- SOAR 101
Welcome back to our Data Breach of the Month series, where we look at a notable cyber incident or data breach from the past month. Sometimes we’ll offer deeper analysis of the latest big breach, and other times we’ll focus on a lesser known incident that has outsized implications for the security industry.
In each case, you’ll learn the type of data breached, the vulnerabilities or gaps that were exploited, and what organizations can do to remediate effectively and address potential root causes.
So without further ado, our breach of the month for December, 2018 is… the European Union diplomatic cables that were intercepted for three years before being detected.
The New York Times reported in mid-December that hackers had been intercepting EU diplomatic cables and for the past three years. The cables included accounts of meetings with world leaders, candid comments from diplomats about Donald Trump, and other low-level classified communications. Fortunately, highly sensitive communications are kept on a separate system.
Security firm Area 1 discovered the cables because the hackers had coped them to an open website. Area 1 has attributed the hack to a group affiliated with China’s People’s Liberation Army, although some experts have disputed the certainty of this attribution. Controversially, Area 1 chose to show more than 1000 of the compromised cables to the New York Times.
How Did it Happen?
The attackers used a simple phishing attack to steal credentials from EU officials in the small nation of Cyprus. They then ran a basic malware program to create a back door to the system to ensure long-term access. According to an unnamed former intelligence official, quoted in the New York Times, the EU has been repeatedly warned that its communication systems were vulnerable to hacking. The EU is in the process of updating some of its systems.
How to Minimize the Risk of this Type of Breach
This breach illustrates how cybersecurity risk can occur in unanticipated places. As good as the security systems and user awareness may have been in Germany, France, or other European countries, their communications were compromised by simple human error in Cyprus. This principle applies to companies as well. Where is your data when it isn’t behind your firewalls, and who is protecting it? Vendors, employees, partners, and other entities can be the weak link in your cybersecurity chain without you even realizing it.
While this type of risk is hard to eliminate, there are a few things that organizations can do to help identify security operations gaps and reduce the vulnerabilities they cause. One way that weak links go unnoticed is because of the information silos that form in large organizations. Having unified security solutions across the entire organization can be beneficial by ensuring that comprehensive data, proven processes, and highest incident response standards are used, even in areas of the organizations with less resources and experience. Strong reporting and metrics also help eliminate weak links by giving security leaders visibility into the places they can’t see directly.
No matter what part of your organization is targeted, phishing is hard to protect against because a mistake by a single person can compromise an otherwise perfect security infrastructure. That’s why D3 provides automation-powered playbooks for assessing and responding to potential phishing incidents. You can learn more about security automation for phishing in this video from the 2018 SINET Innovation Awards.
Thanks for joining us. We’ll see you back here next month for a new Data Breach of the Month.