{"id":13568,"date":"2023-10-31T10:17:16","date_gmt":"2023-10-31T10:17:16","guid":{"rendered":"https:\/\/ivaluegroup.com\/en-gl\/?p=13568"},"modified":"2023-10-31T10:17:16","modified_gmt":"2023-10-31T10:17:16","slug":"cybersecurity-horror-stories-learn-from-others-mistakes","status":"publish","type":"post","link":"https:\/\/ivaluegroup.com\/en-kh\/blogs\/cybersecurity-horror-stories-learn-from-others-mistakes\/","title":{"rendered":"Cybersecurity Horror Stories &#8211; Learn from Others\u2019 Mistakes"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"13568\" class=\"elementor elementor-13568\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-943eef7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"943eef7\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5d85064\" data-id=\"5d85064\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-31e49dc elementor-widget elementor-widget-image\" data-id=\"31e49dc\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"768\" height=\"768\" src=\"https:\/\/ivaluegroup.com\/en-kh\/wp-content\/uploads\/sites\/5\/2023\/10\/create_a_halloween_image_for_the_ghosts_of_cyber-768x768.jpg\" class=\"attachment-medium_large size-medium_large wp-image-13571\" alt=\"\" srcset=\"https:\/\/ivaluegroup.com\/en-kh\/wp-content\/uploads\/sites\/5\/2023\/10\/create_a_halloween_image_for_the_ghosts_of_cyber-768x768.jpg 768w, https:\/\/ivaluegroup.com\/en-kh\/wp-content\/uploads\/sites\/5\/2023\/10\/create_a_halloween_image_for_the_ghosts_of_cyber-300x300.jpg 300w, https:\/\/ivaluegroup.com\/en-kh\/wp-content\/uploads\/sites\/5\/2023\/10\/create_a_halloween_image_for_the_ghosts_of_cyber-150x150.jpg 150w, https:\/\/ivaluegroup.com\/en-kh\/wp-content\/uploads\/sites\/5\/2023\/10\/create_a_halloween_image_for_the_ghosts_of_cyber-24x24.jpg 24w, https:\/\/ivaluegroup.com\/en-kh\/wp-content\/uploads\/sites\/5\/2023\/10\/create_a_halloween_image_for_the_ghosts_of_cyber-36x36.jpg 36w, https:\/\/ivaluegroup.com\/en-kh\/wp-content\/uploads\/sites\/5\/2023\/10\/create_a_halloween_image_for_the_ghosts_of_cyber-48x48.jpg 48w, https:\/\/ivaluegroup.com\/en-kh\/wp-content\/uploads\/sites\/5\/2023\/10\/create_a_halloween_image_for_the_ghosts_of_cyber.jpg 1024w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6c58635 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6c58635\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6885081\" data-id=\"6885081\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2d5ca3c elementor-widget elementor-widget-text-editor\" data-id=\"2d5ca3c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p><span style=\"font-weight: 400;\">Since it\u2019s Halloween, let\u2019s start by comparing and contrasting two of the more well-known figures of horror in recent pop culture.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">One feeds on human blood, the other on human data.<\/span><\/p><p><span style=\"font-weight: 400;\">One weaponizes their fangs, the other their fingers. (Preferably on a state-of-the-art keyboard.)<\/span><\/p><p><span style=\"font-weight: 400;\">They both operate in the shadows, one by force, the other by choice.<\/span><\/p><p><span style=\"font-weight: 400;\">Finally, if you invite one to your home, and the other to your network, you can be sure chaos will ensue.<\/span><\/p><p><span style=\"font-weight: 400;\">Both are good costume options if you\u2019re heading to a party. A cape, fake teeth, and a general sulk will do for the former, and a simple face-covering black hoodie for the latter. (Or, if you\u2019re feeling especially lazy, just a black hat will suffice.)<\/span><\/p><p><span style=\"font-weight: 400;\">Figured out who these are yet? The first one is the vampire, popularized by the likes of Count Dracula and the Cullens. The second one is the cybercriminal, popularized by the sheer amount of horrific hacks in recent times.<\/span><\/p><p><span style=\"font-weight: 400;\">This blog is all about how their reign of terror has affected companies all over the world, and steps you can undertake to ensure that you\u2019re not next on their hit list.<\/span><\/p><h5><b>Horror at the Hospital: The AIIMS Breach<\/b><\/h5><p>\u00a0<\/p><p><b>The setup:<\/b><\/p><p><span style=\"font-weight: 400;\">This particular set of \u201cmonsters\u201d knew healthcare organizations face the highest cost of a data breach, and so decided to haunt India\u2019s mainstay in that space. On November 23rd of last year, AIIMS reported a breach that compromised e-records &amp; sensitive data of crores of patients.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">The fallout was terrifying. Appointments, consultations, and registrations were suspended, medical research was delayed and AIIMS was ultimately left with a ransomware demand of Rs. 200 crore to be paid in cryptocurrencies, or else.<\/span><\/p><p><b>The scary part<\/b><span style=\"font-weight: 400;\">:<\/span><\/p><p><span style=\"font-weight: 400;\">Because of improper network segmentation, it didn\u2019t take much time at all for these criminals to suddenly be in possession of 1.3 terabytes of data spread across 5 different servers. Instances like this lend heft to the stat that it takes a mere 84 minutes for a hacker to break out into the system after getting initial access.