8 IT security disasters: Lessons from cautionary examples | #malware | #ransomware

Anyone who follows cybersecurity is aware of the steady drumbeat of data breaches and attacks. So, an attack needs to really stand out to earn the name “disaster.”

We’ve assembled eight truly disastrous IT security failures over the past decade, with the goal of finding not just clever hacks, but real mistakes on the part of the victims. Hopefully you’ll come away with some ideas on how not to suffer a disaster of your own.

2012: Court Ventures gets social-engineered

Hieu Minh Ngo proved that you don’t need a lot of technical know-how to breach the security of an important data broker and get access to a lot of people’s private information. Sometimes all it takes is some brazen misrepresentation and social engineering skills. While still in his early 20s, Ngo convinced Court Ventures, a data broker later purchased by Experian, that he was a private investigator in Singapore. He then purchased personally identifying information (PII) from Court Ventures as part of his “work.”

This data became the basis for an elaborate data marketplace that he promoted to identity thieves. All in all, he made nearly $2 million before he was arrested and pled guilty. While Ngo did in fact get his start as an ordinary hacker, his “non-technical” scam proved to be his most profitable.

2014: Mt. Gox collapses

Today, we’re used to all sorts of hacks and skullduggery and mistakes in the crypto realm (does “all my apes gone” ring a bell?). But 2014 was relatively early in the crypto era, and the world was riveted by the drama at a Japanese Bitcoin exchange called Mt. Gox. Originally developed as a site for trading Magic: The Gathering cards, by 2013 Mt. Gox was handling something like 70% of all Bitcoin transactions.

Mt. Gox had a problem with a hack in 2011 and managed to fix things in a way that satisfied most customers. But in 2014, the company rapidly became insolvent, cutting millions of dollars in bitcoin value off from their rightful owners. While the full story of what happened is still not entirely clear, it appears the 2011 hack never truly ended, that bitcoins were being skimmed off by attackers for years, and the company may have been essentially operating as a pyramid scheme, only able to pay for withdrawals with new deposits, by as early as 2013. Inside the company, a variety of terrible security and management practices were causing an implosion, with no version control system in place for software updates and all changes going through the corporate CEO, meaning security patches might take weeks to roll out. You’d think that this all might cause people to think twice about putting millions of dollars into unregulated crypto-based financial institutions, but that has not turned out to be the case.

Copyright © 2022 IDG Communications, Inc.

Original Source link

Leave a Reply

Your email address will not be published.

twenty + = 26