No industry, country or business is safe from cyber security incidents. August saw several high profile network breaches, causing major damage to several organizations. Let’s take a look at some of the biggest news that happened this month.
Game of Leaks: HBO Breached
At the beginning of August, HBO experienced a massive network breach on a scale larger than Sony’s incident from 2014. At first, the attack only appeared to have affected show content from the network, including material from “Game of Thrones”, “Ballers” and “Room 104”. Upon further investigation, the state was worse than initially thought. According to Engadget, hackers responsible for the breach also stole administrator passwords for HBO’s internal network, personal phone numbers for GoT actors and an archive of emails from the vice president for film programing. The attackers threatened to leak these files over the internet, demanding a ransom for their silence.
To add insult to injury, a group called OurMine hacked the social media accounts for HBO and several of the network’s shows. The group claimed to be simply testing the security and asked HBO to get in touch to upgrade its protection, BBC reported. OurMine has hacked high-profile Twitter accounts before, but it contributed to a long string of events for an already downed network.
HBO shows like Game of Thrones were affected by this network breach.
UK Experiencing Cyber Difficulties
Digital transformation doesn’t come easy, and securing digital assets is an even taller bill for many organizations. The U.K. found this out the hard way with attacks on parliament members and research showing the top businesses aren’t ready to handle cyber issues. At the end of June, U.K.’s parliament was hit by a 12-hour sustained and determined attempt to break into member’s email accounts. According to The Telegraph, hackers looked for weak passwords used by politicians and aides to breach the network. Experts suggested that if the email accounts were successfully accessed, they could be used for terrorist threats and blackmail.
As a result of this incident, among others, U.K. government initiatives were put in place to make the region a more secure place to live and do business online. Proposals were put in place to fine service organizations that fail to implement effective cyber security measures. The initiative would impact water, energy, electricity, transport and other operators, covering events like power failures and environmental hazards. Service operators must comply by May 2018 and have been invited to share feedback on the proposals.
While the initiatives are a good first step, it may not be enough. Two-thirds of bosses in top U.K. businesses aren’t trained to handle a cyber attack, and one in 10 are still operating without an incident response plan, Economia reported. Everyone is responsible for ensuring security, and business leaders must be included to ensure that assets are restored effectively.
“Hackers can use these weak passwords to control the device.”
Health Care IoT Increasingly Targeted
The Internet of Things is still relatively new, making it a perfect target for hackers to breach. In many cases, IoT devices have simple security configurations, and often aren’t changed from their default settings. The problem is, hackers can use these weak passwords to control the device and enter more lucrative areas of the network it’s connected to. In fact, a Deloitte survey found that 35 percent of respondents operating in an IoT-connected medical device ecosystem were breached within the past year, eSecurity Planet reported. When it’s a matter of life and death, it’s necessary to make sure that these devices are protected appropriately.
Unfortunately, securing IoT devices isn’t going to be easy. Organizations must also identify risks in legacy connected devices and ensure that everything can work together seamlessly. Dependencies and outdated operating systems make things significantly more complicated and can leave open vulnerabilities for hackers to exploit.
Hacked Server Casts Doubt in Kenya Election
In a year of topsy-turvy elections, Kenyan opposition leader Raila Odinga claimed that the electoral commission’s servers had been hacked to give incumbent Uhuru Kenyatta a significant lead. The New York Times stated that this accusation renewed fears of deadly unrest, given the region’s history of post-election violence. There were even a few technical glitches reported at polling stations, and a senior election official in charge of voting technology was killed prior to this year’s vote. Similar claims of election hacking in votes cast in different regions of the world serve as a trend for the future. Government agencies must better secure their voting systems and provide means of ensuring that results aren’t tampered with.
Ukraine Parcel Tracking Downed for 48 Hours
A massive DDoS attack against Ukraine’s national postal service – Ukrposhta – brought down the organization’s parcel tracking system for 48 hours. According to the BBC, the attackers flooded the website’s servers with a huge amount of traffic, interrupting manufacturing processes as well as impacting safety, quality and productivity. This event, on top of the NotPetya ransomware attacks that hit Ukrposhta in June, serve as a reminder that any organization can be impacted by DDoS attacks. Even if organizations don’t directly interact with consumers, it’s still important to implement appropriate security measures to protect businesses and their operations.
The breaches and other issues experienced throughout August serve as a significant reminder that all organizations must evaluate their data protection strategies and learn from past mistakes.