Theme of 2015: Compromised credentials fuel cyber attacks

Theme of 2015: Compromised credentials fuel cyber attacks

Written By: Admin

Major cyber attacks and breaches have been occurring for years, but 2015 seemed to be a particularly bad year for breaches at very large, well-known brands and large organizations. What was even more interesting was how many of these breaches seemingly occurred – 2015 was the year of compromised credentials.

It seemed like every week in 2015 brought a new high-profile data breach or cyber attack. Every week, you would click through to your favorite newspaper or tech publication and see headlines about another few million individuals who had their identities stolen. At the root of a large percentage of these huge breaches were credentials of an executive or other individual within the organization that had been compromised.

This isn’t something that’s going to end in 2015, either.

The single sign-on trend has created an environment where one stolen credential can deliver access to many applications and systems within an enterprise. And cyber hygiene remains poor amongst users. Password reuse runs rampant, and many of the same passwords that employees are using in their personal lives find their way into their work accounts and systems, meaning a breach at home can easily become a breach at work.

And although companies are rushing to embrace multifactor authentication and other solutions to make credentials harder to compromise and utilize, they often overlook important things. They utilize in-band authentication solutions that aren’t impervious to malware and other attacks. Or, they implement such strong authentication solutions that are so rigid and difficult to use, that end-users start to circumnavigate them for convenience – rendering them useless.

2015 was another banner year for malicious actors online, and it was the compromised credential that was behind it all. Here is a look at some of the top articles that we published on The Access Granted in 2015 about cyber attacks, almost all of which could be traced to stolen credentials:

Experian breach puts T-Mobile customers in the crosshairs
Just last week, Experian was breached. Experian is a global information services company that offers credit services, marketing services, decision analytics and consumer services to companies, and that aggregates personal and lifestyle data about consumers. Unfortunately, much like PNI Digital Media, the impact of the Experian breach was felt across other organizations. Most notably, the mobile services provider T-Mobile. The company was used by T-Mobile and other companies to run credit checks and provide information on customers applying for financing and cellphone services.

Excellus BlueCross BlueShield latest health insurer to fall victim to cyberattack
On December 23 of 2013, approximately 10 million citizens of upstate New York received quite the Christmas “gift.” Unfortunately, they wouldn’t know about the existence of this “gift” for almost two more years. Just last week it was announced that a cyberattack and data breach was perpetuated against the health insurance company, Excellus BlueCross BlueShield, which services a large population of individuals in New York State. The attack – which occurred on December 23 of 2013 – was not discovered until August 5, 2015, and not disclosed to the public for another month.

UCLA Health breach shows data thieves increasingly focused on healthcare
In July, UCLA Health announced that an, “Attacker had accessed parts of the UCLA Health network that contain personal information, like name, address, date of birth, social security number, medical record number, Medicare or health plan ID number, and some medical information (e.g., medical condition, medications, procedures, and test results).” Since UCLA Health has such a large footprint and provides care to such a large community of patients, it’s estimated that more than 4.5 million patients could have had their information compromised. And, although UCLA Health claims that financial data wasn’t accessed or stolen, the information that was compromised can be equally sensitive and dangerous.

Stolen money and overly-caffeinated hackers – a look at the Starbucks breach
If you’re useless in the morning without your venti, soy, caramel macchiato with no whip, we may have some bad news for you. Your favorite beverage may be sans whipped cream, but it could come with a serving of security vulnerability. Last month, Bob Sullivan – a consumer reporter and author – exposed a data breach that impacted Starbucks drinkers. The vulnerability specifically targeted Starbucks customers that utilize the company’s gift card and mobile payment systems.

OPM breach clearly illustrates need for better identity and access management
U.S. government employees got some very bad news in early June when it was announced that the Office of Personnel Management (OPM) had fallen victim to a security breach. This latest high profile cybersecurity attack was orchestrated against the agency that essentially acts as the human resources department for the entire federal government – a role that unfortunately makes it privy to the personal information of every current and retired federal employee, as well as individuals that apply for security clearances. In all, the personal information – including the social security numbers – of as many as fourteen million federal employees are thought to have been compromised.

Recent enterprise data breaches make case for stronger authentication
In the middle of February of this year, the health insurance giant, Anthem, released a statement saying that their network was breached. According to the statement, the individuals responsible were able to access, “names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, (and) employment information, including income data.” In October of last year, JP Morgan Chase – a financial services company that touts that it has millions of customers and more than $2.4 trillion issued a regulatory filing to the U.S. Securities and Exchange Commission (SEC) stating that, “User contact information – name, address, phone number and email address – and internal JPMorgan Chase information relating to such users have been compromised.”

The Access Granted will be back with new articles looking at the latest trends and technologies in security and authentication in 2016. In the meantime, have a happy and safe New Years!


1 Comment

  1. PODCAST: The evolving security industry and the shift to risk-based security - Access Granted
    PODCAST: The evolving security industry and the shift to risk-based security - Access Granted2 years ago

    […] In a recent post on Access Granted, we looked back at the major breaches that occurred in 2015 and discussed a common factor that was present in almost all of them – credential theft and compromised credentials. […]

Leave a Reply