aum Posted January 24, 2020 Share Posted January 24, 2020 Data breaches peaked to an all-time high in 2019, growing at a never-before-seen rate. Data breaches scare everyone -- from governments and multinational corporations to the layman with no access to technology. Financial risks apart, the mere thought of your personal life being hung out to dry with such ease is enough to trigger panic attacks. However, the breaches witnessed last year were of a different species altogether, highly evolved from their predecessors. The numbers of disclosed data breaches spiked across the world, both in volume and occurrences, surpassing 2018 as early as August 2019. A significant proportion of data breaches disclosed last year were due to human error rather than attackers. However, they still qualify as data breach, even though unintentional, said Kumar Ritesh, chairman and CEO at CYFIRMA. He puts human errors under three broad classifications: intentional data breach/leak, also called insider threat; unintentional data breach/leak, such as an email sent to the wrong recipients with personal employee information; configuration mistakes, where sensitive data is left unguarded. The rise of ransomware has also contributed to data breaches, he notes. “Traditional ransomwares are financially motivated. They demand money after encrypting the file. However, they have started data exfiltration, where your sensitive files get taken out first and then encrypted. Money is demanded to decrypt it. State-sponsored groups have started to use this mechanism,” he explained. In any case, it is more or less a given that paying ransom does not guarantee the safe return of encrypted data, he agreed. Industrial cyber-espionage, which grew exponentially last year after nation-states started backing them, has significantly contributed to the rise in data breaches, he said. Mitsubishi Electric conceded on 20 January that they suffered a major security breach last year. Japanese dailies that reported the issue blamed China-backed cyber-spy group named Tick (a.k.a.Bronze Butler) for the incident. The threat group has been reportedly behind several similar incidents in Japan. “Industrial espionage has become a main vector, where state sponsored groups attack competing companies in other nations to support local companies in the same industry. We have witnessed multiple cases of this in the last six months aiming at intellectual property in industries such as advanced technology, manufacturing, cosmetics, food and beverages and retail,” he told SC Media UK. Disclosures like that happen only when the breach is discovered by researchers or journalists or when the data is leaked out by the cyber-criminals, noted Ritesh. “The actual breaches are almost five times of what is being reported. Given tha there is no regulation in Asia right now (requiring victims) to declare cyber-incidents or breaches, most of the organisations do not disclose cyber-attacks or breaches unless the incident has had a huge financial or reputational impact,” he said. “I am aware that several manufacturing and equipment companies in Japan, South East Asia and South Korea have faced a number of breaches, but the only a few got reported.” He is sure that the worst is yet to come. “2019 was a watershed year for cyber-security. Hackers gained momentum in finding new avenues to attack individuals, industries and nations as digital systems remained vulnerable with software programs and applications that are outdated, poorly configured, and laden with weaknesses,” he told SC Media UK. Threat actors showed a greater affinity for emerging technologies in 2019, with multi-pronged cyber-attacks being operationalised with increased usage of AI/ML. This trend will continue more aggressively in 2020, he warned. “Hackers have succeeded in automating reconnaissance or data collection or target profiling using AI/ML technologies, which means they are now capable of collecting all information using multiple techniques automatically and quickly,” he said. “In 2020, I suspect we will notice advanced automated cyber-attack using new technologies AI/ML as most of the state sponsored hackers are continuously trying to achieve greater accuracy, maximum impact with less effort and leaving no trace behind.” SC Media UK has collated the top 10 data breaches that came to light in 2019, ordered according to the number of documents leaked. Companies such as Facebook, which disclosed multiple data breaches, have been slotted under a single entry. The information was gathered from regulatory disclosures, news reports and our own reports published last year. 10. Mobile TeleSystems (MTS) Geography: Russia Documents disclosed: 100,000,000 Business: Telecommunications Cause: Misconfiguration/poor security 9. Justdial Geography: India Documents disclosed: 100,000,000 Business: Local classified search Cause: Unprotected API 8. CapitalOne Geography: USA, Canada Documents disclosed: 106,000,000 Business: Financial services Cause: Unsecured S3 bucket Read the SC report here. 7. Canva Geography: Global Documents disclosed: 140,000,000 Business: Online graphic design Cause: Hacked Read the SC report here. 6. Zynga Geography: Global Documents disclosed: 173,000,000 Business: Online gaming Cause: Hacked Read the SC report here 5. Microsoft Geography: Global Documents disclosed: 250,000,000 Business: Technology Cause: Data exposed by misconfiguration 4. Truecaller Geography: India Documents disclosed: 299,055,000 Business: Online telephone directory Cause: Unknown 3. Facebook Geography: Global Business: social network Breach 1 Documents disclosed: 540,000,000 Cause: poor security Breach 2 Documents disclosed: 267,000,000 Cause: poor security Breach 3 Documents disclosed: 1,500,000 Cause: Accidentally uploaded Read the SC reports on breaches 1, 2, and 3 2. First American Corporation Geography: USA Documents disclosed: 885,000,000 Business: Financial services Cause: Poor security Read the SC report here. 1. Australian National University Geography: Australia Documents disclosed: 19 years of data Business; Academic services Cause: Hacked Source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.