Why Are Corporations Still Experiencing Data Breaches?
Why Are Corporations Still Experiencing Data Breaches?
Posted on behalf of Arnold Law Firm
on April 5, 2022 in Data Breach Updated on November 1, 2022
In the digital age, corporations need to take extra precautions to secure their information, including sensitive client information. While cybersecurity measures have come a long way, there are still many vulnerabilities being exploited by bad actors.
Below, we discuss some of the steps these bad actors take to breach a corporation’s internal services and what they do once they gain access.
If you have received a notification of a data breach from any company, you should strongly consider speaking to our data breach lawyers in Sacramento as soon as possible to learn more about protecting your information and what legal options may be available to you to recover compensation.
How Are Data Breaches Still Occurring?
As corporations have begun putting more emphasis on cybersecurity, bad actors hoping to access their information have also started ramping up their own efforts to overcome these security measures.
Microsoft recently released updated information on a large-scale social engineering and extortion campaign that provides some insight into how some of these bad actors gain access to an internal system and use other methods to extract the information they want for financial gain.
Initial Access
There are a variety of methods used by these entities to obtain passwords and other credentials necessary to gain access to a company’s internal systems. Some of these methods include:
Deploying malicious Redline password stealers
Purchasing credentials and session tokens from criminal dark web forums
Paying employees within the targeted organization to access credentials and multi-factor authentications
Microsoft also discovered that these entities often first gain access to employees’ personal devices, which are often used for password recovery or multi-step authentication, to gather information to access the company’s system. In a process called “SIM-swapping” attackers gain access to a user’s phone number before signing into the corporate network. This can be used to handle phone-based authentication prompts to gain access to the target company.
Some entities are brash in their efforts and even post advertisements on social media or web forums looking for insiders who are willing to sell company information.
Reconnaissance
Once access is obtained, other tactics are used to extend the scope of that access, including:
Taking advantage of unpatched vulnerabilities on internal servers
Searching codes and platforms for additional credentials and sensitive information
The reconnaissance process allows the bad actor to spy on the internal server to see which accounts have higher privileges. Once those high-ranking accounts are identified, the bad actor goes after that account using some of the same processes as before, but also uses internal communication channels, like Teams and Slack, to escalate access.
The process keeps going until the highest level of access is reached.
Extortion
The purpose of bad actors accessing internal corporate servers is monetary gain. Bad actors’ plan once they have gained all access is to download all the necessary sensitive information and lock out the legitimate account holders for the purpose of extortion.
The bad actors frequently threaten public release of the sensitive information if a ransom is not paid by the corporation, but the attack does not stop there. Microsoft has also observed some bad actors using the initial access and control of internal systems to also gain access to crisis communications to see how the corporation is responding to the attack.
Impact
Entities in various industries have been hacked by these bad actors, including:
Retail
Healthcare
Manufacturing
Higher education
Energy production
Telecommunication
Government entities
And more
The more companies are impacted by these security breaches, the more likely your information is vulnerable. If you have received a notification of a data breach, call the Arnold Law Firm today.
What Are the Recommendations to Prevent a Breach?
There are some steps corporations should be taking to help prevent data breaches, including the following:
Strengthening Two-Step Authentication
Using modern and up-to-date hardware
Strengthening virtual security measures
Educating employees on preventative measures
Using modern authentication options for Virtual Private Networks (VPN)
The Federal Trade Commission has also released a guide to help businesses that are affected by data breaches.
How Businesses May Be Liable for Data Breaches
Despite a corporation’s role as the victim in a data breach, if client information is exposed in the breach the company could be held liable for damages.
Liability may fall to the company if there was a lack of security either by the company’s own cybersecurity personnel or that of a third-party vendor in charge of security.
Was Your Information Exposed in a Data Breach? Call Us Today
Every data breach case is different, so it would be in your best interest to speak to an attorney if your information was exposed in a data breach.
We offer a free consultation to discuss your claim and see what legal options may be available to you.
With personal injury cases, success is defined by more than the number of dollars awarded at settlement. Our clients come to us not just bearing physical and financial trauma, but emotional and situational scars, as well. As the legal process evolves, relationships are built with our clients that typically last for a lifetime. Sometimes, that […]
On November 8, 2018, Anna* and her family fled their home in response to the Camp Fire mandatory evacuation. The massive fire destroyed more than 18,000 homes, displacing 50,000 residents in the town of Paradise, California, and surrounding areas. They didn’t have friends or relatives in neighboring cities to stay with and soon discovered that […]
On a warm August evening, Ray G. and his family were driving home from a school sporting event. As his Ford F250 pickup traveled through an intersection on Washington Blvd in Roseville, California, a Toyota Corolla compact sedan ran the red light and slammed into the driver’s side of Ray’s truck. The driver of the […]
Kimberly and Brian, both established professionals in Sacramento, were excited about moving into a charming yellow house in one of the best neighborhoods in the area. They had agreed to a lease-to-own arrangement that allocated $3,500 per month toward rent and an additional $2,000 per month toward a refundable deposit for the potential purchase of […]
Matthew B. contacted the Arnold Law Firm after consulting with multiple attorneys in the Sacramento area, including another major personal injury firm and an attorney specializing in motorcycle accidents. His case was rejected by other attorneys due to complexity with liability. As the rider in a car vs. motorcycle collision, Matthew suffered significant injuries to […]
Mr. E was on his way to work one very ordinary fall morning when an inattentive driver ran a red light, collided with his vehicle, and changed his life forever. In that moment, although he didn’t realize it at the time, a chain of events was set into motion that affected every aspect of his […]
After a drunk driver hit me I wasn’t really sure what to do. A friend of mine Highly Recommended Arnold Law Firm, what a great recommendation it has been! The staff from lawyers to assistants has been nothing short of amazing. Always are calling and emailing me to update what is going on with your case. A very nerve racking thing to deal with personal injury and what comes from it. But with Arnold Law Firm you can rest knowing they are fighting for every inch for you. Need a law office? Look no further!
This firm is a joy to work with, they really care about their clients. Mr. Minney and Deena were wonderful to work with.
I am very grateful for the services I got from Arnold Law Firm! Everyone was great! Stephanie was awesome! Her dedication and perseverance were admirable! She was the person behind the success of my claim! I truly appreciate her in particular, and Arnold Law Firm staff, in general!
So far, we are very happy with Arnold Law Firm and the personal service we have received by Dominic Sandaval. We are looking forward to continuing this relationship through the remainder of our law suit.
Thank you, Gilbert and Joanne Joseph
Not just legal experts, The Arnold Law Firm and my case manager Stephanie Baffoni genuinely cares about you.
The Arnold Law Firm has a proven track record of success fighting for their clients and I am very thankful to have them supporting me during a very challenging time. What I did not expect is the level of compassion, partnership, and trust Stephanie and the team strives to achieve in what could have been a purely transactional relationship.If you want to be treated like a person, not a number, and know someone is looking out for your best interests, then look no further.