The Hacks of 2023 – And How/Where Attestation Could Have Helped

Relevant topic since YouAttest and friends is giving a talk on how Attestation can help mitigate or at least lessen the frequency and severity of hacks. (ISC2 East Bay Webinar: Security Attestation – The Key to a Secure Enterprise)

At YouAttest, we believe the act of attestation is a key component missing in IT and specifically IT security. 

Image #1: Attestation needs to become part of the enterprise IT and IT security fabric.

Attestation is defined as an official verification that something is true or authentic. In terms of information technologies, it is the process that verifies that permissions, events or changes are validated and that the attestor is willing to “sign-off” and “certify” the action/event/status.   Extremely relevant to Identity changes and permissions – but in light of recent hacks and events, the act of attestation should be expanding to other domains. 

So we decided to look at a few of the bigger hacks (reported) in 2023 – and come up w/ how/where attestation could have helped mitigate the attack or at least the severity and/or scope of the hack.  

NOTE: It is not to say these affected institutions did not implement the attestation – it’s just a list of where attestation could be used to create a more secure and governed enterprise.  

Chick-Fil-A: March 2023

The Hack:

The company noticed unusual login activity, investigated the anomaly, and determined the cyber attack happened within the first few months of 2023. The hacker used email addresses and passwords from a third-party to get into the system and acquire information like membership numbers, names, emails, addresses, and more.

Relevant Technology:

Anomaly detection devices, be it SIEMs, ITDR and UEBA equipment

Where Attestation Can Help:

In conjunction with these security components that monitor the hacks – an attestation process can be put into place to ensure the proper personnel acknowledge the hack and then comment what investigation and mitigation procedures were put in place.

Activision: March 2023

The Hack

Activision was hacked in December 2022 – it’s reported that employees weren’t even aware of the breach until much later (2023).

Hackers reportedly managed to phish an employee at the Call of Duty publisher on December 4, 2022, and were able to access internal data related to games and employees. Developers only learned of the attack via Twitter screenshots of stolen data.

Relevant Technology:

Employee data stores, DLP monitoring equipment, corporate communications

Where Attestation Can Help:

Attestation is not only a security procedure but also is a much-needed practice for governance and compliance.  This is an area where attestation is relevant to both.  

  1. In the security components, attestation should be put in place for any DLP and monitoring tools – for anomaly and for implementation of policies into enforcement rules.
  2. For corporate governance – there could (and probably should) be an attestation process in place where an event such as employee records exposed have a timed disclosure to the affected parties.  All documented and automated.                      

T-Mobile: March 2023

The Hack

In early January 2023, T-Mobile discovered that a malicious actor gained access to their systems in November 2022 and stole personal information, like names, emails, and birthdays, from over 37 million customers. Once the hack was identified, T-Mobile shut down the hack in a day.

Relevant Technology:

DLP, Data Stores, SASE components and corporate PII policies 

Where Attestation Can Help:

Big data exfiltration cases is when the general public (and legal staffs) start caring about security.    Even the best run enterprises can and probably will suffer from a data breach.  What happens in these cases in that it is common for regulatory bodies to request policy, practice data from the attacked.   

Here is where attestation is crucial.   An enterprise must be able to show that the decisions, practices, events and changes have been documented and meet the approved security policies which are in line with industry practices AND the regulations and guidances that this business is practicing under!

U.S. TSA: Jan 2023

A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 ‘selectees’ has been shared publicly on a hacking forum.   Swiss hacker maia arson crimew (formerly Tillie Kottmann), stumbled upon a misconfigured AWS server containing TSA’s No Fly list, as first reported by Daily Dot journalists Mikael Thalen and David Covucci.

Relevant Technology:

CIEM, AWS, PAM, IAM

Where Attestation Can Help:

Permission changes in key resources and the controls around these resources should always be attested – and in the case of PHI, PII and CUI – probably at a couple of levels.   The process of identity roles and permission attestation is not only a must for security purposes – but is a requirement for multiple compliances including SOX.   Auditors want to see what, who and why of these changes.   

Needless to say – once a breach occurs, these attestations are often requested and required in the forensic process.   Why having a process in place prior is key to a secure and govern enterprise.

Identent Living Systems (ILS):  March 2023

Independent Living Systems (ILS) in March, 2023, notifed over 4 million customers of a data breach.   

Exposed data included PII and PHI including, Full names, dates of birth, and addresse, Driver’s license and Social Security numbers, State, taxpayer, Medicare, and Medicaid IDs, and more.

Relevant Technology

2-Factor Authentication, Firewalls, Control protocols, user training and user notification

Where Attestation Can Help:

Wanted to finish with this one – because ILS has cited future security and procedural methods to secure the data. 

The enterprise site the were going to take additional steps to improve its cyber security and prevent future attacks by:

  • strengthening credential requirements, 
  • bolstering its perimeter firewalls, 
  • Incorporating rapid victim notifications,
  • enhancing internal control protocols, and
  • increasing cyber training

All of these active items can and should be integrated w/ attestations – to insure the timely execution and review.   And to ensure the proper personnel were involved in the activity.

 —

Contact us today to learn more about how YouAttest can help automate your attestation for identity and other resources and processes.   And please register for the ISC2 East Bay Webinar, April 13th: Security Attestation – The Key to a Secure Enterprise)

Facebook
Twitter
LinkedIn

More
articles