Major Security Breaches in Recent Time

Introduction

To be able to defend against cyberattacks, it is important for the defenders to understand how hackers think. Sun Tzu once said, “If you know the enemy and know yourself, you need not fear the result of a hundred battles”. Therefore, one of the first things one should look at is the history of cyberattacks. We will primarily focus on three major security breaches that happened within the last few years.

The FIN7 Attacks

A large group of hackers from Israel and Russia went by the name FIN7, and they executed one of the most deceptive ways of breaching multiple companies’ security. In 2017 the group would disguise themselves as a company called Combi Security. This fake company provided security-based services such as penetration testing for multiple major businesses including Chili’s, Chipotle, Arby’s and about 100+ other companies in 47 states. Combi’s services would reveal weak spots in these companies’ security systems, which they were then able to exploit. Their primary method of attack was to send malware through a phishing email to someone within the company. Once the email was sent, they would call said company and encourage them to open the email, assuring them it was safe to do so. Once inside, FIN7 would attempt to steal customer information and credit card numbers. Reports estimate that several millions of credit card numbers were stolen from all the affected businesses. Multiple businesses were affected so it is hard to pinpoint when exactly each company detected their breach so as an example, we will focus on one. Chipotle estimated their data was breached between march and April 2017, but they were not able to discover the breach until May of 2017. After the discovery of the attacks, multiple investigations were launched, eventually leading to the FBI being involved. This led to the arrest of 3 men from FIN7. In the aftermath, each company took independent steps to make their security systems more robust.

Marriott Security Breach

In 2018 Marriott International had uncovered a security breach that was responsible for millions of stolen sensitive records. Marriott International is a commercial type business, it is an American hospitality company most known for its hotels. The cyber attack was targeted at Marriott’s Starwood guest reservation data. The database contained each guest’s name, address, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, birth date, gender, arrival and departure information, reservation data, and communication preferences. The database also included credit card numbers and expiration dates, but those were already encrypted by Marriott. On September 8, 2018, the company received an alert from their internal security tools which alerted them of an outside attempt to access their Starwood guest reservation database in the US. Marriott responded by launching an investigation. During the investigation, it was discovered that an unauthorized party had been copying and encrypting information from the database since 2014. The group of hackers managed to hack Marriott by detecting a serious vulnerability on the company’s website, then through an SQL injection they were able to breach their data. On November 19, 2018 Marriott was able to successfully decrypt all the information encrypted by the hackers. After the attacks, Marriott reported the incident to law enforcement, and launched an investigation. To prevent future attacks, the company began work with leading security experts in order to improve their security and enhance their network. Information concerning the total costs of the damage were not found. However, Marriott’s stock prices fell after the announcement of the breach, the company had to hire hundreds of employees to help worried customers, large sums of money were invested into improving their security by working with security experts, and lastly, the company was sued for about $12.5 billion in costs and losses.

The Atlanta Ransomware Attack

On March 2018, a group of hackers known as SamSam launched a ransomware attack on the city that would lock down the city’s digital systems. The attack was primarily targeting five of the city’s thirteen government departments. The group asked for $50,000 worth of bitcoin, and only then they would lift the malware. The attacks were immediately detected, but it took months to recover from the attack. It is estimated that the attacks costed the city $2.6 million, not to mention the fact that because of the attack, many services were handicapped and taken offline including the police and court networks. It even got to the point where residents were not able to pay their bills electronically. However, it is important to note that those $2.6 million were spent hiring contractors and others who could help recover and further secure the city’s network.

Conclusion

Cybersecurity, an endless cat and mouse game where security experts defend data from countless hackers. No matter how well built the security system is, the mouse will always find a way in. The targets mentioned above were of very high profile, they dealt with millions of customers, and probably hired many professionals for their cybersecurity teams, but they were still breached. These examples show us that even the biggest will fall at the hands of those hackers who have endless determination and dedication.

Cite this page