Experiencing a cyber attack or security breach? Contact Incident Response Team!

March 17, 2022 Cyber Best Practices

Immediate Steps to Take During This Time of Increased Cyber Activity

Lou Rabon CEO
immediate steps to take during increased cyber activity

Advancements in AI technology are just as common in the news headlines as new cyber attacks. Cyber criminals are showing off their strength in every battlefield available to them – literally and figuratively. The last few years have seen cyber attacks rise on businesses in all sectors as well as cyber attacks becoming key parts of today’s modern warfare.

From small businesses and large organizations, to tech companies and the healthcare space, and even some of the most sophisticated governments in the world – it’s clear that no one is safe. It seems the most repeated motto in cybersecurity continues to reign true – It’s not if you’ll get attacked, but when.

Because of the rise of bad actors breaking into systems, it is even more prudent than ever to consider how your organization, no matter the size, can prevent cyber attacks.

To look forward, you must look backwards

You may not have believed your 9th grade Civics teacher, but it is true, we can learn a lot from history, and if the recent cyberattacks have anything to show, it’s that some of the most basic security steps are the most important in cyber attack prevention. So, let’s review just a few cyberattacks of 2024 to understand how hackers gain access.

Change Healthcare

Healthcare has become a target for hackers, as healthcare organizations typically hold sensitive data and they don’t always have the best security measures in place. Change Healthcare, owned by UnitedHealth, experienced a cyberattack that “started when hackers entered a server that lacked a basic form of security: multifactor authentication,” according to the Associated Press, adding that “UnitedHealth quickly disconnected the affected systems to limit damage and paid a $22 million ransom in bitcoin.”

To enable multi factor authentication on operating systems and software isn’t always free, but it never costs $22 million either. Multi factor authentication, as well as strong passwords, are today’s cybersecurity basics and a must.

Snowflake

Snowflake, a cloud service provider, offering data storage, processing, and analysis, was hacked in 2024. The Snowflake hack is fitting for it’s name because it has certainly had a snowball effect; as time goes on the hack seems to have more and more repercussions. At the time of this article, “As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign.” Mandiant, owned by Google, is helping Snowflake in it’s incident response measures. Interestingly enough, “the attacks, Mandiant pointed out, have become hugely successful due to three main reasons: A lack of multi-factor authentication (MFA), not rotating credentials periodically, and missing checks to ensure access only from trusted locations” (The Hacker News).

Like the Change Healthcare attack, the need for MFA and secure password protocols is highlighted again.

AT&T

The Snowflake cyberattack was not limited to it’s own organization. As time goes on, we are seeing more and more organizations being compromised and the origins point to Snowflake. Reuters reported that after the March AT&T hack, AT&T claimed that, “its call logs were copied from its workspace on Snowflake.”

Although hindsight is always 20/20, AT&T (and many other) hacks highlight the necessity of third-party risk management. This risk management will not protect you 100% from risk associated with that organization, but it can point out glaring security vulnerabilities and help you better understand if a third party has access to yours (or your customers’) sensitive information and what they do with it.

Ticketmaster

Live Nation, the parent company of Ticketmaster, was “victim of a cyber attack that compromised user data” in May 2024 (ABC News). It was reported by PBS that the culprits of the attack were “seeking $500,000 for the data, which reportedly includes names, addresses, phone numbers and some credit card details of millions of Ticketmaster customers.” At the time of this article, it is not 100% certain what caused the breach, but what is clear is that customer information was stolen and compromised.

SolarWinds

The SolarWinds attack in 2020 is still being felt and talked about four years later in 2024. While the attack was more than a situation of stolen credentials, good cybersecurity practices may have protected the company from the hack that installed malicious software onto it’s Orion platform. Security magazine reported that “CISA says a firewall blocking all outgoing connections to the internet would have neutralized the SolarWinds malware.” The article also notes, though, that to have anti malware software on all systems would “require a substantial investment in human and technical capital to create and maintain.”

