The cyber climate is getting tougher with each passing day. In a security report from Check Point Software Technologies, it appears that cyberattacks against companies increased by as much as 50% in 2021 compared to 2020. Unfortunately, there is nothing to indicate that there will be fewer cyberattacks in the future – rather the opposite. The report also states that every fortieth organization has been affected and blackmailed in the wake of Ransomware attacks during the beginning of 2022.
But despite the fact that cyber threats are becoming more and more sophisticated, today far too few resources are put into proactive IT security. Instead, organizations are forced into a reactive one once the damage has occurred. Unfortunately, many organizations underestimate the importance of proactively protecting themselves and making intrusion attempts difficult. They think they have it all figured out when they scanned the security configuration and enabled certain security features in a security project on a single occasion. That’s not how reality looks. IT security is a marathon without a finish line. Expect the cybercriminals to be one step ahead and exploit known vulnerabilities in both systems, software and your employees.
Uber employee exposed to MFA Bombing
It is not uncommon for organizations to believe they are secure as long as they use, for example, multi-factor authentication (MFA). But the fact is that hackers found a way around it. Here is an example of what can happen, even if the MFA is in place.
September 2022: Uber
During the late summer, an employee at Uber was exposed to a so-called MFA Bombing. The attackers had managed to come across both leaked and cracked passwords through the Darkweb. One of the passwords led the attackers to a contracted consultant at Uber. Using the password, the attackers tried to authenticate the employee against the internal services of Uber. That’s when they set about showering the employee with MFA prompts. For over an hour, the attackers attempted to authenticate by sending out hundreds of MFA prompts. Finally the employee got tired and answered “Yes”. In this way, the attackers were able to get into Uber’s system and the attackers gained access to sensitive information and were then able to crack other accounts and elevate their privileges.
How could it have been prevented?
As mentioned earlier; the cyber threats are only becoming more and more sophisticated. Protection against MFA Bombing – which is a new form of attack – is needed and extremely important. Today, it is no longer enough to be asked “Yes” or “No” in the MFA app to protect yourself against this type of attack.
But it is not only MFA Bombing organizations that need to keep an extra eye on. Unfortunately, it is never possible to be 100% certain. This means that organizations must constantly work with new and/or updated security services that are continuously released to better protect themselves against changing threats. This also means that it is incredibly important to look at signals in your platform that tell you what you need to adjust for increased IT security. This may mean that you need to tighten the screws in some places in the business.
Protect your business with proactive IT security
So, how do you actually protect yourself proactively? A number of measures are required, including following the principle of least privileges, performing routine security analysis, monitoring the environment and training employees. In addition, it is extremely important to activate the right security features in good time, before attackers strike.
If you want to read more about how we at Coligo work with IT security and compliance, you can click here.