There were a few massive breaches this week involving prominent names in the market.

Cyber security experts weigh in their professional views on the matters.

AT&T breach – 51 million customers affected

By: Thomas Richards, Principal Security Consultant within the Synopsys Software Integrity Group

While the information that was exposed doesn’t directly have sensitive information, it can be used to piece together events and who may be calling who.  This could impact people’s private lives as private calls and connections could be exposed.  The business phone numbers will be easy to identify and private numbers can be matched to names with public record searches. 

By: Darren Guccione, CEO and co-founder, Keeper Security

AT&T’s latest announcement revealing another major data breach is a painful second blow to the millions of customers who have already lost trust after having their private information exposed by the company earlier this year. Although the leaked phone records do not contain the contents of calls and text messages, they do provide records of who customers interacted with, and some include identification numbers that could help bad actors determine where calls were made and texts were sent. 

The disclosure of this information – following the leak of Social Security numbers, names, email and mailing addresses, phone numbers, dates of birth, account numbers and passcodes – is a clear violation of personal privacy and trust. These massive breaches, affecting millions of customers, underscore the persistent and evolving threats to digital security, and why everyone must take concrete, proactive steps to safeguard their own sensitive information. 

Although the information in AT&T’s latest breach is less sensitive than the personal details leaked in the prior breach, customers affected by either of these breaches should take the following steps to protect their identity:

• Change the password and passcode for your AT&T account immediately. A password manager can generate strong and unique passwords for every account.
• Enable Multi-Factor Authentication (MFA) to add an extra layer of security that makes it more difficult for cybercriminals to access your accounts.
• Monitor your accounts for suspicious activity including strange transactions, unrecognised login attempts and sign-ins from unknown devices.
• Sign up for a dark web monitoring service like BreachWatch® so you can be notified immediately if your information has been compromised.
• Freeze your credit to prevent lenders from approving new loans or credit lines in your name. You can unfreeze it at any time. 

This breach is also a wakeup call for organisations to reevaluate their cybersecurity strategies, emphasising proactive measures over reactive responses. As cyber threats evolve, organisations must prioritise protecting customer data. Today, identity applications require both authentication and end-to-end encryption to provide robust cybersecurity protection. Cybersecurity technologies protecting these environments must cover every user, on every device, from every location. 

Data shows the human element is far more difficult to protect, and often, the most error-prone element of the attack chain, therefore, organisations should focus on implementing zero-trust security architecture and a policy of least-access to prevent unauthorised privilege escalation and ensure strict enforcement of user access roles. A Privileged Access Management (PAM) platform is essential for managing and securing privileged credentials, ensuring least privilege access and preventing lateral movement in the event of a breach.

Robust threat intelligence, continuous monitoring and rapid incident response are also critical. Companies should have security event monitoring to detect and analyse privilege escalations, enabling the detection and blocking of anomalous behaviour. 

Disney data leak – 1.1 terabytes breached

By: Patrick Tiquet, VP of Security and Compliance, Keeper Security 

“Recent high-profile breaches, such as the alleged Disney Slack breach, highlight the critical need for all organisations, regardless of size, to adopt a proactive and comprehensive cybersecurity strategy to safeguard against potential breaches. With cybercriminals employing increasingly sophisticated and large-scale attacks, the stakes have never been higher. Here are some key measures that can help business leaders mitigate breach risks and protect their organization’s sensitive data:

Secure Credentials And Implement Multi-Factor Authentication (MFA): Securing credentials is a fundamental baseline security measure to prevent unauthorised access. Organisations should enforce strong password policies, encourage the use of password managers and implement MFA everywhere possible. MFA adds an extra layer of security by requiring additional verification beyond passwords, such as biometrics or one-time passcodes. Integrating a password manager can significantly streamline the MFA process, alleviating the need for users to manually enter verification code by securely storing and automatically filling them as needed.

Prioritise Incident Response Plans: Every organization needs an incident response plan. A well-structured plan ensures that if a breach occurs, the organization can quickly and effectively manage and mitigate its impact. This plan should be regularly updated and tested to identify and address any weaknesses. It should also be an integral part of the overall cybersecurity strategy, not an afterthought.

Minimise Data Collection And Enforce Access Controls: To reduce the risk and impact of breaches, organisations should limit data collection to only what is absolutely necessary for operations. Enforce strict access controls to ensure employees only have access to the data they need for their roles. This approach minimises exposure and potential damage from breaches.

