Question

Find article on the internet about the cyber breaches. analyze article and post:

1. What happened
2. What went wrong
3. What tools are available to prevent issue/s from happening again
4. Could it be prevented?
5. What should be done from now onwards.
6. 6. Also provide the reference links

Answer 1

A data breach occurs when a cybercriminal successfully infiltrates a data source and extracts sensitive information. This can be done physically by accessing a computer or network to steal local files or by bypassing network security remotely. The latter is often the method used to target companies. The following are the steps usually involved in a typical a breach operation:

1. Research: The cybercriminal looks for weaknesses in the company’s security (people, systems, or network).
2. Attack: The cybercriminal makes initial contact using either a network or social attack.
3. Network/Social attack: A network attack occurs when a cybercriminal uses infrastructure, system, and application weaknesses to infiltrate an organization’s network. Social attacks involve tricking or baiting employees into giving access to the company’s network. An employee can be duped into giving his/her login credentials or may be fooled into opening a malicious attachment.
4. Exfiltration: Once the cybercriminal gets into one computer, he/she can then attack the network and tunnel his/her way to confidential company data. Once the hacker extracts the data, the attack is considered successful.

Therte are the 5 biggest data breaches in recent history, including who was affected, who was responsible, and how the companies responded.

Adobe

Date: October 2013
Impact: 153 million user records
Details: As reported in early October of 2013 by security blogger Brian Krebs, Adobe originally reported that hackers had stolen nearly 3 million encrypted customer credit card records, plus login data for an undetermined number of user accounts.

Later that month, Adobe raised that estimate to include IDs and encrypted passwords for 38 million “active users.” Krebs reported that a file posted just days earlier “appears to include more than 150 million username and hashed password pairs taken from Adobe.” Weeks of research showed that the hack had also exposed customer names, IDs, passwords and debit and credit card information.

An agreement in August 2015 called for Adobe to pay a $1.1 million in legal fees and an undisclosed amount to users to settle claims of violating the Customer Records Act and unfair business practices. In November 2016, the amount paid to customers was reported at $1 million.

Adult Friend Finder

Date: October 2016
Impact: 412.2 million accounts
Details: This breach was particularly sensitive for account holders because of the services the site offered. The FriendFinder Network, which included casual hookup and adult content websites like Adult Friend Finder, Penthouse.com, Cams.com, iCams.com and Stripshow.com, was breached in mid-October 2016. The stolen data spanned 20 years on six databases and included names, email addresses and passwords.

The weak SHA-1 hashing algorithm protected most of those passwords. An estimated 99% of them had been cracked by the time LeakedSource.com published its analysis of the data set on November 14, 2016.

As CSO reported at the time that, “A researcher who goes by 1x0123 on Twitter and by Revolver in other circles posted screenshots taken on Adult Friend Finder (that) show a Local File Inclusion vulnerability (LFI) being triggered.” He said the vulnerability, discovered in a module on the production servers used by Adult Friend Finder, “was being exploited.”

Canva

Date: May 2019
Impact: 137 million user accounts
Details: In May 2019 Australian graphic design tool website Canva suffered an attack that exposed email addresses, usernames, names, cities of residence, and salted and hashed with bcrypt passwords (for users not using social logins — around 61 million) of 137 million users. Canva says the hackers managed to view, but not steal, files with partial credit card and payment data.

The suspected culprit(s) — known as Gnosticplayers — contacted ZDNet to boast about the incident, saying that Canva had detected their attack and closed their data breach server. The attacker also claimed to have gained OAuth login tokens for users who signed in via Google.

The company confirmed the incident and subsequently notified users, prompted them to change passwords, and reset OAuth tokens. However, according to a later post by Canva, a list of approximately 4 million Canva accounts containing stolen user passwords was later decrypted and shared online, leading the company to invalidate unchanged passwords and notify users with unencrypted passwords in the list.

eBay

Date: May 2014
Impact: 145 million users
Details: eBay reported that an attack exposed its entire account list of 145 million users in May 2014, including names, addresses, dates of birth and encrypted passwords. The online auction giant said hackers used the credentials of three corporate employees to access its network and had complete access for 229 days—more than enough time to compromise the user database.

The company asked customers to change their passwords. Financial information, such as credit card numbers, was stored separately and was not compromised. The company was criticized at the time for a lack of communication with its users and poor implementation of the password-renewal process.

