Cyber ​​Security: some famous data breach cases

Data-benchV03

Cyber ​​Security: some famous data breach cases

We hereby provide a brief collection of some famous cases occurred in the field of cyber security, since we strongly believe that experience, however devastating it can sometimes be, has the great ability to always leave us some lessons.

Unfortunately, in this field, “all is well that ends well” cannot certainly be said, as even in the best endings, appears evidence of permanent damages which will take years and resources to be healed. Being that we learn from experience, we recommend you take five minutes to read these famous cases of data breach, so you can grab some suggestions to prevent these unpleasant situations.

Remember that, as we have explained to you, the best weapon is always information and alpenite can be your valuable ally.

The GEOX case and the GARMIN case 

“A cyber-attack which practically keeps one of the major Italian companies in check. Geox has been targeted for days by hackers who have asked for a ransom to remove the virtual chains (with real heavy consequences) which are paralyzing the company, whose headquarters are in Montebelluna.” (Il Mattino di Padova, 19 June 2020)

“For nearly four days now, the Kansas City-based company has been the victim of a ferocious hacker attack based on ransomware-type malware that has effectively taken every online service of the company hostage.  Millions of users all over the world are struggling with connection problems on services that made Garmin one of the most important companies in the world of sports tracking” (Il Sole 24 Ore, 20 July 2020)

In this case we are talking about ransomware: a criminal technique that involves the seizure of the data, followed by a ransom to obtain the unlocking credentials. According to the experts, this was a wider attack which has affected many large companies all around the world, born from an unusual “synergy” between hacker groups usual rivals, who, acting jointly, added strength to their ransom demands. Investigations are still underway and the chances – already very small – of catching those responsible, are decreasing each passing day.

Geox and Garmin said that after reporting to authorities, they have hired an internal task force (Geox) and a team of experts (Garmin) to remedy the problem. The trigger of the ransomware is most likely an email, so, to avoid the problem, a measurement of user awareness could have been put in place with relevant training.

Furthermore, a preliminary risk analysis would have highlighted which strategic assets better to be covered with an additional protection.

The San Raffaele Hospital case

“Between February and March, an hacker group known as LulzSecITA carried out a hacker attack against the servers of the San Raffaele hospital, bringing to light medical records, credentials owned by doctors, patients and by the whole medical staff: from the data collected at the reception, going up to the executives, then getting the possibility of tampering with machines such as CT scans or respirators in the ICUs ” (La Voce, 24 May 2020) 

In fact, in this case, no ransom was officially required, because the Activist-hackers stated that their work had the sole aim of unmasking important flaws in health security. In addition, the San Raffaele hospital declared that the data breach only concerned an “obsolete area” that did not contain any sensitive data.

Unfortunately, however, the evidence seems not to be in favor of what was stated by the hospital. Indeed, the hacker group LulzSecITA has shown on Twitter that they have collected extremely recent sensitive data. At this time, it is not known how the case has been resolved. It is still unclear which and how much data had been stolen and San Raffaele continues denying a heavy impact of the hacking.

The point here, is that San Raffaele Hospital should have communicated the data breach within 72 hours (according to the current Italian law), but this does not seem to have happened. Furthermore, some proofs which indicate almost an attempt to cover up the breach, have been collected. Some employees stated that what the hackers have made known are the emails of the company staff, but they have never received any notice from the corporation regarding an eventual change of their passwords due to the possible violation. In a note sent in the meantime to a national newspaper “La Repubblica”, San Raffaele Hospital makes some specifications to clarify the circumstances:

“The mentioned situation, reported by an unreliable source, refers to an attempted intrusion which took place months ago and did not entail access to any sensitive data. The names of many operators are public due to operational reasons. The hospital management is already in contact with the competent authorities to provide any useful clarification. The data breach involved an application for a training course which was abandoned for years, with disused passwords and users”. 

For those who have never heard of LulzSecITA, it is an Italian hacker group known for some digital raids, recently been in the spotlight for having exposed a large group of pedophiles on Telegram – who were sharing photos and videos of child pornography – helping with investigations.

Obviously, this does not make them saints, but their intention is not to achieve beatification. In any case, posterity will judge.

The case of S.S. Lazio 

“An hacker would have managed to change the account number to which the Lotito company had to send the last 2 million installment for the payment of de Vrij, acquired in 2014 from Feyenoord for 7 million. A file was opened by the deputy public prosecutor Edmundo De Gregorio, the two companies have declared themselves as injured party.” (Sky Sport, 28 March 2018)

This is absolutely a phishing case, one of the most successful for sure. The investigations revealed how an intruder entered the conversations between the two companies, effectively stealing the identity of someone who had a certain credibility.

The criminal then did nothing more than providing a different account number in place of the correct one, effectively hijacking a full-of-money wagon train elsewhere. As we have already explained to you in previous articles, this is the most common, fastest, and most effective scam method.

Also, literally anyone could fall for it, since being victim of this mechanism is a snap. How to prevent this? Pure user awareness, training, and the establishment of processes regarding how to share highly important data such as any IBAN modification or its verification. Easy in hindsight …

If you want to concretely prevent the risk, you can contact us now. One of our cyber security experts will introduce you to how alpenite can help you; Don’t wait, have a professional assess the digital vulnerability of your company.