THREE Cyber Incidents to Learn From Over the Last 6 Months

Serbus Cyber Lessons

The rise in cyber incidents has increased dramatically over the last few months in the wake of the global pandemic. Businesses big and small continue to be preyed upon by cyber criminals and individuals that pose a threat to their company IP, customer data and network infrastructure.

Serbus Cyber Lessons
Lessons learnt from cyber incidents

But what lessons can we learn from them?

We analysed three notable cyber incidents, all varying in form, type of attack and intent, to identify where the most common weak points lie, in this day and age, when it comes to the cyber security strategies of organisations.

1. EasyJet

In May, international airline EasyJet made the public aware of a “highly sophisticated” cyber-attack that compromised the personal itineraries and financial details of 9 million customers. Emails, credit card details and, alarmingly, CVV numbers for those cards were stolen, in a hacking attempt that was targeting company IP.

EasyJet did not disclose intricate details of the breach, however admitted that they had first been made aware of the breach in January and had since “closed off the unauthorised access,” but it wasn’t until April that the airline were able to identify and notify the victims of the theft.

Apart from the obvious resulting loss of face and faith from customers, the airline was fined £183m by the ICO, and it’s anticipated they will have to pay out £3bn in compensation to those affected.

In times like this, where the aviation industry’s revenue has been drastically affected by the coronavirus outbreak, it is crucial for businesses to ensure they have their security processes and protection software in place, with IT teams ensuring databases are configured and patched correctly and regular pen tests are conducted.

Whilst we can only speculate on the exact route of the breach, EasyJet and their customers still remain at risk, due to the 9 million email addresses compromised by the hackers. It is likely that these emails will be sold on dark web crime ‘supermarkets’ to other cybercriminal actors for use in phishing scams.

2. Virgin Media

At the beginning of March, Virgin Media admitted to a database breach that affected an estimated 900,000 customers. The incident saw human error as the causation, where a marketing database containing the email addresses and phone numbers of customers was left exposed for 10 months due to a suspected misconfiguration in the cloud database setup. As a result of the breach, Virgin Media faced a £4.5bn compensation bill.

Whilst no financial details were stolen, the concern lies with the breach of consumer rights, as contract information was also accessible. This information included requests to block or unblock explicit websites, for example, exposing victims to further potential crimes of extortion or blackmail, alongside the threat of phishing scams and scam phone calls.

The Virgin Media incident highlights the crucial importance of employee cyber awareness and security best practice procedures. It’s been reported that 25% of the time a breach or weakness in an organisations network is not discovered until 6 months or longer, which can be potentially disastrous to both company reputation and cash flow.

3. Zoom

The start of April saw 500,000 Zoom logins and passwords made available for sale on black market web forums. Sadly, Zoom could not do much to mitigate this, as the hackers never infiltrated their network to steal the credentials.

Attackers used a 4-step approach that started with purchasing databases on dark web supermarkets and forums from earlier cyberattacks. The criminal actors then wrote a configuration file for an app stress testing tool and aimed it at Zoom, before launching a credential stuffing attack that employed bots to randomise IP address, also introducing lags to disguise the repeated DoS attempts from Zoom’s security systems. What this exposed to the hackers were successful login attempts, alongside information like first names and even meeting URLs, which could then be bundled and sold as a newer database on black market dark web forums.

Whilst the company could do very little to prevent this assault on their customers, it serves as a good example of best practice for consumers when it comes to protecting their own data. In instances where customers or clients have been exposed by a breach, many will not make the necessary changes to their credentials, thereby exposing them to further future risk.

Both from a corporate and from an individual perspective, there are many lessons afforded by these recent breach incidents over the past 6 months. It is paramount that businesses create and maintain their cyber security strategy to afford them and their customers the best protection possible from cybercriminal activity.

At Serbus, our team provides each of our clients with a carefully considered, expert strategy for ensuring business communications, company IP and data remain secure and safeguarded, wherever employees may be working in the world. Serbus Secure offers a suite of tools to suit your organisation’s needs.

If you would like to know more about how we can help you with your requirements, or if you have been affected by issues similar to the above, please get in touch on info@serbusgroup.com or call us on +44 (0)1432 870 879.