As an IT professional, you’re well aware that threats are always developing and attackers are constantly looking for new ways to breach systems. Vigilance is key, but many breaches occur in ways that can be easily overlooked. It is critical to learn from events in the past in order to provide better security in the future. Here are three examples of recent attacks that can help inform your security measures as you move forward.
Review Privileged Accounts and Networks
In May of this year, a vpnMentor research team led by Noam Rotem and Ran Locar uncovered a huge data breach affecting a major global hotel chain. Unlike many past breaches, the attack didn’t target financial or guest information. Instead, it was focused on security logs: 85GB to be exact. While performing research, Rotem and Locar’s team discovered an unsecured server connected to the management company’s system.
The compromised data included server API keys and passwords, device names, IP address and geolocations of incoming connections, firewall and port information, local computer names and addresses (including alerts of which ones had no antivirus software), and even information about virus and malware detected on machines. There’s more, but you get the picture.
Takeway: In addition to protecting critical financial and personal information, it is crucial that you review privileged accounts and networks, including those for security systems, in order to reduce their attack surface. Additionally, never place sensitive information in the public cloud.
To Gain a Competitive Advantage, Secure Privileged Remote Connections
Also in May of this year, a major cloud solution provider discovered a breach that allowed hackers to access email and file sharing systems for some of PCM’s clients. The attack targeted administrative credentials used by PCM to manage client accounts in Office 365 and email sharing service hosted by Microsoft. According to one report, the attackers sought information that could be used for gift card fraud.
Takeaway: Cloud-based solutions offer a convenient and scalable way to outsource non-core business activities, but they come with their own risks that can scale just as quickly. As more and more managed services and cloud providers experience breaches, excellent end-to-end security by MSPs and cloud providers will offer a significant competitive advantage. To accomplish this goal, it is critical to secure privileged remote connections.
Protect the Management Plane for IOT Devices
Chinese firm Orvibo’s platform manages smart home appliances around the world, including in the US and UK. Earlier this year, vpnMentor discovered a publicly accessible database called SmartMate. vpnMentor found that the SmartMate database had no password protection — despite the database containing more than two billion logs related to about 2 million customers’ smart devices. Needless to say, this type of security vulnerability shows the incredibly large scope of data related to IOT.
According to ComputerWeekly, “The security implications are huge because these SmartMate logs record details including usernames, passwords protected only using the MD5 hashing algorithm without salt protection, account reset codes, and even the precise location of IOT devices belonging to individuals, hotels, and other businesses.”
Takeaway: To avoid these types of breaches, it is key to have an immediate response plan in place, as well as implementing strong protections for management connections that are internet-facing.
The Bottom Line
To avoid new types of attacks, you must implement strategies that get ahead of the attackers. This means reducing your attack surface with preventative solutions to not only decrease the probability of attacks, but to also make your vigilance more effective and focused. It also means maintaining vigilance across yours and your clients’ networks and making smarter decisions about when and how you use managed services. It is no longer enough to simply secure financial and personal information; attackers are getting more and more creative and IT professionals must stay one step ahead.
To learn more about how Vericlave can reduce the risks and costs associated with remote network management, read our post on Privileged Remote Management.