3 Real-Life Cybersecurity Incidents… and What They Can Teach You
Before getting into the gritty details, let us first acknowledge that no one—be it an individual or a business—likes being “made an example of” in front of an audience. Being the victim of a cyberattack is painful in a number of ways, not the least of which is the public embarrassment or stigma associated with data breach. Our aim in this article is not to place blame, but to highlight the valuable lessons that other businesses can learn from these real-life incidents.
Incident 1: Malicious Web Browser Update
A large insurance company with a nationwide presence was the victim of a ransomware attack that began with a social engineering scheme. The threat actors created a fake web browser update that was delivered through a legitimate website, and after successfully tricking a single employee into clicking on the fake update, they were able to breach that employee’s workstation.
From there, the threat actors moved through the company’s systems, disabling security monitoring tools, deleting backups, and encrypting data throughout. In compliance with ransom demands by the attackers, the company reportedly paid $40 million to obtain a decryption key and to prevent public release of employees’ sensitive data, which threat actors claimed to have stolen.
What Can Be Learned:
- As with many cyberattacks, this one highlights the importance of employee security awareness training, as a simple employee error opened the door to an extensively damaging attack and data breach.
- Another key point is that before launching the ransomware attack in full, the threat actors located and destroyed backups. This illustrates the importance of business continuity and disaster recovery strategies that include offsite backups that attackers cannot access from inside the company’s network.
Incident 2: Ransomware Attack
The next cybersecurity incident involved a regional hospitality business with about 2,700 employees, that operates a collection of music venues, restaurants, and hotels in the Pacific Northwest. In late 2021, the company’s employees found that they could not access digital files as usual—the result of a malware infection. As soon as the company identified the problem, they shut down key systems to prevent the attack from progressing. The immediate effect of the attack was that they were unable to use any point-of-sale machines, and online access to functions like room reservations was immobilized.
The long-term issues have cut deeper, however, as the ensuing investigation revealed that the threat actors accessed sensitive employee information (e.g., social security numbers), which could be used in identity theft, from thousands of employee records that spanned decades. On top of this, employees have filed a class action lawsuit against the company, alleging that insufficient cybersecurity measures allowed the ransomware attack to happen.
What Can Be Learned:
- The downtime the company experienced is a common side effect of cyberattacks, which demonstrates the importance of planning ahead with business continuity strategies to ensure that critical infrastructure remains operational in a crisis situation.
- Although reports to date have not explained the root cause of this ransomware attack, what this case makes clear is that post-attack lawsuits are a reality. In such cases, being able to show due diligence to protect sensitive data before an attack occurs is important. Conducting cybersecurity risk assessments and using a multi-layered cybersecurity strategy that addresses threats from a variety of angles are helpful strategies toward this end.
- Cybersecurity risk management assessments may also be useful in qualifying for cyber insurance, which can help with business and legal costs associated with cyberattacks.
Incident 3: Spear Phishing/Business Email Compromise
In a world of ever more sophisticated, technology-based cyberattack vectors, it is easy to forget about the more basic cyber scams. But they’re still in use and still a threat. As an example, consider the business email compromise (BEC) attack that befell a small construction company in Texas.
The company received an email from what they thought was one of their contractors. The email said that they were having problems receiving payments, and it asked that payment instead be mailed to a different address. What the company didn’t notice was that the sender’s email address had been spoofed, meaning that it looked very similar to an actual email address from the contractor, with only slight differences. Unfortunately, the construction company dutifully sent a check for $210,312 to the BEC attackers before learning that the request was not legitimate.
What Can Be Learned:
- Employee security awareness training on a routine basis is paramount. Spoofed email addresses use subtle substitutions to make them easy to miss, and employees need to be sensitized to this threat to make sure it doesn’t slip through.
- When in doubt about an email’s authenticity, reach out directly (don’t reply to the email) to the ostensible sender to verify.
These are just a few real-life examples of cyber incidents that in their different ways have been very costly to the businesses victimized. Taken together, these stories illustrate the importance of protecting access to your systems through strategies ranging from employee awareness training to strong password policy to multi-factor authentication.
Should threat actors navigate past these barriers, solutions that can detect malicious activity and limit access within your network (e.g., SIEM, IAM) are important in slowing threat actors down. Finally, resilience strategies are important for ensuring that critical systems keep running and that backups are maintained where threat actors cannot reach them, keeping them safe from loss or destruction.
Is your business doing all it can to manage cyber risk? Our cybersecurity experts can help.
The descriptions of cyber incidents in this blog post are based on actual events, but identifying information has been omitted out of respect for the businesses affected.