The SolarWinds hack proves that although cybersecurity, especially for huge organizations, are a heavy lift in terms of cost and man power, it is something that needs to be prioritized within organizations.

What can we learn?

The five highlighted attacks above are no where near all of the cyberattacks that have occurred thus far in 2024, and with the global average cost of a breach in 2024 coming in at $4.4 million, it’s clear that investing in cybersecurity is necessary to help avoid, or at least minimize, cyber attacks (IBM).

Part of that investment process is through good cybersecurity practices throughout the company. In decades past, the need to control physical access to servers was a key necessity. Now, with a movement towards cloud storage, good cyber hygiene is also essential because one robust security solution is just simply not enough anymore. Thinking about the learnings from above and other good practices, some strategies to consider include:

  • Train employees on cybersecurity best practices.
  • Ensure software and system updates.
  • Limit employee access to necessary data only.
  • Incorporate strong passwords and multi-factor authentication.

Kinds of cyber threats

After setting up the picture of how prevalent cyber attacks are in 2024, it’s important that IT departments and employees are always on the lookout for unusual behavior or emails. Some threats to be especially aware of include:

Wiper malware

Destructive routines that are spread through multiple means, usually worm-able and able to evade detection and erase information with no possibility of recovery.

Distributed Denial of Service (DDoS or DoS) attacks

This could consist of large amounts of legitimate-looking traffic or it could be outages caused by critical vendors that are affected by malware or DDoS.

Third-party risk

Any environments which are connected to environments affected by these cyber attacks, or third parties (vendors) that your organization relies on to provide goods and services.

Ransomware

Always a threat, but particularly now with increasing economic sanctions against Russia, a counter-attack could include an increase of ransomware attacks. Nearly 74% of ransomware revenue in 2021 has been traced back to Russian hackers.

Organization specific suggestions

Depending on the size of your organization, what type of data and where your data is stored, and what kinds of resources you have available, there are different steps you should take. Here are some suggestions for mature organizations and organizations without a security team:

Mature organizations:

  • Review your Disaster Recovery/Business Continuity Plan (DR/BCP).
  • Review your Vulnerability Management metrics.
  • Conduct a risk assessment.

Organizations without a security team:

  • Engage an outside cybersecurity firm for expert advice.
  • Create a rapid asset inventory and determine critical assets.
  • Create a rapid third party risk register for all critical vendors.
  • Review and test backups.
  • Review patch levels across all critical assets and patch ASAP, especially internet facing endpoints, especially firewalls and routers.
  • Conduct a risk assessment.
  • Put additional detection and monitoring resources in place, especially on internet-facing endpoints.
  • Join the Information Sharing and Analysis Organization (ISAO) for your organization to get quick Indicators of Compromise (IOCs).
  • Use CISA’s (Cybersecurity Infrastructure Security Agency) “Shields Up” program has detailed guidance for corporate leaders and organizations as well as a list of resources.

How an outside security team can help

Outside cybersecurity teams offer the following services that can help shield your company from cyber threats immediately:

  1. Risk and Compromise Assessments
  2. MDR (Managed Detection & Response) & Cloud Security Consulting Services
  3. Penetration Testing
  4. Virtual CISO (vCISO) Services
  5. Agile Security Team Augmentation

Now is not the time to cut corners on your cybersecurity budget. Now is the time for vigilance. The endgame of cyber attacks will be organizational disruption and shutdown. If you were seeking justification for additional investment in your security program you should now have it. The advantage of investing to protect your organization is that you’ll be more resilient against future threats, such as ransomware, which are increasing in frequency and could be a side-effect of this conflict. If you are looking for guidance on how to prevent cyber attacks on businesses and to increase your cyber posture, contact Cyber Defense Group for a free consultation.

Take the first step towards cyber resilience.

Get a security assessment today!

Get in Touch