you have been pwned: Data Leaks

 

Data breaches can be far more than a temporary terror they may change the course of your life. Businesses, governments, and individuals alike can experience huge complications from having sensitive information exposed. Whether you are offline or online, hackers can get to you through the internet, Bluetooth, text messages, or the online services that you use.

A data breach exposes confidential, sensitive, or protected information to an unauthorized person. The files in a data breach are viewed and/or shared without permission. Anyone can be at risk of a data breach from individuals to high-level enterprises and governments. More importantly, anyone can put others at risk if they are not protected. Data breaches can be quite costly to organizations with direct costs like remediation, investigation and indirect costs like reputational damages, providing cyber security to victims of compromised data, etc.

Data is also stored in digital form by businesses all over the world. The servers that store the data are often vulnerable to various forms of cyber attack. Barely a day goes by without a confidential data breach hitting the headlines. Data leakage, also known as low and slow data theft,

And until this day nothing has changes, most of the companies still rely on their defense mechanisms which are basic most of the times ranging from simple anti-virus to outsourcing the security department to a vendor and hoping for the best. As our computers and mobile devices get more connective features, there are more places for data to slip through. New technologies are being created faster than we can protect them. Devices in the IoT sector are proof that we are increasingly valuing convenience over security.

The assumption is that a data breach is caused by an outside hacker, but that's not always true. Reasons for how data breaches happen might sometimes be traced back to intentional attacks. However, it can just as easily result from a simple oversight by individuals or flaws in a company’s infrastructure.

• An Accidental Insider. An example would be an employee using a co-worker's computer and reading files without having the proper authorization permissions. The access is unintentional, and no information is shared. However, because it was viewed by an unauthorized person, the data is considered breached.
• A Malicious Insider. This person purposely accesses and/or shares data with the intent of causing harm to an individual or company. The malicious insider may have legitimate authorization to use the data, but the intent is to use the information in nefarious ways.
• Lost or Stolen Devices. An unencrypted and unlocked laptop or external hard drive  anything that contains sensitive information goes missing.
• Malicious Outside Criminals. These are hackers who use various attack vectors to gather information from a network or an individual.

But these can not eliminate the fact that there are some malicious attacks happening by hackers who target these bodies to extract valuable info that can be sold later on in the dark web.

What are some of the techniques in use:

• Phishing. These social engineering attacks are designed to fool you into causing a data breach. Phishing attackers pose as people or organizations you trust to easily deceive you. Criminals of this nature try to coax you into handing over access to sensitive data or provide the data itself.
• Brute force attacks: work through all the possibilities for your password until they guess correctly. These attacks take some time but have become rapid as computer speeds continue to improve. Hackers even hijack other devices like yours via malware infections to speed up the process. If your password is weak, it might only take a few seconds to crack it.
• Malware. Your device’s operating system, software, hardware, or the network and servers you’re connected to can have security flaws. These gaps in protection are sought out by criminals as the perfect place to shove malware into. Spyware specifically is ideal for stealing private data while being completely undetected. You might not find this infection until it’s too late.

Although these are not the only attacks initiated by the hackers but that is an endless list on how someone can breach into your data. bear in mind that these attacks are coordinated and may have multiple teams working at the same time to extract as much as they can.

 Although a data breach can be the result of an innocent mistake, real damage is possible if the person with unauthorized access steals and sells Personally Identifiable Information (PII) or corporate intellectual data for financial gain or to cause harm. Malicious criminals tend to follow a basic pattern: targeting an organization for a breach takes planning. They research their victims to learn where the vulnerabilities are, such as missing or failed updates and employee susceptibility to phishing campaigns. Hackers learn a target's weak points, then develop a campaign to get insiders to mistakenly download malware. Sometimes they go after the network directly. Once inside, malicious criminals have the freedom to search for the data they want and lots of time to do it, as the average breach takes more than five months to detect.

The most common vulnerabilities for this issues are but not limited to:

• Weak credentials
• Stolen credentials
• Compromised assets
• Payment card fraud
• Third-party access
• Mobile devices
• Rogue employees

Think about your system as a house and the vulnerabilities are the doors and windows left unlocked, and now guess how much time the intruders will take until they figure it out all while you are on vacation for one month, only to know is when you get back and find that you got robbed.

 In many cases, data breaches cannot just be patched up with some password changes. The effects of a data leak can be a lasting issue for your reputation, finances, and more.

• For business organizations: a data breach can have a devastating effect on an organization's reputation and financial bottom line. Organizations such as Equifax, Target, and Yahoo, for example, have been the victims of a data breach. And today, many people associate/remember those companies for the data breach incident itself, rather than their actual business operations.
• For government organizations: compromised data can mean exposing highly confidential information to foreign parties. Military operations, political dealings, and details on essential national infrastructure can pose a major threat to a government and its citizens
• For individuals: identity theft is a major threat to data breach victims. Data leaks can reveal everything from social security numbers to banking information. Once a criminal has these details, they can engage in all types of fraud under your name. Theft of your identity can ruin your credit, pin you with legal issues, and it is difficult to fight back against.

Now let us take a look at some example taken of the web which shows the damage done to some organizations:

Adobe:

""Adobe originally reported that hackers had stolen nearly 3 million encrypted customer credit card records, plus login data for an undetermined number of user accounts. Later that month, Adobe raised that estimate to include IDs and encrypted passwords for 38 million “active users.” Krebs reported that a file posted just days earlier appears to include more than 150 million username and hashed password pairs taken from Adobe. Weeks of research showed that the hack had also exposed customer names, IDs, passwords and debit and credit card information. An agreement in August 2015 called for Adobe to pay a $1.1 million in legal fees and an undisclosed amount to users to settle claims of violating the Customer Records Act and unfair business practices. In November 2016, the amount paid to customers was reported at $1 million.""

Equifax:

""Equifax, one of the largest credit bureaus in the US, said on Sept. 7, 2017 that an application vulnerability in one of their websites led to a data breach that exposed about 147.9 million consumers. The breach was discovered on July 29, but the company says that it likely started in mid-May. The breach compromised the personal information (including Social Security numbers, birth dates, addresses, and in some cases drivers' license numbers) of 143 million consumers; 209,000 consumers also had their credit card data exposed. That number was raised to 147.9 million in October 2017.""

Marriott International:

""Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers. The breach initially occurred on systems supporting Starwood hotel brands starting in 2014. The attackers remained in the system after Marriott acquired Starwood in 2016 and were not discovered until September 2018. The attackers were able to take some combination of contact information, passport number, Starwood Preferred Guest numbers, travel information, and other personal information. The credit card numbers and expiration dates of more than 100 million customers were believed to be stolen""

With all these massive numbers and damage to the reputation that happened to these brands and this is just a smirk of the amount of data breach that happened this decade.

How can you help your organization after what you just read? the answer is straightforward, Data breach prevention needs to include everyone at all levels from end-users to IT personnel, and all people in between. When you’re trying to plan how to prevent data breach attacks or leaks, security is only as strong as the weakest link. Every person that interacts with a system can be a potential vulnerability. Even small children with a tablet on your home network can be a risk.

• Patching and software upgrading
• high grade encryption
• Upgrading devices
• Enforcing BYOD security policies such as VPN and anti-virus
• Enforcing strong credentials and multi-factor authentication
• Educating employees on the risks.
• Use DLP or data leak prevention software.
• Use the website Have I been Pwned to check if your email was compromised.

In the end the security of the data and the company is as good as the team protecting it and how much they are capable to provide the best service and plan an incident response plan if something bad happens, moreover since not solution is 100% secure one day a leak will happen so trust me when I say "better safe than sorry".