Only a few months into the year and malicious cyberattacks have already made the headlines. Cybersecurity issues related to malware and ransomware have impacted organizations of all kinds, calling attention to the fact that they need a plan to protect their systems and data around the clock. Let’s take a look at some of these cyberattacks and highlight a few ways they could have been avoided.
Potentially Deadly Cyberattack on a Florida Water Treatment Plant
While ransomware is usually at the center of many cyberattacks, this year proved that some hackers can be dangerous in other ways. In early February 2021, news broke about a cyberattack on a water treatment facility located near Tampa, Florida. The cybercriminal hacked into the plant’s control software and adjusted chemicals in a municipal water supply. While the plant was able to reset the changes, it could have resulted in damaged metal water pipes, skin irritation, or serious illness. In this situation the plant’s ability to quickly recover from a cyberthreat was key. The effects could have even turned deadly if the attacker had the opportunity to elevate concentrations higher.
Cybersecurity Leak Victimizes Thousands of Microsoft Customers
When a business does not have adequate endpoint security for all of its servers, it can put its customers at risk. During the first week of March 2021, Microsoft posted information about a cybersecurity attack that resulted in malware hashes and known malicious file paths. They claimed that after the criminals gained access, they deployed web shells on Microsoft’s compromised server. This allowed them to steal data and victimize at least 50,000 Microsoft customers — and the numbers continue to climb as news sources report more victims.
Verkada Camera Data Breach Victimizes Companies, Law Enforcement, and Healthcare Facilities
In March 2021, hackers breached security camera data collected by Verkada. As a result of the cyberattack, criminals gained access to live feeds of 150,000 surveillance cameras. This victimized several organizations, which included:
- Exposed footage of a Shanghai warehouse of carmaker Tesla, which shows assembly line workers.
- Access to security cameras owned by software provider, Cloudflare.
- Criminal access to over 300 security cameras inside the Madison County Jail located in Huntsville, Alabama.
- Leaked footage of officers questioning a man in handcuffs at a police station in Stoughton, Massachusetts.
- Video of staffers at Halifax Health, a hospital in Florida, tackling a man and pinning him to a bed.
While a managed firewall can help protect against an internet-based threat, this data breach was a result of employee error. Reports say that hackers were able to gain access after Verkada employees exposed an unprotected internal development system to the internet. The exposed data contained credentials for an account that had administrative rights to its network. Perhaps this breach could have been prevented if Verkada employees had undergone security awareness training that could have helped them avoid this cyberattack.