CSTI
    breachThe Commercial Era (2010-2019) Daily Briefing Landmark Event

    Cybersecurity Briefing: Data Breaches and Credential Attacks Highlight Risks

    Saturday, August 31, 2019

    Today, the cybersecurity landscape reflects ongoing challenges as several notable incidents come to light.

    Imperva Data Breach In a disclosure published earlier today, Imperva announced a significant data breach affecting its Cloud Web Application Firewall (WAF) users. The breach, discovered on August 20, exposed email addresses, hashed and salted passwords, API keys, and SSL certificates. This incident underscores the dangers of misconfigured cloud services, potentially compromising the integrity of services relied upon by numerous organizations. The breach raises critical questions about cloud security practices and the need for rigorous security measures to protect user data.

    State Farm Credential Stuffing Attack Overnight, State Farm reported a credential stuffing attack that allowed unauthorized access to certain customer accounts. Utilizing lists of previously compromised usernames and passwords, the attackers managed to breach accounts, although the company confirmed that no sensitive personal information (PII) was accessed. This incident highlights the importance of implementing multi-factor authentication (MFA) and educating users about the risks associated with reused passwords. In an era where credentials are frequently leaked, organizations must prioritize user education to mitigate such risks.

    Phishing Attack on Presbyterian Health Services This morning, it was revealed that Presbyterian Health Services fell victim to a phishing attack that compromised the protected health information of approximately 183,000 patients. The attack exemplifies the persistent vulnerabilities within the healthcare sector and the necessity of regular employee training on cybersecurity awareness. As phishing attacks continue to evolve, healthcare organizations must develop robust training programs and incident response plans to protect sensitive patient data.

    General Cybersecurity Trends Moreover, data from the National Vulnerability Database (NVD) indicates a troubling rise in reported vulnerabilities, reflecting the ongoing trend of increasing cybersecurity threats. As of August 2019, the total number of reported data breaches has surged, prompting organizations to emphasize the necessity of sound risk management practices and effective controls to secure sensitive data. This trend is a stark reminder of the cyber landscape's dynamic nature and the continuous need for vigilance and adaptation in security measures.

    These incidents collectively highlight the persistent challenges organizations face in securing their digital infrastructures against increasingly sophisticated cyber threats. As we move forward, it is imperative for businesses to adopt proactive security strategies, reinforce employee training, and implement advanced protective measures to safeguard against data breaches and attacks.

    Sources

    Imperva State Farm Phishing Healthcare Cybersecurity Trends