2023 is literally around the corner. New year, new hopes, new challenges. And when it comes to data and cybersecurity, we need to be always prepared. They don’t take any breaks or vacations! Better than hoping not to be breached is to know what can go wrong so you can fix it. So let’s look at the top 5 cyber attacks from 2022, and then we will show you how these cyber attacks could have been avoided.
#5 Red Cross
The Red Cross was the target of a sophisticated cyber attack that compromised the personal data of more than 515,000 people worldwide. According to the Red Cross, this data was secured, anti-malware updates were scheduled, and there was no real danger. However, after further continuous attempts, hackers identified a vulnerability and gained access through a late patch on one of the authentication modules. Only when the Red Cross installed advanced endpoint detection and response (EDR) was the intrusion detected.
Endpoint security is a must for any organization. Endpoints like computers, laptops, mobile phones, and tablets, hold sensitive information and are also the door to cloud infrastructures that hold customers’ credentials, passwords, and account information that must be secured. By penetrating a device, hackers can gain access to that cloud. Any organization that expects stronger cybersecurity needs to understand that the best way to keep data safe is relying on cloud-independent solutions that store data on the device and away from the cloud.
Early this year, the Lapsus$ extortion group gained access to the account of a customer support engineer for Okta, and in December (yes, just a few days ago) the company announced another security incident after a hacker accessed its source code following a breach of its GitHub repositories. This is probably the most ironic hacking case because Okta is in charge of authentication for many companies, from large to small. So how can you trust a company whose main purpose is to protect your data when its own infrastructure gets hacked?
One of the reasons authentication ends up being so vulnerable is human error. The whole authentication mechanism becomes vulnerable because it demands and expects actions from a user who has to work and pay attention to many other tasks, as well as authenticating. According to independent research conducted by IBM, TrendMicro, and Stanford University, human error accounts for 80% to 90% of breaches. Bank tellers, for instance, must authenticate an average of 20 times a day, if not more. Again, passwords and humans are not a good combination to protect against hacks..
Next come two cyber attacks that still resound in everyone’s mind and are great examples of how MFA fatigue can damage your organization: Cisco and Uber.
The company announced it discovered a security incident that targeted its corporate IT infrastructure but managed to block additional attempts to access its network. How was it possible for a networking giant company like Cisco to get hacked? Through an employee´s compromised credentials (passwords again). The hacker managed to get control of a personal google account from one employee, where individual credentials were stored. After that first breach, the attacker used voice phishing to convince the user to accept multi-factor authentication notifications. In the end, the MFA fatigue attack turned successful, giving the hacker access to a VPN used by employees.
According to Uber´s announcement, one of their contractors was exposed to malware on their device, which ended up revealing the password to Uber´s network. The hacker performed several attempts to enter Uber´s systems but needed to surpass its MFA, so he spammed the compromised user with MFA push notifications, asking to verify the access until the user accepted the wrongful MFA code. Although no sensitive data was breached, some of Uber’s internal networks were down, and coming from a big international company with users all around the world, its cybersecurity measures were clearly not up to the challenge.
In case you don’t know, MFA fatigue occurs when a hacker sends constant authentication messages to the user until the user gets tired of all the notifications and accepts them, giving hackers access. When using multi-factor authentication, employees usually authenticate first with a password, and they have a second device where they receive a code. Cisco and Uber prove that surpassing MFA has become hackers´ new ability. The need to improve MFA mechanisms is growing because it is troublesome for employees and it doesn’t stop them from being tricked by hackers.
This next and last cybersecurity incident shows the implications in time of an apparently harmless hacking attempt.
#1 Top Cyber Attacks in 2022 – LastPass
LastPass` story is fresh now, but it actually started in August, when a hacker gained access to LastPass’s development environment through a compromised endpoint and stole some technical information. Using this information he targeted another employee and successfully obtained access keys to connect to the cloud storage and finally access customers’ accounts and passwords.
LastPass`s mission is to be a secure password manager that stores all usernames and passwords in one safe place, that’s why this cyber attack represents, no doubt, the ultimate alert on the dangers of trusting passwords and cloud-based platforms to protect users, data, and devices.
How to make MFA easier on users and harder on hackers
There are authentication solutions that offer a better user experience and reduce human intervention with a higher level of security. GuacamoleID by Hummingbirds AI is one of them.
GuacamoleID uses facial biometrics in combination with the regular camera on any device, but instead of using a selfie of the user, it runs on video. When facial biometrics are applied using the camera to run video, authentication becomes continuous. This way the authentication tool is making sure only the right face is always in front of the device. This means the device becomes inaccessible the moment the right user´s face (or faces) are not detected. This passwordless and touchless authentication technology improves any multi-factor authentication mechanism and gives a strong boost to any cybersecurity approach.
How can touchless continuous authentication prevent cyber attacks
This is how GuacamoleID and touchless continuous authentication can help reshape your organization’s authentication and cybersecurity posture:
Reducing the chance for human error in any MFA or authentication mechanism by freeing users from password-related dangers such as forgetting, losing, sharing a password with others and of course, MFA fatigue attacks. Even if hackers were granted access by mistake, they would still lack one factor: Your Face.
- Combinings facial biometric solutions with local storage on the device, keeping all kinds of information away from the cloud and shielding the privacy of the user.
- Protecting the user continuously : Many authentication solutions verify the user at the beginning of the session but whatever happens during the sessions remains unprotected. This means that anyone could get access to the device after the initial login or take a look at the screen and catch a piece of important information, or the user could leave the device unattended for a few seconds and have sensitive data taken without any prevention. Facial biometric solutions can achieve a higher level of cyber security.
2022 is a year that the Red Cross, Okta, Cisco, Uber, and LastPass will not forget. What would have changed for these big organizations if they had chosen a different and more innovative authentication approach? Everything.
Deploying a passwordless and continuous authentication solution that is also independent of the cloud, all these companies would have easily eliminated human error, and MFA fatigue, and they could have gained privacy, and continuous protection.
Want to know how to get GuacamoleID to protect your users and devices? Just contact us.