As 2021 came to a close, there was little doubt that 2022 would be another year of ever-escalating cyber attacks. Unfortunately, this has indeed proven to be the case. Which attacks made the biggest headlines so far in 2022? In this blog post, we review the largest and most impactful cyber incidents of the quarter, and explain how implementing a security strategy founded on zero trust can help prevent them from recurring.
In January sportswear manufacturer Puma was hit by a data breach following a ransomware attack on one of its suppliers, the workforce management service provider Kronos (unrelated to the Kronos banking malware). Kronos was attacked by ransomware in December 2021, and the following month personally identifiable information (PII) belonging to Puma’s employees was stolen from the Kronos Private Cloud environment. It is estimated that more than 6,600 Puma employees had their data stolen.
The Kronos Private Cloud security is based on a firewall. Firewalls are a primary component of the legacy castle-and-moat security approach. In this security model, anyone who is able to enter the perimeter can gain access to all the information within it. The zero trust approach, by contrast, is identity-based rather than perimeter based. In zero trust, the perimeter is irrelevant, and users are authorized based on their identities, not their network origin. Users also undergo continuous authorization to check for suspicious or unusual activity. Had zero trust access policies been in place at Kronos, an attacker who managed to access the private cloud would still have required authorization before being granted access to private employee information. This extra verification step could have blocked the data breach and protected Puma.
In February 2022, it became publicly known that CVS Pharmacy was breached by an unauthorized party. The attackers gained access to network servers and obtained PII for more than 6,000 people, including private health information.
Zero trust cloaks the network and prevents visibility into network components. This means that attackers cannot progress laterally and gain access to servers, unless they are explicitly authorized to do so. This authorization takes place through advanced methods, like multi-factor authentication (MFA), verification of device posture, biometric authentication, and more. The added step of authorization reduces the risk of unauthorized users' gaining access to servers or other critical systems. In addition, the monitoring and recording capabilities of zero trust access solutions like Cyolo enable incidents to be tracked, limiting the blast radius.
Data extortion group Lapsus$ accessed and leaked confidential information belonging to Samsung, possibly containing source code of Galaxy phones. Nearly 190GB of data were stolen and are available to the public via a torrent.
Source code is among Samsung's most sensitive assets. Developers of course need convenient access to source code and production environments in order to keep the business productive. However, strong security controls are also needed to prevent developer access from creating added risk for the organization. Securing source code from external access through zero trust enables developers to access production environments (or any environment) without having to change the company’s overall security policies or increasing its risk level.
In January 2022 it was reported that the Maryland Department of Health had suffered from a ransomware attack the previous month. As a result of the attack, residents were not updated about Covid metrics and were unable to access important healthcare data. The ransomware also locked admins out of the systems. The state of Maryland did not pay the demanded ransom and was able to regain access to its systems after two weeks.
The zero trust security model ensures that unauthorized users are not able to access sensitive resources, including resources that control admin accounts and could potentially grant an attacker access to the entire network. In the unlikely event that an attacker is able to gain admin credentials, for instance through phishing, authorization methods like MFA and device health validation would prevent them from gaining access to all the admin’s capabilities and from moving laterally to other sensitive resources.
In March 2022 it was revealed that a third-party customer success engineer had had their computer accessed for a five day period in January by the cyber-gang Lapsus$. According to what has been published, it seems like the blast radius of the attack was limited and no customer code or data was accessed or leaked. However, some of Okta’s customers may have been impacted, and they were encouraged to practice vigilance.
Okta is the authentication broker for many companies, large and small. Unfortunately, if Okta itself is breached, this can spell trouble for its many customers. Cyolo acts as an extra security layer between Okta and all applications (including those not secured by Okta). This allows all apps, devices and users to be secured from a single location in a frictionless manner. In addition, Cyolo does not store any sensitive customer data, so customers are not at risk in the case of a vendor breach.
The reality in 2022 is that fully avoiding cyber attacks is difficult if not outright impossible. Most modern business rely on technologies and digital infrastructures as lifelines of their business, and this creates a certain level of cyber risk. But with proper security controls like zero trust access, businesses can significantly minimize the impact of an attack.
To learn how more about how Cyolo can help you lower cyber risk and achieve your business goals, schedule a demo.
Jennifer Tullman-Botzer is a cybersecurity nerd by day and a history nerd by night. She has over a decade of experience in cybersecurity marketing and is as tired as you are of hackers-in-hoodies stock images. Jennifer joined Cyolo in 2021 and currently serves as Head of Content. Prior to Cyolo, she worked in a variety of marketing roles at IBM Security. She lives in Tel Aviv, Israel.