\u00a0<\/span><\/p><p><b>Moral of the story:<\/b><\/p><p><span style=\"font-weight: 400;\">A main pillar of your cybersecurity strategy should be to divide your network into different segments. This segmentation minimizes the number of hosts an attacker can potentially exploit and inhibits their ability to spread laterally within an organization. Incorporating the principle of least privilege when it comes to user access also fortifies this.<\/span><\/p><p><span style=\"font-weight: 400;\">There is a silver lining to this story. AIIMS learned from their mistakes, and their new approach led to them successfully thwarting a similar malware attack earlier this year.<\/span><\/p><p>\u00a0<\/p><h5><b>The Vaccine Crime Scene: CoWIN Data Leak<\/b><\/h5><p>\u00a0<\/p><p><b>The setup:<\/b><\/p><p><span style=\"font-weight: 400;\">One fine day, a new Telegram bot was released by a hacking tutorial channel called hak4learn. This bot was a lot like other bots, except with a terrifyingly creepy feature: by simply entering someone\u2019s mobile number, you could immediately gain access to their names, AADHAAR details, PAN details, and the exact place where they got their COVID-19 vaccine.<\/span><\/p><p><b>The scary part:<\/b><\/p><p><span style=\"font-weight: 400;\">After this breach occurred, a lot of speculation pointed to a direct breach of the CoWIN platform.<\/span><\/p><p><span style=\"font-weight: 400;\">Instead, the hacker revealed on Business Today that they found vulnerabilities in an associated platform that focuses on child health. A couple of compromised health worker credentials later, they had access to a platform with over 110 crore registrations.<\/span><\/p><p><b>Moral of the story:<\/b><\/p><p><span style=\"font-weight: 400;\">In an age of collaboration, it\u2019s not enough to fortify your cybersecurity. Follow the same stringent guidelines for every third-party provider\/vendor you work with, and don\u2019t forget to audit them at regular intervals.\u00a0<\/span><\/p><p>\u00a0<\/p><h5><b>Home Invasion: The RentoMojo Incident<\/b><\/h5><p>\u00a0<\/p><p><b>The setup:<\/b><\/p><p><span style=\"font-weight: 400;\">Home invasion movies can be a nerve-wracking experience to sit through. RentoMojo and their customers experienced this in real life when personally identifiable information of over 1.5 lakh users was obtained by a cybercrime group called ShinyHunters. Exploitation of cloud misconfiguration was deemed to be the main reason for the breach.<\/span><\/p><p><b>The scary part:<\/b><\/p><p><span style=\"font-weight: 400;\">RentoMojo immediately sent out emails to their customers, indicating that a breach had occurred but no financial information was secured by the attackers.<\/span><\/p><p><span style=\"font-weight: 400;\">Weeks later, their customers were subjected to very scary emails from the attackers themselves, indicating that they had financial information in the form of KYC bank documents and RentoMojo was taking no steps to retrieve all this.<\/span><\/p><p><b>Moral of the story:<\/b><\/p><p><span style=\"font-weight: 400;\">The cloud can seemingly be a tricky place. Gartner\u2019s latest hype report says that by 2025, 99% of cloud security incidents can be traced back to preventable misconfigurations made by end users. Often because of the complexities involved in assimilating to a new product, companies brush through the cloud adoption process and miss even the most essential settings. In horror movie terms, this is tantamount to leaving your backdoor open when there\u2019s a killer on the loose.<\/span><\/p><p><span style=\"font-weight: 400;\">Take time to understand the nuances of your cloud system while integrating it. A little more attention to detail will make it a lot harder for attackers to breach your systems.<\/span><\/p><p>\u00a0<\/p><h5><b>The Frankenstein\u2019s Monster of Faridabad: Cyberabad Data Theft Case<\/b><\/h5><p>\u00a0<\/p><p><b>The setup:<\/b><\/p><p><span style=\"font-weight: 400;\">A Hyderabad social worker tips off the Cyberabad police, claiming that personal data is being sold by someone on JustDial. A few weeks later, this is traced to a certain Vinay Bhardwaj, a Faridabad-based turned data thief who sold all his offerings on a site called InspireWebz. What they found on him was far more horrifying than anyone could\u2019ve imagined.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">He possessed the personal data of over 66.9 crore people from across 24 states. He had data on students enrolled in Byju\u2019s and Vedantu, info related to 1.84 lakh cab users across 8 metros, and details regarding 4.5 lakh salaried workers in the state of Gujarat. He had GST data, RTO data, bank data from SBI, Axis Bank &amp; Bank of Baroda, and App data from Paytm, PhonePe, Zomato, Upstox, and BigBasket. The list goes on because almost nobody was spared in this digital carnage.