We kicked off Season 3 of the AppGov Preventive Maintenance series by focusing on 4 things:
Let’s unpack what Nic and I discussed during that session and where we are a few months later at the end of Q1.
This is our list of the top 9 breaches, in no specific order.
What: In August 2024, NPD, a consumer data broker, confirmed a breach that exposed about 2.9 billion individuals' personal information, including social security numbers, addresses, and phone numbers. Passwords and usernames were also exposed.
Cause: Traced back to a security lapse in December 2023, which allowed cybercriminals to access and sell the stolen data.
Broader Implications: The data leak heightened the risk of identity theft and fraud. NPD faced lawsuits due to its failure to protect personal data. The lawsuits caused NPD a financial strain, resulting in its filing for bankruptcy. The breach brought awareness to the need for stricter data protection strategies.
What: In February 2024, UnitedHealth Group faced a massive ransomware attack on its subsidiary, Change Healthcare, exposing the private data of over 150 million individuals in the United States.
Cause: The Black Cat ransomware group was found responsible. They exploited a compromised account lacking multi-factor authentication (MFA). They used the credentials to gain unauthorized access to Change Healthcare’s systems.
Broader Implications: The breach disrupted healthcare services around the U.S. UHG paid the hackers a $22 million ransom, though additional threats may have led to a second ransom payment. The cost of response added up to approximately $2.87 billion in 2024. The breach highlighted the need for an advanced cybersecurity plan to protect sensitive information in the healthcare sector.
What: Starting in April 2024, more than 100 customers of Snowflake, Inc., a cloud data platform, were affected by hackers who accessed and stole vast amounts of customer data, including call records and financial records.
Cause: Cybercriminal group, tracked as 'UNC5537', stole customer credentials lacking MFA from more than 165 organizations.
Broader Implications: Organizations faced significant financial losses and lawsuits. The incident emphasized vulnerabilities in cloud data platforms and prompted organizations to review their security protocols, such as reinforcing MFA, user education, and enhanced endpoint security.
What: In April 2024, MediSecure, an electronic prescription company, was made aware of an attack that affected about 12.9 million Australians. The data that was stolen included names, birthdates, addresses, healthcare identifiers, Medicare numbers, and prescription details.
Cause: The company identified the breach as a ransomware attack via a third-party vendor.
Broader Implications: The attack caused disruptions to operations between healthcare providers and pharmacies, led to company insolvency, and impacted patients’ trust in digital healthcare services. It demonstrated the need for strategic cybersecurity practices.
What: In October 2024, an incident exposed about 31 million users' personal email addresses and passwords. The Internet Archive also experienced service outages due to DDoS attacks. Users were notified on the JavaScript alert on the organization’s site.
Cause: The hackers used unrotated tokens or digital keys that give access to systems to breach the Internet Archive.
Broader Implications: As a result, concerns were raised about the cybersecurity practices of the Internet Archive. It also heightened the risk of credential stuffing attacks, especially for those who used similar passwords across multiple sites. This breach emphasized the need for individuals to use strong passwords and use MFA when possible.
What: In August 2024, an oilfield service provider had to shut down some of its internal systems after becoming aware of unauthorized access to its systems.
Cause: A third party gained access to data and removed data from its system, causing disruption to its business applications.
Broader Implications: Due to the attack, Halliburton shares declined and impacted their free cash flow because of delayed billing and collections. The breach highlights the ongoing threat of cyberattacks on important infrastructure and large corporations.
What: Ivanti, a company that specializes in IT management and security solutions, suffered from unauthenticated attackers gaining administrative privileges.
Cause: The exploitation of vulnerabilities within Ivanti Connect Secure, Policy Secure Appliances, and Endpoint Manager.
Broader Implications: The vulnerabilities allowed unauthorized access and remote code execution, affecting organizations globally, including government agencies. The breach was particularly severe as it affected critical infrastructure and government agencies, including CISA (Cybersecurity and Infrastructure Security Agency).
What: A mortgage lender experienced a data breach, causing the personal information of about 16.9 million individuals to be compromised. Information included names, email addresses, Social Security numbers, and financial account numbers.
Cause: The ALPHV/BlackCat ransomware group claimed responsibility for the attack.
