Cyberattacks are big news in today’s media. From large-scale data breaches in tech companies to stolen government data, we see many of these attacks on the news cycles 24-7 when they occur. And with good reason! Cyberattacks cost businesses millions of dollars in forensics, lawyer fees, data recovery costs, patching lapsed infrastructure, and reputational damage. But what can we learn from each of these attacks? We looked at 6 of the biggest cyberattacks in the past ten years, so you can not only understand what happened with each but learn how to prevent that attack from happening to you.
1. WeWork Network Vulnerabilities
WeWork opened in 2010 in Manhattan for everyone from freelancers to Fortune 500 companies to have a space to work. Their collaborative environment offered everything from WiFi and printers to break rooms and meeting spaces. Sounds great on paper, right? Unfortunately, their improper network planning led to data breaches for over 200 companies and 658 separate devices.
WeWork boasts “super-fast internet” for their clients, but security is nowhere to be seen. Everyone worked off the same public WiFi. Security offerings such as VLANs or VPNs were either reserved for high-paying clients or not offered at all. Beyond the astronomical amount of data left out in the open for hackers to easily take, it was one of the factors which led to a sharp valuation drop for WeWork, their CEO resigning, and the pulling of their planned IPO.
What we can learn:
We dove into this hack in further detail in our article Safe and Secure: 5 cybersecurity lessons from WeWork. The main takeaway is that you should never cut corners with your network. A well-built network will have firewalls in place, data encryption, and utilize VLANs to partition your network by device type. From WeWork, we can also learn the importance of partnering with an MSP (managed service provider). An MSP will not only set up your network but protect your devices as well. These protections include endpoint monitoring tools, backup services, and disaster recovery plans.
2. Kaseya Supply Chain Ransomware Attack
As we’ve discussed in our article, Our five biggest takeaways from the IT Nation Secure conference, hackers are adapting their targets from individual companies or users to MSPs. While often protected more than most, a successful attack on an MSP can yield far larger results. The Kaseya ransomware attack is a perfect example of this.
On July 2nd, 2021, Kaseya, an IT solutions provider, announced that they had been hit by a supply-chain ransomware attack. They urged their clients to shut down their servers immediately. Hackers had leveraged vulnerabilities in their VSA software to circumvent authentication controls, upload malicious malware, and push ransomware to Kaseya’s users.
Kaseya initially put out the messaging that their SaaS customers were “never at risk.” They downplayed the impact on clients. In contrast, Sophos VP Ross McKerchar said, “This is one of the farthest-reaching criminal ransomware attacks that Sophos has ever seen. Our evidence shows that more than 70 managed service providers were impacted, resulting in more than 350 further impacted organizations.” While the full scope of damages this attack created are still being determined, the lessons we can learn are apparent.
What we can learn:
Don’t put all your eggs in one basket. If you count on one tool to provide all of the protections for your system, you could find yourself unprotected in the case of a supply chain attack. At TSP, we like to use swiss cheese to illustrate the importance of this. While one slice of swiss cheese has multiple holes, by layering slices on top of each other you can eliminate these holes. To apply this logic to our support stack of software, we know that if Sophos ever fails, we have Watchman Monitoring backing it up. Should Watchman Monitoring ever fail, we have Cisco Umbrella behind that. By investing in a diversified support stack of software, we can eliminate risks for our clients.
3. Colonial Pipeline Lost Password Ransomware Attack
$4.4 million lost, a national gas price surge, and shortages that shut down fuel stations. Seeing these impacts, one of the last culprits you’d suspect is a ransomware attack. After all, how could a cyberattack impact fuel? On May 7th though, the world got a glimpse at the fact that cyber criminals are willing to go after anyone in their attacks. An employee working in the Colonial Pipeline Company’s control room saw a ransom note demanding cryptocurrency in the amount of 4.4 million dollars. The hackers had gained access to their system and stole 100 gigabytes of data, all from one compromised password months prior.
