Share this
When Securing Your Company Data, Please Remember the Promiscuous
by Reflare Research Team on May 5, 2021 6:46:00 PM
Security is never stagnant. At best, it’s a game of cat and mouse where you try to outsmart the other party — with new security threats arising when you least expect them. However, there are some valuable lessons from the past that many have yet to learn.
First Published 6th January 2016 | Latest Refresh 5th May 2021
"Life is short. Secure customer data."
4 min read | Reflare Research Team
A Year to Remember to Never Forget
Every new year brings new security trends that increase threats to specific targets. However, 2015 was a unique year, and one we can still learn much from today. Along with the usual DDoS and malware attacks, the mid-2010s gifted security experts such trends as increased extortions, government threats, and the rise of activist hacking.
These three specific trends continue to gain interest in the security industry and remain a significant driver for improving system protections.
The Extortion of Personally Sensitive Data
The first and most costly trend for businesses and customers is old-fashioned extortion. In 2015, we saw the fallout of the Ashley Madison hack. Hackers obtained 32 million user accounts from the company whose motto is “Life is short. Have an affair.” Privacy was paramount (yet obviously insufficient) for company operations, and the subsequent fallout left millions of users exposed.
Hackers first attempted to extort the company itself, but then turned instead toward its customers. Customers were emailed and even received phone calls to pay a fee to keep their privacy. This hack made world headlines and at the time was the biggest extortion hack to date.
Interestingly, post the hack, Ashley Madison bolstered up their security, did away with the bots, and pushed on trading. They learned their lesson the hard way, but if you need evidence that improvements in IT security can help turn around a brand decimated by a massive hack, look no further. In 2020, it was reported that Ashley Madison was bringing on over 17,000 new members per day during the COVID-19 pandemic.
For many, an increase in security equates to an increase in trust, and Ashley Madison has found this to be true. However, the big lesson for others is not in a small-but-notable comeback, but in the security failure that led to the hack itself. Poor security practices led to this breach, and the extortion of their customer’s data was an utterly avoidable event. Have others learned from their mistakes? You be the judge, as there is no shortage of even larger extortion attacks happening again and again and again.
When Governments Know Everything, and Everything Gets Leaked
The second memorable trend of the year was government hacking. Government websites are not a new target, but even before the Trump-era arrived, escalating tensions between China and the US continued to put government employees and systems at risk. Over 21 million government employee records were exposed in 2015 when hackers were able to gain access to social security numbers, military records, classified data and even fingerprints.
At the time, it was the biggest government breach ever, and it allegedly stemmed from China. It was reported by Ars Technica that at least one person in China had full root access to every row in the database.
Hack for a Cause
Finally, the year saw the very public emergence of the hacking activist (hacktivist). Hacktivists are attackers who hack and deface systems to prove a point and make their cause heard.
All glory to the hypnotoad.
There have been many examples of hacktivism before the mid-2010s, but the visible rise of the hacktivist group Anonymous had garnished increased media attention under the banner of hacking systems "for a cause".
Furthermore, these types of threats continued to grow in popularity as these hackers, as well as others, wanted their message and purpose to be observable in the public domain.
This observability gave rise to more frequent and sophisticated hacktivist attacks in the following years, which involved political initiatives such as elections, environmental issues and even terrorism. With the increased rise of many different social causes, having a clear understanding of your organisation's position on these topics will help uncover, evaluate and address potential hacktivist risks in your security portfolio.
It is vital that security professionals not only know, but also truly understand, the vulnerabilities of the past. The unfortunate reality is that many have yet to. The events of 2015 are worth committing to memory to ensure we do not repeat them. However, others falling victim to newer vulnerabilities is an ever-growing fountain of knowledge from which we should all learn.
To stay up to date with the latest information on these events and learn how to mitigate specific IT security risks before they land in your lap, we suggest you read a few more of our research briefs on similarly related topics.
Share this
- December 2024 (1)
- November 2024 (1)
- October 2024 (1)
- September 2024 (1)
- August 2024 (1)
- July 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (1)
- October 2023 (1)
- September 2023 (1)
- August 2023 (1)
- July 2023 (1)
- June 2023 (2)
- May 2023 (2)
- April 2023 (3)
- March 2023 (4)
- February 2023 (3)
- January 2023 (5)
- December 2022 (1)
- November 2022 (2)
- October 2022 (1)
- September 2022 (11)
- August 2022 (5)
- July 2022 (1)
- May 2022 (3)
- April 2022 (1)
- February 2022 (4)
- January 2022 (3)
- December 2021 (2)
- November 2021 (3)
- October 2021 (2)
- September 2021 (1)
- August 2021 (1)
- June 2021 (1)
- May 2021 (14)
- February 2021 (1)
- October 2020 (1)
- September 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (2)
- March 2020 (1)
- February 2020 (1)
- January 2020 (3)
- December 2019 (1)
- November 2019 (2)
- October 2019 (3)
- September 2019 (5)
- August 2019 (2)
- July 2019 (3)
- June 2019 (3)
- May 2019 (2)
- April 2019 (3)
- March 2019 (2)
- February 2019 (3)
- January 2019 (1)
- December 2018 (3)
- November 2018 (5)
- October 2018 (4)
- September 2018 (3)
- August 2018 (3)
- July 2018 (4)
- June 2018 (4)
- May 2018 (2)
- April 2018 (4)
- March 2018 (5)
- February 2018 (3)
- January 2018 (3)
- December 2017 (2)
- November 2017 (4)
- October 2017 (3)
- September 2017 (5)
- August 2017 (3)
- July 2017 (3)
- June 2017 (4)
- May 2017 (4)
- April 2017 (2)
- March 2017 (4)
- February 2017 (2)
- January 2017 (1)
- December 2016 (1)
- November 2016 (4)
- October 2016 (2)
- September 2016 (4)
- August 2016 (5)
- July 2016 (3)
- June 2016 (5)
- May 2016 (3)
- April 2016 (4)
- March 2016 (5)
- February 2016 (4)