Equifax

Date: July 29, 2017
Impact: 147.9 million consumers
Details: Equifax, one of the largest credit bureaus in the US, said on Sept. 7, 2017 that an application vulnerability in one of their websites led to a data breach that exposed about 147.9 million consumers. The breach was discovered on July 29, but the company says that it likely started in mid-May. The breach compromised the personal information (including Social Security numbers, birth dates, addresses, and in some cases drivers' license numbers) of 143 million consumers; 209,000 consumers also had their credit card data exposed. That number was raised to 147.9 million in October 2017.

Equifax was faulted for a number of security and response lapses. Chief among them was that the application vulnerability that allowed the attackers access was unpatched. Inadequate system segmentation made lateral movement easy for the attackers. Equifax was also slow to report the breach.

How to Prevent cyber breaches

Network security threats are constant and real. By simply using the internet, we are constantly being bombarded by multiple types of internet threats. All types of internet threats apply various forms of malware and fraud, in which every part of it uses HTTP or HTTPS protocols, and utilize other protocols and components, such as links in email or instant messaging, or malware attachments that have access to the Web.

Some tools which are available to prevent Cyber Breaches

Tool #1: SIEM

You need a SIEM to help log security events for your organization. This is the first line of defense to prevent security breaches. You may already have this tool on hand because it is required by compliance regulations. We recommend managed SIEM if you aren’t using the technology to its fullest capabilities or if you don’t have the resources needed to manage the SIEM.

Your organization likely has firewalls, IDS/IPS, and AV solutions installed that look for malicious activity at various points within the IT infrastructure, from the perimeter to endpoints. However, many of these solutions are not equipped to detect zero-day attacks and advanced persistent threats. Help prevent security breaches by adding SIEM technology to your arsenal.

What is a SIEM?

Security Information and Event Management (SIEM) – A SIEM platform centrally collects data from multiple devices on your network, including your existing security appliances. Through an advanced correlation engine, it is able to proactively identify security events not otherwise detected by standalone security technology.

A SIEM system centralizes logging capabilities on security events for enterprises and is principally used to analyze and/or report on the log entries received. The analysis capabilities of SIEM systems can detect attacks not discovered through other means and can direct the reconfiguration of other enterprise security controls to plug holes in enterprise security. Some of the top SIEM products — assuming an attack is still in progress — can even stop detected security breaches.

Tool #2: Endpoint Detection and Response (EDR)

Prevent security breaches with endpoint detection and response. Our team utilizes artificial intelligence that will help stop advanced threats and malware at the most vulnerable point – the endpoint.

Antivirus isn’t enough to protect endpoints.

The underlying technology for Cybriant’s EDR service is the only technology that stops over 99% of advanced threats and malware before they can execute to cause harm. It completely eliminates the need for legacy antivirus software, anti-exploit products, whitelisting solutions, and host-based intrusion detection and prevention systems.

Cybriant uses a “prevention-first” technology – we stop attacks before they cause harm, vs allowing attacks to happen, then clean up the mess. By reducing the number of endpoint security products deployed on the endpoint, customers gain operational efficiencies by not having to manage signatures, policies, or deployments of additional protection.

Cybriant’s Managed EDR can help eliminate legacy endpoint security technology that are not effective against today’s threat problems, thus improving cost savings and management overhead. The technology was tested by HIPAA security assessors and found to be significantly superior to any other antivirus or anti-malware product in finding malicious software.

Managed Endpoint Detection and Response Benefits

When you outsource the management of your Endpoint Detection and Response (EDR) to Cybriant, our security analysts are able to:

• Perform root cause analysis for any blocked threat or any other artifact deemed important found on an endpoint
• Proactively search endpoints for signs of threats commonly referred to as threat hunting
• Take decisive action when a security incident, or potential incident, is identified

Tool #3: Patch Management

How many recent cybersecurity breaches you’ve read about in the news have been caused by known vulnerabilities that need to be patched?

According to a recent Poneman study, “To prevent data breaches, security teams need to patch more quickly,” the study says. “However, the survey shows that they are being held back by manual processes and disconnected systems that compromise their ability to patch in a timely manner.”

Patch management is a simple process that tends to be overlooked by already overwhelmed IT employees but, to prevent security breaches, this can have the biggest impact.

The best way to ensure proper patch management is to outsource to a company like Cybriant and use automation.

Our Responsive Patch Management solution will scan your systems, check for missing and available patches against our comprehensive vulnerability database, download and deploy missing patches and service packs, and generate reports to effectively manage the patch management process of the enterprise.

