By Florian Riederer
I hope you all have had refreshing holidays and a good start to the new year. While considering our security priorities for this coming year, it’s useful to take a look back at 2021 to review some of the highest-profile and impactful breaches that our industry experienced. With that in mind, I’ve prepared a short retrospective on five significant security breaches that occurred over the past year.
Kronos is one of the largest HR-related firms whose software provides for essential employment timekeeping and payroll for many small and large organizations around the world. On December 13th, they announced a ransomware incident on the Kronos Private Cloud affecting some of their solutions. While the incident was confined to a limited number of customers, Kronos said that it could take several weeks until the issue, and the resulting outage, would be resolved. Additionally, customer employees may have also had personal data exposed and exfiltrated as part of the attack.
I wrote a deep dive into the Twitch breach a few months back as it happened. In a significant data breach, about 125GB were publicly posted including confidential business information, including Twitch’s payout to streamers, information about products currently in development, and source code on the website. Based on publicly available information, the attack does not appear to have been carried out by a known, or organized threat group as there was not a clear attempt by the attackers to profit off of the data breach.
The August breach of T-Mobile customer data highlights some ongoing doubts about the organization’s security posture, having been the severest breach after several smaller, but significant incidents over the past four years.
T-Mobile also ended up having to defend at least three lawsuits because of this breach, where personal identifiable information – including social security numbers of 48 million T-Mobile customers was leaked. That’s over a third of T-Mobile’s customer base. A Turkish-American hacktivist John Binns, claimed responsibility for the breach, as retaliation for past mistreatment by US law enforcement.
By far the security incident that caught the most public media attention this year, the ransomware attack on the Colonial Pipeline highlighted how vulnerable some of our physical infrastructures can be to cyberspace-based attacks, underlining the need for IoT security in organization’s networks, more broadly. The attackers, believed to be associated with a Russia-based threat group, DarkSide, got access through a compromised password of a VPN account for an inactive user, highlighting the importance of maintaining up-to-date access and privilege management in place. On receiving a ransom notice request, Colonial Pipeline shut down the pipeline as a precautionary measure. While later examinations indicated that the attack did not compromise Colonial Pipeline’s operational software, they did end up paying a $4.4 million ransom to prevent 100GB of stolen data from being leaked by the hackers.
In 2022, our commitment to connect your organization with the solutions, knowledge, and resources that matter is unwavering. Reach out today to set up a 2022 security planning meeting.