If you read about cyber attacks and think, “It won’t happen to me,” think again. Some people look at the names of organizations that have faced major, headline-grabbing data breaches (Microsoft, Slack) and think their enterprise will be overlooked. Not so. Black hat actors will not discriminate. And they certainly will not stop.
Since the pandemic, there’s been a 600% increase in cybercrimes. Since 2018, there’s been a 350% increase in ransomware attacks. That said, let’s look at some significant cryptographic failures in the past year and how you can protect yourself from cyber attacks before they happen.
5 Recent Data Breaches
While you probably recognize all or most of the business names in the following list, be aware that recent data shows that small businesses are three times as likely to be targeted by cyber criminals. And one survey found about one in five businesses had at least account hacked in 2021.
This data breach happened in January of 2022 when hackers stole over $33 million dollars worth of cryptocurrencies. The crime was attributed to the criminals being able to pass two-factor authentication and gain access to Crypto.com’s users’ wallets.
In this major cyber attack, hundreds of millions of Twitter users’ data was collected and sold. The data collection is said to be attributed to scraping attacks taking advantage of a flaw in Twitter’s API system, but the breach only really started making news after users’ information was already being sold on the black market.
The Red Cross
In what is a suspected nation-state attack, hackers broke into servers that held the personal information of over 500,000 people receiving services from the Red Cross. Data was specifically related to a program that reconnects people separated by violence, war, or migration.
FlexBooker is an online-booking and appointment-scheduling software company. In late 2021, hackers breached their security and installed malware on their servers. The malware gave them control over FlexBooker’s entire system and mined millions of users’ confidential information.
It wasn’t over. Not long after, in early 2022, they were the victims of another attack, and these two breaches impacted about 19 million users. FlexBooker suffered financial losses due to people abandoning their platform.
Marquard & Bahls
A German energy company, this cyber attack caused the destabilization of its IT infrastructure resulting in the closing of 200 gas stations and significant negative impact to the fuel supply chain. The attack was attributed to a black hat group in Russia.
TLS and SSL Vulnerabilities
In our second Crypto Convo episode, our Chief Strategy Officer, Dr. Vincent Berk, and our new Board of Directors member, Ret. Admiral Michael S. Rogers, discussed SSL vulnerabilities among the larger subject of cyber warfare.
Ret. Admiral Rogers’ distinguished career includes leading U.S. Cyber Command and as the director of the NSA. He talked about his experience with the Heartbleed bug, a cryptographic failure in OpenSSL encryption software.
This type of attack not only exposes users’ personal information, but can also lead to hackers uncovering a server’s secret keys – making any and all information vulnerable.
Ret. Admiral Rogers said he was tasked with figuring out “how is the Department of Defense going to respond to this vulnerability?” He said the major challenge is that “SSL-associated vulnerabilities are both significant in potential impact but also in magnitude; they’re so broadly dispersed. The first challenge was trying to identify among all our users, among all our network configurations, where exactly…does the vulnerability reside within our systems?”
The hardest part, he said, was identifying where this vulnerability existed, but the second greatest challenge was executing “the fix.” It took months of work.
In the past, other SSL vulnerabilities like Beast and Poodle have been related to issues like legacy encryption and cipher block chaining (CBC) mode. The Breach TLS attack targeted HTTP compression and could force a browser to connect to a third-party website, allowing hackers to monitor traffic between the browser and the server.
Two Misconceptions About Cybersecurity Risks
We mentioned the #1 bad idea earlier – “It won’t happen to me.” Thinking that your organization will never be the victim of a cyber attack is a mindset that can definitely come back to haunt you. It can’t be the excuse for inaction.
“Better safe than sorry” is a much better approach. A major reason why smaller-sized business are frequently targeted for cyber attacks could be that that about half of small- and mid-size businesses do not have a cybersecurity plan, as one 2022 study reported.
Think not if, but when. How you can best protect yourself should be your primary focus.
A second bad idea is: “There’s nothing I can do.” Elite, next-gen, crypto-agile, and crypto-diverse security is not just a luxury item for large corporations. Resilient cybersecurity is actually attainable for small- and medium-sized businesses too. And we’ll tell you how.
Secure Data Solutions for Every Enterprise
Phio TX is a crypto-agile, crypto-diverse, and quantum-safe enterprise management platform. The patented technology enables network infrastructure and enterprise risk teams to implement effective cryptographic policy and stay ahead of evolving threats and everyday cybersecurity risks.
FIPS-validated and scalable for any size organization, Phio TX works with your existing encryption environment and network infrastructure to extend its security capabilities at every layer of the cryptographic stack.
Phio TX removes single points of failure common to modern-day encryption practices while future-proofing your crypto infrastructure for the quantum era. This singular solution offers:
- Redundant out-of-band key delivery
- Quantum entropy
- Diversified current and post-quantum algorithms
- Software stack redundancy
- Key mixing
Why Is Phio TX the Best Answer for Your Enterprise?
Because the threat landscape and encryption techniques are constantly changing, you need a cryptographic solution that is fluid and diversified. Replacing legacy encryption with post-quantum cryptographic algorithms will be challenging, but an agile, crypto-diverse platform is the key to future-proofing the security of your network infrastructure.
Humans are a contributing factor in 85% of data breaches. Weak entropy sources, programming and implementation errors, and lack of key rotation also contribute to cryptographic failures.
You can also check out our Crypto Convo: Episode 2 for more insight into major cryptographic failures, cyber warfare, and why it’s so important to face these security risks head-on.