Wednesday 15 July 2020 saw the compromise of multiple high-profile Twitter users, including cryptocurrency exchanges, famous individuals and organizations, with their accounts subsequently being abused to Tweet cryptocurrency giveaway scams.
The 2019 data breach at luxury hotel chain MGM Resorts appears to be much larger than originally reported after researchers recently found 142 million hotel guests’ personal details for sale on the dark web. Last summer’s data breach was initially reported to impact 10.6 million hotel guests after hackers were able to gain unauthorized access to a cloud server.
This blog was written by an independent guest blogger. In the age of the internet where everyone has a mobile phone and multiple social media profiles, one phrase has become synonymous with doom and dread - data breach. It seems like these breaches have become a regular occurrence in modern society. Small businesses may be particularly susceptible to security hacks, but even large corporations are not immune.
During the Investigation of a Suspicious Security Critical Event alarm, we discovered credentials had been dumped from the NTDS.dit, which is a database that stores Active Directory data, including password hashes for all users in the domain. By extracting these hashes, it’s possible for an attacker to use tools to gain access to user’s passwords, which allows them to act as any user on the domain, including the administrator.
We’ve always been vocal about the imminent threat of breaches and propagated the message that irrespective of the size of your business, the industry you’re in, or your geography, you can be subject to a security breach. And unfortunately, history repeats itself often. On May 11, 2020, Nippon Telegraph & Telephone (NTT), a large telecommunications company, revealed that attackers may have stolen data from its internal systems, affecting over 600 customers.
Misconfigurations are often seen as an easy target, as it can be easy to detect on misconfigured web servers, cloud and applications and then becomes exploitable, causing significant harm and leading to catastrophic data leakage issues for enterprises like the 2019 Teletext exposure of 530,000 data files which was caused by an insecurely configured Amazon Web Service (AWS) web server.
In 2020, the chances of falling victim to data breaches are increasing. Keeping customers in the loop can be costly, time-consuming but very necessary and important to help prevent loss of personal data and decrease the risk of fraud. Cyber-attacks and data breaches can rarely be kept quiet and if the incident occurs at a high profile organisation, it’s only a matter of time before it makes the news.
EasyJet, CapitalOne, British Airways and Marriott are all huge companies with equally large budgets. Another thing they have in common is they all fell victim to a serious data breach, costing them hundreds of millions of pounds. If the major players with a lot of resources to devote to cyber security still get hacked, do SMEs with limited budgets stand a chance? It’s a dramatic question, so let’s explore the answer.