Out of an abundance of caution, Colonial made the decision to shut down its gasoline pipeline system for the first time. The shutdown lasted five days, during which Colonial paid the ransomware fee and ensured that none of its actual pipeline (over 29,000 miles) was damaged. While the cost of this to Colonial clearly exceeds the $4.4 million they paid, the real impact was on national fuel supply as the 2.5 million barrels of fuel that Colonial transports daily were put on hold.
What we can learn:
Just because you’re not a tech company doesn’t mean you aren’t at risk of a cyberattack. You also might think that passwords lost in a completely unrelated data breach might not matter, but think again. If you don’t have any policies or ways to make sure that staff isn’t reusing the same passwords across many services, then a lost password could cause your company massive damage.
4. Florida water system TeamViewer attack
In February of 2021, a water treatment facility in Oldsmar, Florida fell victim to a computer breach. Upon gaining access, the intruder increased the amount of sodium hydroxide in the water by a factor of 100. This could have caused severe sickness and death throughout the city had it not been caught in time. How did the hacker gain access to such crucial controls?
An unused computer in the facility, running Windows 7 with no firewalls in place, and using an old password was still on the network. Hackers easily gained access to the outdated device, and used this to access the entire network. While this attack didn’t gain as much media attention as others in this article, the potential damages are certainly the scariest, showcasing that cyber criminals go after more than just money.
What we can learn:
This lesson here is clear: an outdated device can put your entire organization at risk. If you have an old computer that hasn’t been wiped, a hacker can still turn it on and get onto your network. Just because no one is using it doesn’t mean it’s not a risk. On devices you are using, don’t ignore those security warnings that pop up, asking you to update your system. While they may not always come at the most convenient times, ignoring these updates for too long can be a big problem. These updates often include more than just bug fixes to a program you use. They usually contain patches to security vulnerabilities that are putting you at risk.
5. Target Credit Cards Hacked Through HVAC Contractor
This one is a bit older. But with an $18.5 million settlement, 47 states, and over 40 million credit and debit cards compromised, it remains possibly the biggest ever hack. What most people don’t realize though, is that this breach occurred due to a third-party HVAC vendor. Fazio Mechanical Services had been given network credentials when upgrading the refrigeration at Targets in Pennsylvania. Hackers took this information from the less-protected HVAC company and gained access to the credit and debit card records of anyone who shopped at Target from November through December of 2013.
What we can learn:
We mentioned network segmentation as part of network security earlier, but this one really hammers the point home. If you need to give network access to a third-party vendor for any reason, setting up a segmented network or VLAN is critical. This advice applies to more than just your business. Setting up your IoT devices in your home on a separate VLAN keeps your data protected. Learn more about this in our article “Why your home’s cybersecurity is more important than ever.”
We couldn’t write an article about the biggest cyberattacks and not include SolarWinds. Last spring, hackers believed to be directed by the Russian intelligence service, or SVR, used a routine software update to sneak malicious code into SolarWinds Orion software. This code was used as a vehicle for a massive cyberattack against America, compromising over 100 companies and government agencies. Heavy hitters in the digital world such as Microsoft, Intel and Cisco were hit, as were federal agencies such as the Treasury Department, Justice Department, and the Pentagon. The craziest part, though, this was done so stealthily that it went undetected for months. Security experts say that some victims may never know if they were hacked or not. To this day cybersecurity officials in the government are working to understand the true scope of this attack.
What we can learn:
Anyone and everyone is vulnerable. If CISA (the Cybersecurity and Infrastructure Security Agency) can be breached, any of us can. This isn’t meant to serve as a defeatist point or somber final point. It’s meant to highlight that disaster recovery protocols, business continuity plans, and educating your organization about what to do in the event of a cyberattack is part of strong cybersecurity defense. You can’t ever gain 100% protection against hackers. But you can ensure that they don’t bring down your whole organization when they do succeed.
Want to step up your cybersecurity protocols? Worried that your organization isn’t up to snuff in today’s digital world? Check out our cybersecurity services. We offer a unique cybersecurity audit. This compares your organization’s current preparedness against industry standards and gives you concrete steps to improve. Contact us today if you have any questions or would like to learn more about partnering with us for IT support.