As we cross into the second half of 2022, still only 50% of US businesses have a cybersecurity plan in place. In the past quarter, this alarming statistic played out in a large number of security breaches.
The glimmer of good news is that most attacks be prevented – and fairly easily. This does however take a commitment to adopting modern technologies and standard cyber hygiene practices. Read on to learn about four of the most prominent cyber attacks of Q2 2022 and how copycat attacks can be prevented with an identity-based access solution.
Authentication platform Okta was breached by ransomware gang Lapsus$ through a third party vendor, Sitel. Entering via Sitel’s network, the attackers succeeded to access superuser roles, view Okta’s customer tenant user information, and perform administrative actions. The attack took place from January 16 to 21 and was made public in late March 2022. According to Okta, 366 corporate customers were impacted by the security breach.
Identity-based access ensures that only authorized and continuously verified users can gain access to corporate networks, systems, and roles. As a third party vendor, Sitel legitimately needed access to Okta’s resources. However, this access could and should have been limited according to the principle of least privilege. When users have the minimum level of access needed to do their jobs, it restricts the amount of damage a potential attacker can cause. Had the principle of least privilege been in effect in this particular case, the attackers who gained access to Sitel would have either been blocked entirely from accessing Okta’s network, or they would have had limited permissions – and certainly not admin rights.
In addition, identity-based access cloaks the network from users, so the attackers would not have been able to see Okta’s network and customer tenants. Finally, the auditing and real-time monitoring capabilities of a good secure connectivity solution would have allowed an admin who noticed suspicious activity to immediately end the attackers’ session and block their access.
For Okta customers, it’s important to keep in mind that Okta and other identity providers (IdPs) effectively authenticate and authorize users – but they do not ensure secure connectivity. Therefore, an identity-based access solution should be implemented to lower risk even further. By adding a verification layer on top of their IdP, Okta customers can ensure that their information remains hidden even if the IdP is breached. It is also crucial to choose an identity-based access provider that does not store your sensitive information.
COVID-19 has left airline companies and airports struggling to resume normal activities, with passengers stranded at airports as flights are delayed or outright canceled. But the pandemic is not the only reason for these highly inconvenient disruptions. In May 2022, Indian airline SpiceJet faced a ransomware attack, resulting in flight delays and leaving passengers confused on planes and at gates. According to SpiceJet, the issue was rectified by its IT team within a few hours.
Identity-based access could have ensured that critical systems used to manage flight schedules and operations were not accessible to attackers. While there is no further information about the nature of this attack and how it was resolved, strong authentication and device health validation significantly minimize the risk of a successful ransomware attack.
In addition, this incident serves as a good reminder that cybersecurity is about people as much as it’s about tools and technology. When a company is attacked, it’s important to communicate the issue transparently and provide solutions to affected users. Otherwise, reputational damage may ultimately be more severe than any financial damage the incident caused.
An attack on South African pharmacy retail giant Dis-Chem resulted in the exposure of 3.6 million user records. The breached data included names, email addresses and phone numbers – all personal information can be used for phishing. The breach itself occurred when a third party service provider of Dis-Chem was compromised.
Similar to the Okta breach, an identity-based access solution at Dis-Chem would have protected sensitive information by restricting access to a small set of privileged users. Strong authentication requirements, coupled with continuous authorization, would also have made it significantly more difficult for an attacker to gain access at all.
In this incident, an attacker posed as a support representative to gain access to a Verizon employee database containing names, email addresses and corporate ID numbers of hundreds of employees. The hacker convinced an employee to grant him remote access to a corporate device. He went on to access a Verizon internal tool that shows employee’s information and wrote a script to query and scrape the database.
User behavior analytics (UBA) is the analysis of human behavior for the purpose of detecting anomalies that could indicate cybersecurity threats. An identity-based access solution utilizes UBA to detect unusual user behavior and then raise an alert or block the user. In this case, scraping the database is anomalous behavior and could have resulted in the user being kicked out of the system before causing more damage.
Author
Jennifer Tullman-Botzer is a cybersecurity nerd by day and a history nerd by night. She has over a decade of experience in cybersecurity marketing and is as tired as you are of hackers-in-hoodies stock images. Jennifer joined Cyolo in 2021 and currently serves as Head of Content. Prior to Cyolo, she worked in a variety of marketing roles at IBM Security. She lives in Tel Aviv, Israel.