2021 might mark the beginning of the end of Covid-19, but not the end of cybersecurity attacks. Over the past quarter, hundreds of recorded attack incidents, including breaches, malware injection, phishing, and more, have affected organizations worldwide. Let’s look at five of the most significant breaches in the past quarter, and see how zero trust security could have helped prevent them or mitigate the risks.
Four zero-day exploits were discovered in Microsoft Exchange Servers, which reside on-premises in multiple organizations. At least 250,000 of these servers have been attacked since the beginning of January 2021. These include 30,000 servers in the US and 7,000 in the UK, as well as servers belonging to leading global political organizations like the Norweigan parliament, the Czech government, the European Banking authority and Chile’s Commission for the Financial Market. The attacks enabled perpetrators to access the network and gain internal control, even to sensitive components like the Active Directory.
Patches to the servers were released by Microsoft throughout March 2021. But these help prevent future attacks, not with mitigating the damages that occurred so far.
With ero trust, even if attackers are inside the system, they will not be able to see its different components and architecture, since they are not an authenticated device. This includes the Active Directory. As a result, they will not be able to advance in the system and gain a foothold in it. In addition, recording and auditing capabilities would enable monitoring the perpetrator actions, to see which actions have been taken and to obliterate their effect.
This means that companies that use the Microsoft Exchange Server, but also implement zero trust, would have been minimally affected from the vulnerability. In addition, they would have been able to monitor the attacker’s actions in their network.
The Division of Structural Biology at Oxford University, one of the most renowned biology labs in the world, was hacked. Perpetrators were able to gain access to internal lab systems that are used for preparing biochemical samples, including for coronavirus research. The scope of the breach and its effect are still unclear. While it seems no damage was done, they could potentially range from selling intellectual property to sabotaging research.
Zero trust prevents unauthorized devices and users from accessing internal systems by continuously authenticating identities before providing access. Based on the “trust no one” concept, zero trust would have prevented the Oxford attackers from accessing lab systems. The attacker’s devices would not have been verified and approved, and the research would be safe.
Walmart announced that one of its data hosting suppliers had been compromised, resulting in stolen PII from Walmart’s pharmacy patients that resided on their servers. This included names, addresses, dates of birth, phone numbers, medical information, prescription information and health insurance information. Walmart’s systems were not affected.
In zero trust, devices are authenticated every time they access systems, apps and assets. Constant verification ensures unauthorized devices do not have access to sensitive and valuable data. This includes MFA, SSO and additional authentication methods. In addition, zero trust hides the network structure from attackers, so they cannot see where the valuable data resides
By ensuring their third party supplier implemented Zero Trust, Walmart could have protected the personal information of their patients. Zero trust could have prevented attackers from gaining access to the supplier network. If the attackers were already inside - it would have prevented them from accessing Walmart’s customers’ information.
Another example of a third party data breach from this year is Ubiquiti, a large IoT technology vendor. In the case of Ubiquiti, a third party cloud provider accessed the Ubiquiti database and stole personal information and credentials, like passwords.
In this case, by implementing zero trust, Ubiquiti could have prevented the cloud provider from gaining unauthorized access. It could have set policies limiting their access. Thus, even if the supplier was affected, Ubiquiti would not have been.
Read more about preventing 3rd party attacks here.
The SCO, which handles more than $100 billion in public funds each year, was the victim of a phishing attack. An employee clicked on a malicious link, granting the attacker access to their email account. The phishers were able to access the system for more than 24 hours. They stole SSNs, sensitive files and PII, and sent more phishing emails.
Zero trust combats phishing by preventing attackers from advancing in the system. Even if the attackers were able to gain access through a malicious link, they would not have been able to access sensitive files and data. By implementing access authentication methods like MFA, the network would have stayed protected, even after the employee accidentally clicked the link. Read more about preventing phishing attacks here.
Mimecast, a provider of security email services in the cloud, was breached by a criminal compromising a certificate used to authenticate Mimecast products. 10% of their customers used the compromised connection, and a few were targeted.
Zero trust enforces MFA to ensure user and device verification are not based only on a single factor or factors that might be compromised. As a result, Zero Trust would have authenticated the devices with additional factors on top of the certificate, like behavior analysis, keystroke dynamics, and more. Read more about MFA here.
As we end Q1 2021 it becomes clear that the growing number and sophistication of cyberattacks is not slowing down. Cyber attackers are attempting to gain access to systems and assets, putting every company and individual at risk. From stealing PII to risking Covid-19 research to asking for ransoms, attackers have no boundaries when it comes to gaining a financial advantage or causing destruction.
Zero trust can significantly reduce the number and scope of attacks. The zero trust model denies perpetrators access to the network, and blocks their ability to see it and advance in it if they're inside. This is a considerable advantage when dealing with cyber attacks.