Data Breaches

Eight Unexpected Data Breaches

With the vigorous development of the digital economy, the value and importance of data to enterprises continues to rise, and the accompanying data security risks also continue to emerge. In recent years, data breaches have occurred frequently, posing a great threat to corporate property security and reputation. Although most of the common data leakage incidents are caused by hacker attacks, there are still some “unexpected” ways that are also threatening the cybersecurity!


Here are eight unusual ways corporate employees can accidentally leak data, and recommendations for dealing with those risks.


01 Lens reflection leaks video text


Video conferencing platforms such as Zoom and Microsoft Teams have become the primary means of remote/hybrid work models. However, new research has found that video conference participants who wear glasses may accidentally leak information due to reflections from their glasses’ lenses.


Researchers at Cornell University have described a way to reproduce on-screen text during video conferencing through participants’ glasses and other reflective objects. Using mathematical modeling and human experiments, the researchers further investigated the severity of the identifiable text and graphic information leaked by webcams through reflective objects such as glasses.


Today’s 720p webcams allow attackers to recreate text content from video conferences, research finds, and the growing popularity of 4K cameras has dramatically lowered the threshold for leaking text information, allowing attackers to easily spy on most text on the screen .


If malicious attackers gain this capability, the security of some confidential and sensitive data is at stake. In this regard, the researchers proposed that software can be used to “code” the glasses area of the video stream to prevent data leakage.


02 Career information triggers phishing attacks


On professional social networking sites such as LinkedIn, people often update their job information to show the latest career changes, experiences and work locations, but this seemingly innocuous behavior can provide an opportunity for phishing attacks. Attackers search LinkedIn for new jobs, look up employee phone numbers on data brokerage sites, and then send phishing messages posing as executives inside the company in an attempt to defraud victims during their first few weeks on the job.


This approach has become so commonplace that many businesses stopped announcing new hires on LinkedIn and advised new hires to limit posting about new jobs. These measures can effectively reduce the risk of fraud for new employees. At the same time, the security team should also conduct relevant network security awareness education for new employees, and introduce what the company’s real text messages or emails look like and how to send them.


03 Social media leaks


Social media, such as Moments, is the main way for “netizens” to share their lives today. People may feel that posting pictures on personal social media and messaging apps does not pose a risk to sensitive corporate information, but accidentally leaking data through social apps is a problem. There is a real threat, please “workers” must be careful “there are hackers in the partition wall”!


It is necessary for enterprises to strengthen safety awareness education for employees in response to this problem. While it’s impossible to completely prevent employees from taking and sharing office-level photos, companies can highlight the risks of doing so, so that employees can be wary.


04 Misuse of the database


For data ingestion scripts, a simple misspelling of an IP address or URL can lead to the use of the wrong database. This would result in the hybrid database needing to be cleaned up or rolled back before the backup process begins, or a personally identifiable information breach will occur.


Therefore, security teams should utilize the TLS authentication mechanism wherever possible, reduce the risk of misidentifying servers and databases, and ensure that relevant monitoring log systems are stored accurately. At the same time, the monitoring objects should also include successful events and unsuccessful events.


In addition, enterprises should implement a strict set of rules, processes and security controls on how to use the database system, reduce data mixing incidents, reduce the impact of processing actual product data, and ensure that problems arising from security issues can be detected in the test environment. be thoroughly inspected.


05 Certificate Transparency logs leak sensitive data


Certificate Transparency (CT) logs allow users to browse the web with greater confidence and allow administrators and security professionals to quickly detect certificate anomalies and verify chains of trust. But attackers can also use the various details in such log certificates to track down companies and detail valid usernames or email addresses, or even attack applications with fewer security controls in order to take over and move laterally .


Since the data in CT logs is permanent, it is recommended that people such as training developers and IT administrators use a normal email account to register for the certificate. At the same time, administrators should also train users to understand what kind of content can enter the CT log to help avoid accidental disclosure of information.


06 Seemingly Innocent USB Devices


The small USB fan in summer can bring a little bit of coolness to people, and it can be plugged into the company’s laptop “handy”. However, these seemingly innocuous devices can act as attack backdoors, helping attackers infiltrate users’ devices and the wider corporate network. There are generally three main attack vectors for this type of USB hardware attack: maliciously designed hardware (malware preinstalled on the device), worm infection, and hardware supply chain infection.


Detecting these types of attacks at the endpoint level is difficult, but in a new generation of security technologies, antivirus and endpoint detection and response can monitor the execution flow of extended devices and verify code integrity policies to prevent many threats. Privileged access management (PAM) solutions are also important, preventing unprivileged users from using the USB port and preventing unauthorized code from running.


07 Scrap equipment leaks private data


If old office printers are discarded for recycling without first erasing private data such as Wi-Fi passwords, businesses are at risk of data breaches. Attackers can extract device passwords and use them to log into a company’s network to steal personally identifiable information.


Enterprises should encrypt all kinds of data, ensure that the decryption key of the endpoint device is protected by an authentication process, make sure that removable media is effectively controlled, ensure that data is always encrypted, and ensure that it can be recovered with the necessary controls and formal processes data, doing well in data protection.


08 Email compromise


Non-malicious emails sent by employees inadvertently also often lead to data breaches, such as the employee’s Social Security Number (SSN). It is necessary for businesses to monitor all employee emails with a data loss prevention (DLP) control system, which can detect multiple SSNs in email attachments, block emails, and alert Security Operations Centers (SOCs).


In addition, companies cannot rely too heavily on passive controls, and should adopt better data classification preventive controls to fully and clearly grasp the entire process of SSN data transmission from the production environment to a file in the training department. Such controls can even prevent An employee attempts to email an attachment to a personal account.

Follow by Email