Equip Employees With Training And Awareness: Employees are the first line of defence against cyber threats. Implement comprehensive cybersecurity training programs to equip employees with the knowledge and skills to recognise and respond to threats. Conduct frequent training sessions and phishing simulations to keep employees updated on the latest threats and best practices. 

Implement Zero-Trust Security And Privileged Access Management: Focus on zero-trust security architecture and a policy of least access to prevent unauthorised privilege escalation. Use a Privileged Access Management (PAM) platform to manage and secure privileged credentials, ensuring least privilege access and preventing lateral movement in a breach.

Strengthen Third-Party Vendor Security: Recent high-profile breaches often involve vulnerabilities within third-party vendors, emphasising the need for stringent security measures throughout the supply chain. To mitigate these risks, organisations must establish clear security requirements for vendors and insist on proof of robust security controls. Work with vendors that are SOC 2 Type 2 and ISO 27001 compliant or hold similar security certifications. Choose service levels that match your organization’s security needs, as many providers offer varying levels of security features.”

Trello data breach – 15 million users affected

By: Ray Kelly, Fellow, Synopsys Software Integrity Group

This highlights need for comprehensive threat surface mapping of applications. In today’s era of distributed architectures, such as cloud computing and microservices, it is easy to overlook issues like improper authentication on a single API call. Given the complexity and interconnectivity of modern systems, a single overlooked endpoint can become a significant vulnerability. It is only a matter of time before threat actors identify these weaknesses exploit them for malicious.

Philippines Department of Migrant Workers – ransomware

By: Patrick Tiquet, VP of Security and Compliance at Keeper Security 

Cybercriminals are increasingly targeting critical infrastructure and government agencies, as evidenced by the recent ransomware attack on the Philippine Department of Migrant Workers. The decision to swiftly take their systems offline was crucial to contain the breach and protect sensitive information, and demonstrates the importance of proactive measures to minimise potential damage. 

This isn’t an isolated incident. Last year, the Philippine Health Insurance Corp faced a similar ransomware attack, where hackers demanded $300,000. These repeated attacks show that cybercriminals are expanding their focus beyond big corporations to government bodies, aiming to disrupt essential services and access valuable data. According to Keeper Security’s 2024 Future of Defence Report, 92% of IT and security leaders have seen an increase in cyber attacks year-over-year, underscoring the pervasive nature of online threats. 

Government agencies, and the organisations that work with them, often hold vast amounts of sensitive data and provide critical services, making them lucrative targets for cybercriminals seeking financial gain through ransom or the sale of stolen data.

To combat these threats, government organisations must bolster their cybersecurity defences. Adopting a zero-trust security model in conjunction with least-privilege access, Role-Based Access Controls (RBAC), a Single Sign-On (SSO) solution and appropriate password security can greatly decrease the likelihood of a successful cyber attack and stymie the threat actor’s access. Companies should also have security event monitoring in place to promptly detect and respond to potential threats, implement regular system backups, establish comprehensive incident response plans and ensure that all staff receive thorough training in basic cybersecurity practices. Simple measures like keeping software up-to-date, using strong passwords and mandating the use of Multi-Factor Authentication (MFA) can go a long way in preventing attacks.

By: Kelvin Lim, senior director of Security Engineering at Synopsys Software Integrity Group

Southeast Asian government networks have been the target of a recent wave of ransomware attacks. Good ransomware mitigation practices will require the organisation to address the factors of people, technology, and processes. The following are 10 recommendations to protect organisations against ransomware attacks:

1. Data backup – This is a must-have and it serves as a last line of defence against ransomware attacks where access to data is denied. Do note that backups should be stored offline or in a separate network to prevent them from being accessed by ransomware
2. Data encryption – This stops bad actors from gaining authorised access to the data in a ransomware attack
3. User education – Awareness and training are essential. Users should be taught to spot phishing attempts and avoid clicking on dubious links or attachments.
4. Application Security – Adopt good application security practices to remove any security vulnerabilities embedded in the application
5. Software updates – Update software regularly with the latest software patches and security updates
6. Email Filtering – Block phishing emails and malicious contact before the email reaches the user’s mailbox
7. Access control – Enforce the principle of least privilege, ensure that users are only allowed to access data and systems necessary for their work
8. Network segmentation – This is to limit the blast-radius of the ransomware attack and restrict user access to only what is necessary for their roles
9. Monitoring –  It is important to have 24/7 monitoring and alerting functions on your network and systems to detect any unusual activities
10. Security audits – Regular security audits are necessary to identify any lapses in the systems, network, and processes