Multiple Data Breaches Tainted the Much-Awaited Arrival of 2021!
During the hustle and bustle of transitioning into a new year and leaving the old one behind, cyber criminals have been the most active of all. From vicious ransomware attacks to stealthy data breaches, the past couple of months have been very challenging for IT security.
Many had hoped that the new year would bring some relief from the onslaught of these attacks. However, this hope proved fruitless as the first month of 2021 was marked by several disruptive data breaches.
Major Data Breaches Witnessed in January 2021
Hearing about how a cyber attack can bring a giant organization to its knees is quite unsettling. However, it is essential to keep track of the latest attacks and learn from the mistakes of the others. So, here is a list of some major data breaches that were reported in January 2021:
The SolarWinds Hack
Counted amongst the biggest hacks reported in the world, the SolarWinds hack affected the US Department of Homeland Security, State Department, Defense Department, National Institutes of Health and the Department of Commerce and Treasury. Threat actors are believed to have exploited the vulnerabilities in widely used software SolarWinds to execute this attack.
As per the latest findings, hackers used Sunspot, a StellarParticle’s malware to insert the Sunburst malware into SolarWinds Orion software update. Sunspot was deployed into SolarWinds’ build environment for monitoring running processes.
Also, researchers have unearthed several similarities between the Sunburst malware and a backdoor associated with the Turla APT group, which is widely believed to be sponsored by the Russian state.
NZ Reserve Bank Data Breach
On 10th January 2021, NZ Reserve Bank disclosed that threat actors had compromised its File Transfer Appliance. File Transfer Appliance is a third-party file-sharing service from Accellion, which is a company based in Palo Alto, California. The bank used the compromised service for sharing sensitive information with stakeholders.
Reportedly, the breach was contained on time but the threat actor potentially accessed commercially and personally sensitive information. It is still unclear how many customers have been affected by the breach. This data breach is a clear indicator that the banking industry is facing a surge in cyber security challenges.
Leaked Pixlr User Records
Bleeping Computer reported that a hacker called ShinyHunters has leaked 1.9 million Pixlr user records on a forum. These records can be used to execute targeted spear-phishing and credential harvesting attacks. Also, the threat actor claimed that he stole this data from Pixlr while he breached the 123rf stock photo site. Both Pixlr and 123rf are owned by Inmagine.
Allegedly, the leaked Pixlr data posted by ShinyHunters consists of 1,921,141 user records including the users’ email addresses, SHA-512 hashed passwords, login names and country. ShinyHunters is an infamous hacker renowned for hacking into websites and selling the stolen user data. ShinyHunters is held responsible for data breaches at Homechef, Tokopedia, Minted, Dave, Chatbooks, Promo, Wattpad, Mathway, etc.
Precision Spine Care Data Breach
A Texas-based spinal care centre named Precision Spine Care issued a warning of a potential data breach. As per the report, threat actors remotely accessed the email account of an employee and attempted to siphon company funds. The organization became one of the first healthcare companies in the US to flag a potential data breach in 2021.
There is no evidence that any information was accessed. However, the filing on the US Department of Health and Human Services’ breach portal indicates that more than 20,000 individuals were potentially impacted. This data breach is just another reminder of the growing significance of cyber security in the healthcare industry.
Ubiquiti Third-party Data Breach
Ubiquiti, a Networking and Internet of Things (IoT) vendor has advised its customers to reset their passwords after suffering a data breach, which was blamed on a third-party cloud provider. The company sent emails to warn its customers that a third-party cloud provider may have accidentally exposed customer account information.
Ubiquiti is urging its customers to enable multi-factor authentication and change their passwords in response to this breach. It has been indicated that customer details like names, phone numbers and email addresses have been exposed.
How to Protect Your Organization Against Data Breaches?
Data breaches can do more than just steal sensitive data. These attacks can severely damage your reputation and endanger your relationship with your customers. Consequently, it is becoming increasingly essential to take appropriate measures for safeguarding your data from malicious actors.
So, here are a few effective ways of keeping your data away from the prying eyes of cyber criminals.
- Keep your software and systems up-to-date with the latest security patches and updates. Continuous evolution and development of your organization’s security framework is necessary to keep pace with the evolving cyber threat landscape.
- Backup all your company data in a safe external hard drive or a system separated from your existing network. Make sure that you have a reliable offline storage and restoration option.
- Conduct periodic Vulnerability Assessment and Penetration Testing (VAPT) to identify any weakness or vulnerability in your organization’s IT infrastructure. By identifying these vulnerabilities and patching them immediately, you can mitigate the risk of suffering a cyber attack.
- Make sure that all your third-party vendors are strictly complying with all the privacy laws and security protocols. Increasing third-party access procedures, technology and training is essential to reduce the threat posed by a third-party vendor.
- Generate cyber security awareness amongst employees. Utilize innovative cyber attack simulation tools like ThreatCop to educate employees about prevalent cyber threats. Form a strong first line of defence against malicious attacks by training your staff in the basics of cyber security.
Customers hand over their data to the organizations, trusting them to keep it safe and secure. Hence, it is every organization’s moral responsibility to take every possible step for keeping this data safe at any cost. So, learn from the others and take the necessary precautions before it is too late.