The cyber security landscape is changing all of the time and is creating new and unexpected challenges for IT Professionals and Managed Service Providers (MSPs). Cybercriminals are becoming more sophisticated in their approach and cyber risks can change daily, causing serious disruptions to a business.
Nowadays, cyber security is a priority for every company whether a small business or multi-national organization. Of course, MSPs need to remain vigilant to these threats, as they are responsible for IT infrastructure management and cyber security solutions.
With that in mind, we’re going to take a look at how cyber security threats work. In addition, we’ll take a look at some of the biggest cyber security events that we’ve observed in recent months.
What is Cyber Security?
Cyber security refers to the way in which organizations and businesses reduce the risk of a cyber attack. In other words, cyber security applies various controls, processes, technologies, and human efforts to manage data, devices, programs, networks, and systems to protect against unauthorized exploitation. A cyber security threat could be any potential malicious or negligent activity that may result in theft, corruption, or unavailability of IT assets such as data, programs, or network resources.
How Do Cyber Security Threats Work?
Cyber security threats use a combination of techniques to have unauthorized access to vulnerable information. In most cases, cyberattacks use potential weaknesses in the system to exploit data, change or delete information or extort money from users. Cyber security threats can come from a number of actors. This may include disgruntled employees, lone hackers, criminal organizations, hostile nation-states, terrorist groups, hacktivists, corporate spies, and involuntary misbehavior.
In recent times, we have seen some high-profile cyber breaches that have caused sensitive data to be exposed. This includes the public and private sector and compromised many businesses and their clients.
Top Cyber Security Threats and Vulnerabilities in the IT Space
Here is a list of some of the important cyber security incidents and threats that have made headlines recently:
1) UnitedHealth Cyber Attack
In the first quarter of 2024, US healthcare provider UnitedHealth announces that their ChangeHealthcare platform had been compromised by a ransomware attack, admitting losses upward of $872 million.
The platform coordinated transactions between healthcare professionals, doctors and pharmacies across America, and the breach led to its operations being suspended while investigations were underway. The vulnerability was eventually thought to be an insecure Citrix portal.
Cash flows from operations from the first quarter 2024 were $1.1 billion and were affected by approximately $3 billion due to the company’s cyberattack response actions, including funding acceleration to care providers.
The company’s SEC report states.
An estimated one in three Americans’ health data was potentially compromised by this massive cyber-attack. In April 2024, UnitedHealth confirmed it paid the requested ransom to protect patient data.
2) National Public Data (NPD) Data Breach
Background checking company NPD admitted that the personal data of more than 2.9 billion individuals had been leaked to the dark web, including social security numbers, names, addresses, and details of individual’s relatives.
Infamous hacker collective USDoD claimed responsibility for the theft, offering up the data on the dark web for a price tag of $3.5 million. The hack highlighted the dubious data scraping practices of the compromised firm, NPD, and has led to a multimillion-dollar class action lawsuit which is ongoing.
This breach not only demonstrates the danger of careless data scraping and storage but also the additional legal risk companies expose themselves to when they fail to secure personal information.
Learn more here.
3) AT&T’s Double Whammy
In 2024, the telecom giant admitted not one but two separate large-scale data breaches.
In July, they revealed that cybercriminals stole call records and numbers belong to “almost all” of its customers, amounting to around 110 million affected individuals. This data theft occurred in two tranches, between May and October 2022, and in January 2023.
Although the company claimed that the stolen data did not contain text messages or call content, it did include call metadata and individual phone numbers. The metadata could be used to triangulate the rough location of individual calls and potentially extort individuals.
A third-party cloud platform was the entry point for the illicit data download, revealing the vulnerabilities that such collaborations can produce.
In March 2024, a data breach broker made 73 million customer records available on a well-known cybercrime forum, having teased a sample three years prior. Names, phone numbers and postal addresses were included in this earlier breach, as well as encrypted passcodes, potentially allowing illicit access to customer accounts.
In response, AT&T had to force reset the passcodes of millions of its users.
4) IMF’s Microsoft Account Breach
It isn’t just private companies that suffer such attacks. NGOs such as the International Monetary Fund (IMF) can also be affected.
In February 2024, the IMF, who work to promote economic prosperity worldwide, announced the compromise of 11 email accounts on the Microsoft Office 365 platform.
A Russia-linked intelligence organization, Midnight Blizzard, had targeted the Fund in the previous month in a separate incident, demonstrating that attacks on the IMF are not rare. In fact, the IMF had been targeted as early as 2011, as reported by the New York Times, in a password spray attack.
The email breach was detected immediately, fortunately, and the IMF took prompt action to secure the affected accounts. However, the breach highlighted the importance of using a range of complex passwords and MFA to secure personal email accounts.
