Though cyberattacks dominated the news in 2014, with companies such as JPMorgan Chase, Target and Home Depot suffering from breaches, cyberattacks aren’t limited to only big companies. Brand recognition matters little to cybercriminals, and organizations of all sizes have been victims of a data breach. This trend will likely continue in 2015, with attacks growing not only in number, but in sophistication, as well.

The following is a look at a handful of the most damaging threats of 2014 and how they changed the corporate conversation on data security and protection:

Home Depot Data Breach

In this breach, cybercriminals compromised more than 56 million credit card and debit card accounts, along with 53 million customer email addresses. They used the stolen email information in multiple phishing scams that targeted unsuspecting customers. Similar to the Target breach, attackers used stolen credentials from a third-party vendor and exploited an unpatched vulnerability in Microsoft Windows to compromise the company’s point of sale devices. According to Krebs on Security, they targeted the 7,500 self-checkout lanes, which were clearly referenced as payment terminals by the internal systems.

Heartbleed Bug

The Heartbleed bug existed for two years before it was discovered as a vulnerability. It exists in the very popular OpenSSL data encryption standard that reportedly affected more than 500 million websites at the time of discovery. Several organizations were breached through this exploited vulnerability, including the Canada Revenue Agency, where more than 900 Social Insurance Numbers were compromised in just a matter of hours.

Bash Bug

This bug, which had gone unnoticed for more than two decades, let cybercriminals execute malicious code within a bash shell, the typical command prompt on PCs, Macs and Linux machines. This let them overwrite authentication information and gain access to confidential information by taking control of the operating system. Since this vulnerability existed for such a long time, it also affected many older systems whose operating systems were no longer supported with patches to fix the vulnerability.

JPMorgan Chase

In this breach, cybercriminals gained access to names, addresses, phone numbers, email addresses and internal JPMorgan Chase information for more than 83 million accounts. The source of the attack that led to the data breach was discovered to be an overlooked network server that was missing a simple security fix that enabled two-factor authentication.

Why You Need to Act

While it is impossible to anticipate every attack and prevent every data breach, it’s important to be equipped with the following tools and security programs to have an integrated threat protection system that protects your company’s data and minimizes the risk and damage caused by an attack:

  • Comprehensive Asset Discovery: You can’t protect what you can’t see. It’s vital to ensure you have visibility into every endpoint within your organization regardless of whether it is fixed, mobile or remote.
  • Install Two-Step Authentication for Logins: This simple security fix ensures additional protection against a potential breach in case of lost or stolen passwords.
  • Real-Time Situational Awareness and Incident Response: You need to have a tool that can give you real-time visibility into your endpoints with the capability to ensure automatic quarantine and immediate remediation of all your endpoints, wherever they are located.
  • Automated Patch Management: Having an efficient automated patch management solution that can find vulnerable endpoints and apply required patches within minutes or hours can reduce the window of exposure to any potential threats.
  • Vulnerability Management: Having an efficient vulnerability management system would ensure the most vulnerable endpoints are patched and secured first by analyzing the risks associated with the various vulnerabilities and identifying the priority of remediation through patches and configuration management.
  • Mobile Threat Management: Given the shift to an increasingly mobile workforce, mobile malware is the next big security threat to every enterprise. With employees using a number of apps and devices to increase productivity, your enterprise is susceptible to rogue and malicious apps compromising your data.

How IBM Can Help

IBM Security provides you with the right tools to ensure you are well-equipped to face increasingly sophisticated advanced threats. The following solutions are designed to disrupt the life cycle of advanced attacks with a three-pronged approach that helps you prevent, detect and respond to threats:

  • IBM BigFix™ ensures your endpoints are in continuous compliance with various security and operational policies. With real-time visibility into your endpoints and automated custom remediation capabilities, it ensures your organization is equipped with a real-time situational awareness and incident response system.
  • IBM MaaS360™ lets you provision, secure and manage your mobile devices, apps and content — all from a single portal — while minimizing risk to your organization.
  • IBM QRadar SIEM™ consolidates log source event data from thousands of device endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives.
  • IBM Security Trusteer Apex™ Advanced Malware Protection provides protection against unknown, zero-day threats and advanced malware without affecting user productivity. This software protects endpoints throughout the threat life cycle by applying an integrated, multilayered defense that breaks the attack chain and preempts infection.

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read