Top 5 Cloud Security Data Breaches in Recent Years
Cyber breaches aren’t a thing of the past. Ever since the pandemic, the world has seen massive security attacks, each of which continues to disrupt the functioning of enterprises and organizations functioning.
Despite moving to the cloud, there has been no respite from these imminent cyberattacks. The year 2021 promised relief, but it saw some of the biggest, unforgettable data breaches, which shook the foundation of security practices.
Here’s a list of the top five cloud security breaches which can’t go without a special mention:
In its Cyber Risk survey, the world’s first Cyber Resilience startup UpGuard discovered that Accenture left at least four AWS S3 storage buckets unsecured in 2017.
The breach included unbridled authentication details, confidential API data, digital certificates, decryption keys, user data, and meta info.
The security analysis by UpGuard discovered 137GB of data was available for public access. As a result, cyber attackers used this data to defame and extort money from users. Some compromised information also found its way onto the dark web.
In August 2021, Accenture again fell prey to an attack via the LockBit ransomware. This time, the enterprise was savvy enough to discover the infiltration during 2021’s final quarter audits.
Accenture suspected chain attacks on client systems due to the 2021 data breach: this included misconstrued critical systems, inadvertent disclosure, and subsequent malware infections.
The culprits, the LockBit ransomware themselves, claimed that they stole 6TB worth of data from this attack, which they held at a ransom of $50 million.
Accenture did not publicly acknowledge the attack outside SEC filings or notify authorities responsible for the breach of Personally Identifiable Information (PII) or Protected Health Information (PHI). In turn, the organizations denied the claims in September.
In 2017, Verizon’s third-party cohort, Nice Systems, erroneously exposed user PPI due to a faulty AWS S3 configuration. The attack was made possible due to Nice’s error that further collected customer call data.
In 2020, Verizon uncovered 29,207 security incidents, while 5,200 of these cases were confirmed breaches. The telecom giant fell prey to DDoS attacks; social engineering and client-side web app infections fueled each attack, leading to server-side system breaches.
The telecom agency attributes the pandemic-induced remote productivity model as the primary reason behind the creation of loopholes and the proliferation of cyberattacks. The organization categorizes these attacks as a result of errors committed by the ‘human element,’ a side product of social engineering.
Verizon released a 2021 audit of their cyber-security strategy in alignment with their VERIS framework, which serves as a case study for other enterprises and users. Roughly 61% of these attacks involved using unauthorized credentials, while phishing rose from 25% to 36% in 2019.
3. Kaseya Ransomware Attack
In July 2021, IT solutions provider Kaseya suffered a massive attack on their unified remote monitoring and network perimeter security tool. A supply chain ransomware attack aimed to steal administrative control of Kaseya services from managed service providers and their downstream customers.
As reported by ZDNet, the attack crippled the company’s SaaS servers and affected on-premise VSA solutions used by Kaseya customers across ten countries. Kaseya proactively responded to the attack by immediately alerting its customers. The company rolled out the Kaseya VSA detection tool, allowing business users to analyze their VSA services and manage endpoints for signs of vulnerabilities.
The incident and Kaseya’s response gave the world vital lessons in a modern cyberattack mitigation, which include:
- Ensuring business continuity with updated backups in an easily retrievable, air-gapped repository segregated from the organizational network
- Vendor remediation through manual patch management, at the earliest availability
- Due diligence from customers outlining mitigatory actions
- Implementation of multi-factor authentication for business users
- Follow a principle of providing only required privileges on essential network resources
In May 2021, cybersecurity analytics giant Cognyte made a blunder leaving their database unsecured without authentication protocols. This folly paved the way for cyberattackers, exposing 5 billion user records. Ironically, the Cognyte database served comparative data that alerted customers about third-party data breaches.
The leaked information included user credentials such as names, email addresses, passwords, and vulnerability data points within their system.
The information was publicly available and even indexed by search engines. Additionally, Cognyte’s intelligence data, which included information about similar data breaches, was made freely available. It took Cognyte four days to secure the data.
The incident once again opened the world’s eyes to how attackers can exploit even the smallest of blunders to launch devastating breaches. Even renowned cybersecurity providers are not safe from cyber threats; attack prevention techniques should be given higher priority when compared to attack mitigation techniques.
Raychat is an Iranian chat application that survived a large-scale cyberattack. A database configuration breach exposed nearly 267 million usernames, emails, passwords, metadata, and encrypted chats. A targeted bot attack wiped all of the company’s data.
According to Gizmodo, a MongoDB misconfiguration caused the data to be openly available, giving the cyberattackers free rein on the chat application’s private data. It proved how NoSQL databases are easy targets for bot attacks.
The attackers held the breached data for a ransom; unfortunately, paying the ransom doesn’t ensure that they would relinquish the data or prevent it from being sold off to unscrupulous buyers. The compromised data was leaked and updated on a famous hacking website, Raid Forum.
Raychat was able to restore its data from its internal backups. Nonetheless, the company had to cut a sorry figure in front of its users, considering they were bound to secure the data in the first place. Despite repeated attempts at highlighting the plight of Iranian civilians, there doesn’t seem to be much respite for the people.
Iranian hackers have had a field day exploiting unsuspecting civilians, subjecting them and their personal data to endless cyberattacks as a part of massive data breaches.
What Can You Learn From These Security Breaches?
Notable cyber-security solution architects who studied the Verizon case think ransomware attacks are still in their nascent phase. Incorporating social engineering tactics variegates ransomware attack patterns that victimize the intended audience.
A $45 billion worth organization such as Accenture does not get breached overnight. With routine cybersecurity penetration tests, mandatory end-to-end compliance and efficacy are necessary for any enterprise-driven sensitive data.
Most of us use cloud storage services to keep our data secure. But there are still plenty of security challenges we face right now.
About The Author