5) Spoutible API Attack
Social media platform and Twitter (X) alternative Spoutible had secured almost a quarter of a million users by June 2023, just four months after launch.
Unfortunately, in January 2024, security professional Troy Hunt was informed that an API endpoint was being exploited to return large volumes of user data. In all, 207,000 user records had been scraped in this way.
The API vulnerability allowed anyone to extract sensitive user information simply by entering a username into a URL.
The data retrieved included email addresses, hashed passwords, two-factor authentication details, and more. This API returned far more data than necessary, exposing personal information, password reset tokens, and other critical data, making user accounts vulnerable to takeover.
I cannot think of any reason ever to return any user’s hashed password to any interface […] There is never a good reason to do this. And even though bcrypt is the accepted algorithm of choice for storing passwords these days, it’s far from uncrackable.
6) Ivanti VPN Attacks
Using a VPN to hide one’s identity when accessing the internet might provide a false sense of security.
This valuable lesson was brought home in late 2023, when vulnerabilities were identified in Ivanti’s popular Connect Secure VPNs which might allow bad actors to remotely execute code and commands on VPN connected devices.
As Avanti themselves explained it, “exploitation does not require authentication and enables a threat actor to craft malicious requests and execute arbitrary commands on the system.”
Volexity security identified at least 1700 devices by mid-January 2024 and identified victims ranging from small businesses to Fortune 500 companies.
This attack highlighted the importance of adequately stress-testing third-party security add-ons and ensuring that only approved VPN devices are used.
How Can IT Pros Prepare for Cyber Security Threats?
Ultimately, as an MSP, you need to make sure you stay up to date with everything that is going on in the world of security and the latest cyber security threats. You simply cannot afford to hope for the best when it comes to cyber security.
Here are 4 tips you can action for better cyber security prevention:
Minimize your exposure as much as possible
Use security software that most matches the needs of your organization and keep it up to date. You can use anti-virus programs and firewalls which will help you detect malicious code. In addition, you can use network management software to monitor for intrusion detection and help you with keeping an eye on what’s happening on your network. Learn how a network monitoring system like Domotz can help you improve your network security.
Don’t just install anti-virus software or firewalls and call it a day. You also need to keep them updated.
Network management and monitoring software like Domotz can help reduce your attack profile – and manage update rollouts.
Make data backups an everyday way of life
Backing up your data regularly is not a form of prevention. It is something that saves your life in case of a cyber attack. However, here is an idea on how to backup your data. You can follow the 3-2-1 backup rule meaning that you’ll keep 3 copies of your data on 2 different types of media – 1 primary copy and 2 backups. You’ll store these copies in at least 2 types of storage media (local and external hard drive). You’ll store one of these copies in an off-site location (cloud storage). Remember, don’t forget to encrypt your backups to avoid lost or stolen backup copies. If you become a victim of ransomware or malware, the only way to restore your data is to erase your systems and restore with a recently performed backup.
Follow the 3-2-1 backup rule. Keep three copies of your data on two or more media types.
You’ll store one copy on your primary system. The other two should be encrypted backups – locally and in the cloud.
Rely on a network monitoring solution
It is often safer to rely on network monitoring software than on manual checks or reactive measures. Automated monitoring provides real-time insights and alerts. This helps detect issues early and reduces the risk of unnoticed vulnerabilities and security breaches.
You can choose Domotz to enhance your security. We’ll provide you with a comprehensive network security features to protect your network and detect vulnerabilities early. With real-time alerts, device tracking, and continuous monitoring, Domotz quickly identifies unusual activity for fast responses. Its user-friendly interface simplifies managing security, even for complex networks. By taking a proactive approach, Domotz helps you maintain a secure environment with ease and confidence.
Relying on Domotz to enhance your security levels is a smart choice. We’ll provide comprehensive network monitoring feature set that will help you detect vulnerabilities before they become threats. With real-time alerts, device tracking, and continuous monitoring, Domotz enables you to identify unusual activity instantly. As a result, you’ll be able to take action and quickly respond to potential breaches. Its user-friendly interface simplifies the process of managing network security, ensuring that even complex networks are protected effectively and efficiently. By offering a proactive approach to security, Domotz helps you maintain a secure environment with ease and confidence.
Foster an iron-clad cyber security threat culture
Teach your team members and stakeholders secure practices and behaviors. Conduct IT security assessments, implement BYOD policies, and devise thorough incident response plans. Above all, stress the importance of robust security and provide continuous employee training.
Read more on cyber security culture here.
Foster knowledge within your team by staying updated on the latest cybersecurity trends. Attend webinars, listen to podcasts, and continuously keep learning.
Find a small list of cyber security events and initiatives to follow.
Further reading: