BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

The 3 Worst Security Incidents of 2017 – and What to Expect in 2018

January 8, 2018

  • Blog
  • Archive

blog-top-3-breaches-2017.jpg

If you are like many people, you have made a few New Year’s Resolutions. Some of us plan to be healthy, quit bad habits, or try to change our bad behaviors. For cybersecurity professionals and executives, we should learn from our mistakes in 2017 and make our professional resolutions, too. Here are a few of the basic resolutions we should all adhere too:

  1. Managing and monitoring privileged accounts
  2. Securing privileged access in the cloud and for our partners
  3. Applying security patches or mitigation strategies in a timelier manner

As we look back at the major incidents and breaches in 2017, we have plenty to learn but these three recommendations would make the best New Year’s Resolutions for everyone. Here is why (ranked in order of importance):


#1 WannaCry (Petya, NotPetya, and other Ransomware) – May 12, 2017

WannaCry is a ransomware payload that was grafted onto a vulnerability discovered by the NSA and leaked by Shadow Brokers. It is widely believed that the malware was created by the North Koreans and was unintentionally leaked into the wild as an unfinished piece of work. It was patched by Microsoft in March under advisory MS17-010 a few months before the ransomware was actually released. The threat actors ultimately leveraged the vulnerabilities (nicknamed EternalBlue and DoublePulsar), refined an exploit into reliable malware, and grafted WannaCry (real name WanaCrypt0r) as the payload. The results created the first wormable ring 0 exploit seen in the wild in years and was responsible for millions of dollars in damage in lost business from everything from hospitals to transportation and shipping companies.

Lessons Learned:

  • Patch and remediate systems in a timely fashion
  • If they are end of life, have mitigation strategies including segmentation


#2 Equifax – September 7, 2017

Equifax is one of the largest credit agencies in the United States. It suffered a data breach that affected 143 million consumers, and is considered by many to be one of the worst data breaches ever! The Personally Identifiable Information (PII) stolen included Social Security numbers, driver’s license numbers, full names, addresses, dates of birth, and complete credit card numbers. Hackers were able to gain access to the company’s system from mid-May to July by exploiting a vulnerability in their website that was identified but not patched.

Lesson Learned:

  • The Vulnerability Management lifecycles require a closed loop process including patch management that involves teams, not a single person.
  • PII was able to be reassembled during the breach including credit card information. This violates numerous security best practices including regulatory compliance requirements like PCI DSS.


#3 Uber – November 21, 2017

As fast as Uber has become the staple for ride sharing among millions of users worldwide, Uber riders and drivers became aware in one data breach that their personal information was compromised. In total, 57 million of them. What makes this incident as astonishing as the service itself, is that the company chose to pay the hackers $100,000 to keep the incident a secret, instead of proper public and legal disclosure. The threat actors did not gain access to Uber’s internal resources but targeted the cloud; in this case GitHub. Uber engineers used this service to collaborate on software projects. The threat actors downloaded the data stored from GitHub, which included PII such as names, email addresses, and phone numbers of Uber users and drivers worldwide! How the threat actors got into GitHub? Weak authentication practices. This represents everything a business could do wrong from trying to hide a breach to poor security practices. As an Uber user, I know my data is out there – just like the X-files.

Lessons Learned:

  • Privileged access internally and in the cloud must be secured
  • Third party resources should be secured with similar policies and procedures to internal resources

So, what should we expect for 2018? If the first few days of January are any indication, much more of the same and a few extreme wild cards. Consider the flaws deep inside Intel CPUs and the allocation of memory between kernel and user modes. The CPU’s themselves cannot be fixed, only replaced, and compensating controls in hypervisors and operating systems will be the only remediation strategies available at a cost of 5% to 30% performance impact. This implies the vulnerabilities and exploits might become exceptionally more technical in 2018 and a higher risk if working exploits make it into the wild. Of course, threat actors always look for the lowest hanging fruit and this why security basics, excessive privileges, and basic security controls must be rock solid even before worrying about these advanced threats.

If you consider these basic lessons and New Year’s Resolutions, find solutions that can actually work for you. BeyondTrust has privileged access management products that can help you with privilege and enterprise password management initiatives. Retina CS can help you identify vulnerabilities, implement a robust vulnerability management lifecycle, and even patch Windows assets. Your New Year’s Resolutions should be more than just goals; with BeyondTrust you can actually make them happen. Contact us today to schedule a strategy session.

Photograph of Morey J. Haber

Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.