<\/span><\/p><p>\u00a0<\/p><p><b>The scary part:<\/b><\/p><p><span style=\"font-weight: 400;\">When some of these organizations were called in by the Cyberabad police for questioning, most weren\u2019t even aware of a possible data leak. Many denied data theft but admitted that the data collected was in the same format as what they stored on their database. A few months later, we still have little to no idea about how exactly Vinay got access to all this data.<\/span><\/p><p>\u00a0<\/p><p><b>Moral of the story:<\/b><\/p><p><span style=\"font-weight: 400;\">Only 1 out of 3 data breaches are discovered by a company\u2019s security team. That speaks volumes about how ill-equipped most companies are for this monstrosity that is cybercrime. In the face of this ever-evolving threat, IT systems have to be agile and reactive to the task at hand. Start by getting a data security stack that streamlines your cybersecurity, while simultaneously giving you full visibility and oversight across your entire system.<\/span><\/p><p><span style=\"font-weight: 400;\">A common factor across these 4 horror stories is the need to streamline logins and authentication for users. To that end, countermeasures like password managers and phishing-resistant MFAs are absolute must-haves.<\/span><\/p><p><span style=\"font-weight: 400;\">Right, so we looked at how cybercriminals can terrify organizations. But this last example points to a more insidious threat: after all, sometimes, the enemy lies within.<\/span><\/p><p>\u00a0<\/p><h5><b>AI\u2019m Scared: The Samsung ChatGPT Incident<\/b><\/h5><p>\u00a0<\/p><p><b>The setup:<\/b><\/p><p><span style=\"font-weight: 400;\">Everyone\u2019s using ChatGPT these days, and most dystopian horror stories reference instances like this being the start of AI inevitably taking over the world.<\/span><\/p><p><span style=\"font-weight: 400;\">But what if we actively hand over the reins to them? Wouldn\u2019t that be a lot scarier?<\/span><\/p><p><span style=\"font-weight: 400;\">Earlier this year, Samsung reported not one, but three different incidents of employees handing over sensitive information to ChatGPT.<\/span><\/p><p><span style=\"font-weight: 400;\">One engineer entered source code to find out how to resolve a software bug.<\/span><\/p><p><span style=\"font-weight: 400;\">Another executive recorded a confidential meeting, transcribed it using an audio-to-text app, and put said transcript up on the OpenAI platform to get meeting notes.<\/span><\/p><p><span style=\"font-weight: 400;\">The third employee used it to optimize a test sequence for identifying defective chips.<\/span><\/p><p><b>The scary part:<\/b><\/p><p><span style=\"font-weight: 400;\">ChatGPT saves all its conversations to train its models. So, there\u2019s every chance this sensitive info may be exposed unintentionally in future conversations on the platform.<\/span><\/p><p><b>Moral of the story:<\/b><\/p><p><span style=\"font-weight: 400;\">It\u2019s one thing to ban programs like this as company policy. But it will fall on deaf ears if you don\u2019t reinforce the message across the board. Regularly conduct awareness training in all cybersecurity-related topics to make employees your true allies in the fight against cybercrime.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">So the next time cyber criminals come trick or treating at your organization\u2019s door, have the tools necessary to scare them off for good. Thanks for reading, and Happy Halloween!<\/span><\/p><p><br \/><br \/><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Since it\u2019s Halloween, let\u2019s start by comparing and contrasting two of the more well-known figures of horror in recent pop culture.\u00a0 One feeds on human blood, the other on human data. One weaponizes their fangs, the other their fingers. (Preferably on a state-of-the-art keyboard.) They both operate in the shadows, one by force, the other &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/ivaluegroup.com\/en-kh\/blogs\/cybersecurity-horror-stories-learn-from-others-mistakes\/\"> <span class=\"screen-reader-text\">Cybersecurity Horror Stories &#8211; Learn from Others\u2019 Mistakes<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":19,"featured_media":15059,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[109],"tags":[],"whitepapers":[],"case_studies":[],"acf":[],"_links":{"self":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts\/13568"}],"collection":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/comments?post=13568"}],"version-history":[{"count":0,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts\/13568\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/media\/15059"}],"wp:attachment":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/media?parent=13568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/categories?post=13568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/tags?post=13568"},{"taxonomy":"whitepapers","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/whitepapers?post=13568"},{"taxonomy":"case_studies","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/case_studies?post=13568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}