers have transitioned to online Exchange, and this leaves behind any organisation that continues to carry on with older platforms.
T-Mobile Data Breach
T-Mobile in the US was struck with a data breach this year, which affected a total of 53 million customers.
In an announcement made on 20th August, shared that an ongoing investigation revealed the that hackers had managed to access customers’ personal data, including their phone numbers. Upon further investigation from the US Federal Communications Commission, it had revealed that 5.3 million additional wireless subscribers were also affected by the breach, as well as more than 666,000 former customer accounts.
It seems that T-Mobile has been the target of multiple data breaches in the past four years, recording six other breaches in that period.
What can this mean for T-Mobile and their customers?
Not only is number of customers affected very high, but so is the number of breaches. So how does this affect T-Mobile and the future of their business?
It is reasonable to assume that customers may lose faith in T-Mobile and look to switch to a competitor in the future, not to mention the potential for legal consequences with some customers already beginning to sue T-Mobile for damages.
The aftermath of a cyber breach can be a costly one, with lots of time and money spent to effectively manage the crisis. These expenses can include members of IT and security upgrading security solutions, as well as additional resources spent on HR conducting security training for employees.
If you’re a business recently affected by a cyber breach, updates on your AUP (acceptable use policy) may also be useful, which you can read about here.
If you’re a UK resident, and you believe to have been affected by a data breach, similar to the one shown at T-Mobile, here are some practical measures you can take:
- Confirm data breaches via the Information Commissioner’s Officer (ICO). The ICO were set up to uphold information rights. They are a great resource if you’re unsure of whether or not your data has been breached and can also help you figure out what information has been stolen. They can also advise you on your next steps.
- Secure financial data and information. If your financial details have also been breached, then it is important to secure that data as soon as possible. We would also advise checking bank statements to see if any money has been stolen and cancelling your card. If you find that you cannot cancel right away, freezing your account is also a good alternative until you can confirm its security.
LinkedIn Data Breach
Data that was attached to 700 million LinkedIn users was posted for sale on a dark-web forum back in June. According to upguard, this exposure affected 92% of the total LinkedIn user base.
What is more interesting, or perhaps alarming, is that the data was ‘dumped’ in two waves, originally only exposing the first 500 million users, and then later the remaining 200 million when a hacker named ‘God User’ boasted they were selling a database of up to 700 million LinkedIn users.
In the sample published by the hackers, there were over 1 million records to confirm the legitimacy of the breach. Some of this data included information such as e-mail addresses, phone numbers and other social media accounts and details – meaning this breach has the potential to expand beyond LinkedIn to other social media platforms as well.
However, LinkedIn has countered this claim by stating that this was not a data breach but rather a ‘violation of their terms of service through prohibited data scraping’.
What happens next?
With the hackers having access to information such as email addresses, individual users could be exposed phishing email scams. If you are unaware of phishing emails or what to look out for, then read our previous article for further advice.
While passwords were not confirmed to be a part of this data breach, it is always better to be safe than sorry; change your passwords and implement two-factor authentication where possible.
SQA Consulting provides a host of different services within business transformation, cyber security, intelligent automation, and AML compliance.
Operating across the globe in South-Eastern Europe, Spain, Ireland, United States and United Kingdom, we boast a large team of experts within our range of services who are on-hand to assist with all your business requirements.
To find out more about our range of services and more telephone: +44 (0) 161 503 0533 or email firstname.lastname@example.org