We’ve all heard of prominent companies who have been a victim of a data breach. Little to no attention, however, is given to organizations that narrowly avoided security-shaking catastrophe through good judgement, quick thinking or just plain luck.
This article covers four instances where a security breach was narrowly avoided and what helped prevent the disaster from happening. Read on, and you can learn from their (almost-) mistakes and quick thinking!
1. City of Las Vegas
Officials from the city of Las Vegas revealed that their systems were targeted with a sophisticated cyberattack during the 2020 Consumer Electronics Show (CES). This forced the local government to shut down many of its online services. Fortunately, an employee working in the city’s IT department was able to identify the threat in the early hours of January 8th, 2020 and prevent the systems from being breached.
According to Las Vegas Review-Journal, city spokesman David Riggleman said that officials have been proactive in protecting its IT network. On average, the city experiences 279,000 data breach attacks on a monthly basis. However, swift action by its IT staff helped the city avoid what had the potential to cause severe damage. The data systems were also shortly restored to normal function.
2. Ukraine election
In 2014, Ukraine’s Central Election Commission narrowly escaped a breach when hackers from the pro-Russian CyberBerkut group infected its computers and attacked files critical to vote-counting. Twenty-hour hours later, government officials announced that the system had been restored from backups and everything can go on as scheduled. However, shortly before the election results were destined to air on television, cyber experts working for the government detected and removed a virus secretly placed on the Election Commission’s PCs.
Had the Ukrainian government experts failed to remove the virus or restore the lost data from the backup, it would have distorted the results of the election and caused unrest across the Donetsk region, undermining the reputation of the new government. Thankfully, the incident response and cybersecurity measures taken by the security experts came in handy and Ukraine’s vote was declared as a genuine election by international observers.
TeamSupport’s CEO received three emails from a teamsupport.com email account, which seemed like a phishing attack. Tickets from customers in the company’s support queue revealed they had also received the same emails. The company went through its account activity logs for Gmail and saw that a Gmail account had been accessed from Lagos, Nigeria. No one from the firm had visited that place recently.
The company later determined that hackers had used a phishing email to target one of TeamSupport’s employees. Once the hacker was successful, they were able to access the compromised Gmail account and delete all of the contacts. This dampened the company’s ability to determine where they had obtained customer emails from. They also used another email client to send messages and spoofed TeamSupport’s corporate ID.
Fortunately, someone from TeamSupport’s security team suggested recovering deleted contacts in the compromised account. Upon recovery, several contacts showed up that matched the list the company had created of customers who received the phishing email. The company sent an email to that list saying that one of its emails were hacked but no application data had been breached.
The response they received from customers (mostly B2B companies) was positive, putting an end to a stressful situation. This also likely helped the company escape a potential breach where the hackers could have used email spoofing to trick and lure customers into handing over their personal data.
Cryptocurrency exchange Coinbase was targeted by two zero-day bugs that would allow adversaries to gain remote access to a Firefox browser and run code on the victim’s machine. Hackers needed a second bug to let the first bug perform the exploit with the help of a malicious code. Before Mozilla released a patch, though, the hackers had executed the bugs, and had attempted to compromise Coinbase personnel so they could breach their security and steal cryptocurrency.
Fortunately, an external researcher and Coinbase itself noticed the attack before the network could be breached or any crypto could be stolen. According to an employee from Coinbase’s security team, the company was able to defend itself from the hack because of its security-first culture, well-practiced incident response playbooks and company-wide deployment of its detection and response program.
Coinbase also revoked all credentials on the targeted machines and locked every account owned by the affected employees. This helped them to degrade the hackers’ ability to continue their efforts and learn more about the attack.
Security breaches are becoming a day-to-day challenge for companies. Recent trends reveal a huge increase in phishing and network-based attacks while suggesting that most businesses have poor cybersecurity practices in place. In 2019, it took companies an average of 206 days to identify a data breach.
To successfully avoid data breaches, it’s imperative that companies make security awareness a part of their culture and build infrastructure with solid defensive posture. Only then will it be possible for them to defend themselves and their customers.
- Las Vegas city officials assessing impact after cyber attack, Las Vegas Review-Journal
- Cybersecurity of Voting Machines, Brookings
- Lessons Learned from (almost) Getting Hacked, TeamSupport
- Responding to Firefox 0-days in the wild, The Coinbase Blog
- How long does it take to detect a cyber attack?, IT Governance