A data breach has the ability to quickly ruin an organization’s reputation.
Employees, clients, and customers trust businesses with a lot of sensitive data as well as non-personally identifiable information.
To guard data, companies have invested in many security solutions that are waiting for a malicious activity designed to block and mitigate threats.
However, the best defense is a good offense.
How to approach security actively instead of passively?
Companies that are serious about cybersecurity have also invested in breach simulation — a solution that automatically and continuously tests the security to uncover suspicious activity and weaknesses in the network.
Here, we take a look at some of the latest data breaches and incidents that compromised valuable information — including Coinbase, Activision, and the U.S. Department of Defence.
What happened, could the thorough testing of the systems help, and what can other organizations learn from these incidents?
Fighting Phishing with Breach Simulation
Most data breach cases begin with a phishing scheme. They can occur via text messages, phone calls, or emails.
Phishing is an old social engineering technique that relies on human error and psychological biases. Criminals use triggers such as fear and anxiety to influence the victim to take action.
As a result, even trained professionals are not immune to more sophisticated phishing attempts. Less tech-savvy team members could either give away their credentials or make wire transfers directly to the criminals’ accounts.
Activision Phishing Case
On December 4, 2022, threat actors targeted the video game publisher known as Activision. One staff member received a phishing SMS that enabled the threat actor to access numerous spreadsheets containing employee data.
The information includes corporate email addresses, telephone numbers, and names.
The incident confirmed on February 20, 2023, wasn’t revealed to workers before that. Activision claims that the phishing has been resolved quickly, and no sensitive employee data was revealed in the breach.
How could the BAS tool aid in preventing the breach?
It’s automated to scan and test security on repeat. Also, it’s regularly updated to evaluate security against the attacks described in the MITRE ATT&CK Framework.
Versatile types of phishing and techniques that are often combined with it are depicted in this knowledge base.
Preventing Further Lateral Movement
There are many ways bad actors can access employee credentials and get illicit access to the system. Once they do, it’s necessary to prevent further access to the account — also known as deeper lateral movement.
Some of the common techniques that threat actors rely on to gain employee credentials include:
- Phishing schemes (persuading the person to reveal a password by impersonating someone else, such as a boss or a bank employee)
- Data that has been revealed in previous data breaches and then subsequently purchased on hacking forums or the dark web
- Hacking of passwords that are not strong and can be easily guessed
Therefore, initial unauthorized access can happen even for companies that have otherwise layered and stern security systems.
How can breach simulation prevent lateral movement after the hacker gets their foot through the door?
Let’s take a look at the Coinbase breach.
Coinbase Data Breach
On February 5, 2023, several Coinbase employees received an SMS urging them to follow the link. One employee logged in to the account through the provided link and revealed the credentials to a hacker behind the screen.
Here, we’re talking about the smishing attack (phishing via SMS phishing).
Cybercriminals managed to bypass multi-factor authentication and get deeper access to the company’s network.
According to the company’s statement, some of the employee data was exposed in the data breach.
How could breach simulation aid in this case?
Breach and Attack Simulation is designed to continually scan the attack surface and it can thus detect patterns that don’t match the normal day-to-day activity of a company.
In combination with other security tools and protocols, it provides another layer of protection that guards the business against hacking.
Preventing Detrimental Cloud Misconfigurations
Human errors aren’t exclusive to poor security practices of unsuspecting employees.
They can also refer to mistakes made by tech-savvy teams who are setting up systems such as the cloud.
Besides more attacks, complex multi-cloud environments increased the ever-growing attack surfaces of businesses.
Different cloud components, often provided by versatile vendors, have been integrated into a single architecture.
If the glitches and mistakes in their configuration aren’t discovered in time, they can leave a gaping vulnerability in security.
The U.S. Department of Defense Exposed Data
Since February 8, 2023, and up to the last weekend, the U.S. The Department of Defense’s mailbox server has been exposed online.
A security researcher discovered the published server. At the time, the cloud wasn’t protected with a password.
For two weeks, the cloud on which sensitive military emails were stored was publicly available due to the misconfiguration of the cloud component.
BAS, which runs in the background 24/7, could have performed a simulated breach, uncovered this major flaw, and aided security teams in fixing the issue early.
Conclusion
To prevent data theft and avoid cyber incidents that result in leaked sensitive information, it’s necessary to think about it beforehand.
While most companies have a large number of security points that protect versatile devices used for the business, whether they truly work has to be challenged at all times.
Breach simulation tests the security at all times to find the gaps that could lead the malicious hacker right into the organization.
It’s automated to repeatedly scan and test the security against common and persistent threats such as phishing.
Follow Techdee for more!