Broader Implications: The attack led to widespread system outages that prevented customers from accessing their accounts and making mortgage payments. LoanDepot paid out more than $86.6 million in a settlement to data breach victims. This attack highlighted the importance of robust security measures, especially in the financial services industry.
What: In September 2024, Infosys McCammish Systems announced a major breach potentially affecting 6.5 million records. Unauthorized actors infiltrated their network, compromising sensitive information.
Cause: LockBit took responsibility for the Infosys attack and implanted ransomware across the Infosys network, locking over 2,000 devices.
Broader Implications: The attack caused operational disruptions and led to lawsuits. Infosys agreed to pay $17.5 million in settlement costs, leading to a financial strain on the company. It underscored the significance of implementing and maintaining cybersecurity protocols to prevent attacks.
As you can see, it hasn’t stopped. In fact, it has gotten worse. I don't know anyone who doesn't sit up and drink their coffee faster with the possibility of spitting it out when they see these reports, and watch them grow. The sheer scale and numbers are staggering.
Some other fearful stats from Microsoft’s Digital Defense Report of 2024.
Figure 1: Increase in attacks. Microsoft’s Digital Defense Report of 2024.
And since we focus predominantly on Microsoft technologies, where is Microsoft in all of this? What have they been doing to combat the increase in cyberattacks in 2024 and now? Remember, for Microsoft, Security is a multi-billion-dollar industry.
Microsoft's Secure Future Initiative (SFI) is a comprehensive cybersecurity transformation program launched in November 2023 to address evolving threats and internal security challenges. It represents the company’s largest-ever cybersecurity engineering effort, involving over 34,000 engineers and integrating security into every aspect of product development and operations.
This pillar ensures security is embedded into the foundational architecture of products and services. Key components include:
Microsoft enforces stringent security configurations as standard settings, requiring no manual intervention:
This pillar focuses on continuous monitoring and improvement of security controls:
The SFI’s three pillars work synergistically to create a layered defense strategy, prioritizing security over feature rollouts and addressing external critiques of Microsoft’s past practices.
In November of 2024, Microsoft released an update to the original SFI initiative. More can be read here via the November update link.
Added to that, the investment in adopting the Open Group’s Zero Trust architecture and building it into all of their security products, from a design perspective, ensures that organizations have the necessary patterns and practices at hand so that they can achieve a better security posture. Also, this is mine and Nic’s unofficial security bible. We have spoken repeatedly about using Zero Trust as the basis for everything security in the world.
In fact, we even helped Microsoft build out their Zero Trust Adoption Framework… which is our crowning achievement. So yes, we are a little more passionate about ZTA (Zero Trust Architecture) than most.
There really is just 3. And it’s quite simple. And if 2 of the 3 show up, which we have now seen Microsoft create a new form of matter for its quantum computing processor, it's guaranteed that in the not-so-distant future, things will accelerate as fast as Majorana.
Hackers will find more mechanisms for fooling people into believing that the “link” is real. It’s not going to slow down. People need to become more vigilant when clicking on links.
As much as the conventional AIs (ChatGPT, Copilot, Gemini, etc) are properly governed, you can deploy your very own AI into whatever environment you have (self-hosting). And then you get to do whatever you want. We’ve seen chatbots like WormGPT and, more recently, GhostGPT show up on the dark web, which means that hackers have unfettered access to bad AI. AI that will help hackers, well, hack.
When we ran the episode at the beginning of the year, Microsoft had not made its announcement yet, but we called it. Quantum computing will greatly accelerate hacking techniques like brute force and decryption, bringing it down from multiple years, to dare we say, days. This poses a massive threat to the world of encryption.
There you have it, people. Our state of the security nation address, with predictions for 2025. We believe that all roads lead to securing those human and non-human identities you have in your environment, which is why Nic and I will remain vigilant.
We will continue to pester our audience about the benefits of Identity Security Posture Management, and if it means we must go door-to-door to make sure that you follow the principles of Zero Trust, we will.
Remember to R.E.A.D.
R – Restrict access to resources in your environment.
E – Encrypt your data and backups.
A – Access Control, lock down access and authorization to your estate.
D – Defense, monitor everything happening in your environment, and build up defenses to combat any attacks.
Want to dive even deeper into Identity Predictions? Watch the full webinar
on-demand here.