Our Responsive Patch Management solution handles every aspect of Windows, Mac, Linux and third-party application patch management. This includes deploying patches seamlessly across desktops, laptops, servers, roaming devices and virtual machines, from a single interface.

Our Responsive Patch Management solution will update the configuration baseline definitions to include the new patches, regularly analyze to assure that all endpoints remain in compliance, identify improvements and customize the patch management process accordingly.

Tool #4: Vulnerability Management

To prevent security breaches, it’s important to understand that an asset is no longer just a laptop or server. It’s now a complex mix of digital computing platforms and assets which represent your modern attack surface, including cloud, containers, web applications, and mobile devices. Proactively discover true asset identities (rather than IP addresses) across any digital computing environment and keep a live view of your assets with our managed vulnerability management service.

Performing only a single vulnerability scan each year or quarter puts organizations at risk of not uncovering new vulnerabilities. The time between each scan is all an attacker needs to compromise a network. With continuous scanning, our security experts automatically have visibility to assess where each asset is secure or exposed.

By using risk prioritization, our security experts have the skills to understand exposures in context. They will prioritize remediation based on asset criticality, threat context, and vulnerability severity. Our reporting will help you prioritize which exposures to fix first, if at all, and apply the appropriate remediation technique

The modern attack surface has created a massive gap in an organization’s ability to truly understand their cyber exposure.

The larger the gap, the greater the risk of a business-impacting cyber event occurring. Traditional Vulnerability Management is no longer sufficient. Managed Vulnerability Management extends vulnerability management by covering the breadth of the attack surface (IT, Cloud, IoT/OT) and provide a depth of insight into the data (including prioritization/analytics/decision support).

If you are ready to prevent security breaches for your organization, consider PREtect. It’s our tiered service that offers all four products in a flexible and affordable cyber risk management service.

so from now to prevent cyber breaches we can take following actions

1. Protect All Data

All company data should be protected at all times, whether it happens to be relevant, sensitive data or outdated, inconsequential data. For data in the former category, make sure that it is encrypted with the latest state-of-the-art software. If a set of data is no longer necessary for your operations or records, have it wiped from your servers and hard drives. If paper documents of the data exist, have them shredded before disposal.

2. Implement Strong Passwords

For maximum protection, passwords must be complicated, convoluted and free of any company jargon, secret hints or acronyms. A password should never be simple or easy-to-remember, as someone with a bit of inside info just might crack the code. All company passwords should be changed every six months.

3. Establish a Plan of Action

When systems are under attack, everyone should be on alert, especially if a breach has affected one of your company’s partner entities. If a hacker manages to access info from the system of a company with whom you do business, that hacker will be only one step away from accessing your system. This would be the time to tighten the reins and place your IT staff on 24-hour alert for possible intrusions. Even when your company has implemented the latest security updates, your team will need to be on its toes when news comes in about potential cyber attacks.

4. Monitor the Transfer of Data

All data that gets transferred across your company’s network and onward to third parties should be monitored every step of the way. Likewise, the sources of all incoming data should be verified before entry into your system. It is much more difficult for unauthorized parties to access your system if all info passing to and fro is monitored at all times.

5. Restrict Access

Restrict access to vital layers of data to the people who work in the departments in question. Sensitive data should only be handled by personnel who are directly trained to handle such information and should not be accessed by other branches of staff.

6. Patch Vulnerabilities

Holes in a company’s computer system often enable data breaches. It is, therefore, crucial to keep all system software updated with the latest versions and security patches. If necessary, conduct training sessions to ensure all company personnel are up-to-date on the system protocols.

7. Encrypt All Data and Devices

Company data should only be stored on encrypted devices with no exceptions to the rule. Non-encrypted storage — be it local, online or cloud-based — is simply too risky for any company, as data can easily be compromised when it lacks the added security layer of encryption.

8. Double-Layer Authentication

When it comes to system access, two layers of security are always more foolproof than one. In addition to a password, each authorized staffer should have to pass another security layer to access system data. Some of the most effective options in this regard include fingerprint and facial recognition.

9. Restrict Downloading

No data of a sensitive nature should be downloaded onto local physical drives unless necessary for a given operation. Vital data stored on encrypted servers should only be viewable with suspensions placed on all copy-and-save options, including screen-capture and right-clicking functions.

Note :- sorry for inconvinience but we are not permitted to provide you with any type of references.