As security professionals, we are inundated with news stories and articles about cyber attacks and breached companies. Sometimes, attacks become newsworthy because of the attacked company, for example when it’s a notable enterprise. Other times, the attack technique was so unique, that it deserves a headline of its own.
In this blog post, we take a different approach. Instead of naming and shaming, we will review three of the worst breaches and attacker tactics and techniques of 2022 that might have gone by unnoticed, and use them as a way to learn how to better protect ourselves.
This blog post is based on episode #9 of the Cato Networks cybersecurity Master Class (“The 3 Worst Breaches of 2022 That You Probably Haven’t Heard Of”). The Master Class is taught by Etay Maor, Sr. Director of Security Strategy at Cato Networks and an industry recognized cyber security researcher and keynote speaker. You can watch all the episodes of the Master Class, here.
Attack #1: Ransomware: The Sequel
Ransomware as a service is a type of attack in which the ransomware software and infrastructure are leased out to the attackers. In this first case, the threat actors used ransomware as a service to breach the victim’s network. They were able to exploit third-party credentials to gain initial access, progress laterally and ransom the company, all within mere minutes. The swiftness of this attack is unusual. In many cases, attackers stay in the networks for weeks and months before demanding the ransom.
So, how did attackers manage to ransom a company in minutes, with no need for discovery and weeks of lateral movement?
Watch the Master Class to learn more about the history of ransomware, ransomware negotiation and various types of ransomware attacks.The 3 Worst Breaches of 2022 (That You Probably Haven’t Heard Of) | Webinar
Attack #2: Critical Infrastructure: Sabotaging Radiation Alert Networks
Attacks on critical infrastructure are becoming more common and more dangerous. Breaches of water supply plants, sewage systems and other such infrastructures could put millions of residents at risk of a human crisis. These infrastructures are also becoming more vulnerable, with tools like Shodan and Censys that enable finding vulnerabilities fairly easily.
Let Etay Maor take you on a deep dive into ICS (Industrial Control Systems). Why are attacks moving from IT to OT (Operational Technology)? And, in the Master Class, we discuss security solutions for protecting critical infrastructure, like zero trust and SASE.
Attack #3: Ransomware (That Could Have Been Prevented)
The third attack is also a ransomware attack. This time, it consisted of a three steps approach of infiltration, lateral progression over the network, and exfiltration. You’ll learn the ins and outs of this attack, including who the victim is and why their point security solutions were not able to block this attack.
Etay Maor conducts a full breach analysis, taking us from a “single-point-of-failure” mindset to a holistic and contextual approach that requires securing multiple choke points.
To learn more about each of these three attacks, what to expect in 2022-2023 and how a converged security solution can assist in preventing similar attacks in the future, watch the Master Class.