Contact Us

The 4 Horsemen of Data Breaches

The four horsemen of data breaches - phishing attacks, weak and stolen credentials, misconfigured cloud databases and services, malware and ransomware
15 Oct 2023

Data breaches can stem from a variety of reasons, but some consistently emerge as the most typical or common culprits. Breaches have evolved from isolated incidents to headlines that regularly dominate the news cycle. From deceptive phishing schemes to the sheer negligence of cloud configurations, the avenues for breaches are broad. With household names like LinkedIn and the UK’s National Health Service falling prey to cyber-attacks, no entity seems immune. In this post, we’ll delve deep into the four most common types of attacks associated with data breaches, providing real-world incidents that exemplify the gravity and repercussions of such vulnerabilities. Strap in as we navigate the treacherous waters of cybersecurity shortcomings.

Phishing Attacks

Phishing attacks involve bad actors masquerading as trustworthy entities to deceive people into coughing up their sensitive information like password or recovery questions. These attacks often employ emails, messages, or fake websites that mimic legitimate entities, aiming to capture login credentials, financial details, or other valuable data that could be used to gain authentication into systems. Phishing has also evolved to account for 2FA where people will “Vish” or “Voice Phish” to trick individuals into sharing sensitive information or performing certain actions over the phone.

Real-World Incident – 2016 Google Phishing Attack

In 2016, a massive phishing attack targeted Gmail users where attackers sent emails appearing to come from friends or colleagues. These emails contained a fake Google Docs link that led to a genuine Google login page. Once credentials were entered, they were captured by the attackers, giving them full access to victims’ emails and contacts. Phishing and Vishing are not only limited to the end users, one of the biggest hacks of 2023 was caused by a social engineering attack that targeted help desk employees by impersonating employees and requesting a password reset.

Weak and Stolen Credentials

Many breaches occur simply because individuals use weak passwords or the same passwords across multiple platforms. Once attackers obtain one password, they can potentially access various accounts.

Real-World Incident – 2023 T-Mobile Hack

The 2023 T-Mobile breach, where hackers gained access into internal systems through stolen employee credentials proving that 2FA simply isn’t enough to prevent credential stealing.

Misconfigured Cloud Databases and Services

As organizations move to cloud infrastructures, misconfigured databases, storage instances, or insufficient access controls can unintentionally expose sensitive data. This exposed data can be discovered and accessed by malicious actors using automated scripts.

Real-World Incident – 2019 First American Financial Corporation Data Breach

In 2019, a security breach involving First American Financial Corp., a leading U.S. title insurance company, was traced back to a design flaw in its website. This flaw exposed approximately 885 million records related to mortgage deals dating back to 2003. These documents were available without authentication to anyone with a web browser.

Malware and Ransomware

We’re talking about nefarious software designed to infiltrate and damage your computer systems. Ransomware, a subcategory of malware, encrypts the victim’s files and demands payment for decryption. Such attacks can cripple organizations, leading to data loss or significant ransom payments.

Real-World Incident – the 2017 WannaCry Ransomware Attack

The WannaCry ransomware attack in 2017 affected computers worldwide, encrypting data and demanding ransom payments in Bitcoin. It exploited a vulnerability in Microsoft Windows, impacting many organizations, including the UK’s National Health Service (NHS). The NHS had to cancel numerous medical procedures and appointments because of the attack. In more recent news, you have caught wind of the ransomware fiasco currently underway involving Scattered Spider and MGM. What a mess.

Don’t Become a Victim!

Each of these incidents demonstrates the importance of taking proactive cybersecurity measures, conducting regular security audits, and the necessity of user education to protect against evolving threats. While these are the most common causes, it’s crucial for organizations to recognize that the threat landscape is ever evolving. Regularly updating security practices, training personnel, and staying informed about the latest threats are all essential steps in minimizing the risk of a data breach.

You Might Also Want to Read