More than 1 million Washington residents who filed for unemployment had their personal information stolen.

Edward Gately, Senior News Editor

February 5, 2021

10 Min Read
Unemployment benefits application
Shutterstock

Unemployment benefit claims remain nearly four times higher than this time last year, and cybercriminals are taking advantage of this surge.

This week, news broke that an estimated 1.4 million Washington state residents who filed unemployment benefit claims had their Social Security numbers (SSNs), driver’s license numbers, bank account numbers and employment information stolen.

The Office of the Washington State Auditor (SAO) said it suffered the data breach after a threat actor exploited a vulnerability in a Accellion secure file transfer service. The exposed unemployment benefit claims were in data files from the Employment Security Department (ESD) and contain sensitive personal information of Washington residents.

Some 10.7 million Americans were out of work as of December. With unemployment benefit claims at record highs, it’s never been more important for government agencies to heighten the protection of their programs and their users.

Justin Fox is director of software engineering at NuData Security, a Mastercard company. They said there have been other cyber incidents involving unemployment benefit claims.

Fox-Justin_NuData-Security.jpg

NuData Security’s Justin Fox

“The Canadian Revenue Agency had several issues earlier this year due to COVID-19-related benefit administration,” they said. “There was also the SolarWinds hack, which is a third-party solution [for] many organizations that mirrors the traits in this breach.”

Every affected resident who filed unemployment benefit claims will need to step up their diligence and be on the lookout for fraudulent activity on their accounts and credit reports, Fox said.

“Attackers will often leverage data acquired from a data breach to create new accounts, initiate free-trial fraud or break into existing accounts,” they said.

COVID-19 benefits are proving more alluring for cybercriminals, Fox said.

“Basic security hygiene is a key prevention tactic for most breaches, but was not the focus in this breach,” they said. “Compliance with enterprise standards like NIST 800-53 would be beneficial. Ensuring vendors are compliant would help for this specific breach.”

Purandar Das is CEO and co-founder of Sotero Software.

Das-Purandar_Sotero-Software.jpg

Sotero Softwares Purandar Das

“Data sharing, by organizations, is one of the key areas of vulnerability,” he said. “This activity is an area that will be targeted more and more by hackers. Organizations have relied on secure data transfer – meaning the data is protected in transmission – as being sufficient. This is no longer true. Even if the data is secure during transmission, the underlying data is in clear text. True and complete data protection has to be built from the ground up. Regardless that the data is being transmitted over a secure channel, data security must start at the source. The data should be protected (encrypted) all the time, even in use. This is a huge part of protecting data and information.”

Das said the damage from a breach involving unemployment benefit claims is multifold:

  • Immediate loss of trust.

  • Financial exposure for the affected individuals.

  • Losses for the government through fraud leveraging the credentials.

  • Financial and legal liabilities from fines and legal actions.

  • Long-term impact on other platforms as data is co-mingled with other stolen and publicly available information.

  • Financial impact of replacing or reissuing lost credentials and recreating artifacts

“Credit card companies discovered this a long time ago,” Das said. “Hence the reason why credit card information is never transmitted to the retailer. The card companies encrypt it and don’t transmit or share the information. Unfortunately the same mechanism does not work for everyone. The transmitted data needs to be available for use and analysis. Adopting newer technologies that enable the use of encrypted data by the proper parties coupled with multi-party key ownership for authentication is one way to eliminate data loss during transmission.”

MSSPs and other cybersecurity providers can help by assessing the threat posed by third-party tools, he said. They can also maintain control and security of data when data is outside the organization.

In addition, they can eliminate the need to …

… have data be in plain text anywhere, Das said.

“This is powerful since it makes data useless even when lost,” he said.

Cybersecurity providers can also implement multi-party key ownership and access on a transactional basis. And they can implement automated data access and anomaly detection at the data level.

Breaches Drop, but Leaked Data Soars in 2020

More than 1,100 data breaches and exposures impacted more than 300 million Americans in 2020.

That’s according to Atlas VPN. Cybercriminals took advantage of the worldwide uncertainty created by the pandemic for a quick gain.

However, the number of events actually went down by nearly one-fifth, from 1,362 in 2019 to 1,108 in 2020. The number of affected individuals also dropped by 66%. It fell from more than 887 million in 2019 to more than 300 million in 2020.

Rachel Welch is COO of Atlas VPN.

Welch-Rachel_Atlas-VPN.jpg

Atlas VPN’s Rachel Welch

“While data breaches and exposures declined in 2020, other research sources reveal that the number of actual data records leaked reached record-highs last year,” she said. “Cyberattacks are growing more sophisticated as cybercriminals find new and more effective ways to exploit organizations and consumers.”

Cyberattacks were the primary reasons behind such data infringements. They made up 79% of all the root causes and hit close to 170 million individuals. Phishing, including smishing and business email compromise, was by far the most common cyberattack method behind 44% of such breaches.

Other reasons behind data breaches and leaks last year included human and system errors, at 14%, as well as physical attacks, at 7%.

While data breaches and exposures declined in 2020, they still caused massive damage. That’s because cybercriminals managed to get ahold of a wide array of sensitive personal information.

The most commonly leaked personally identifiable information type was a name. Up next was SSN.

Cybercriminals Upping Their Game with Bots, Automation

Cybercriminals increasingly are turning to bots and automation to make their attacks more efficient and effective, and to help them avoid detection.

In December, Barracuda researchers analyzed a sample of two months of data on web application attacks blocked by Barracuda systems and found a massive number of automated attacks. The top five attacks were dominated by attacks performed using automated tools.

Some of the key data points covered in the report include:

  • Nearly 20% of attacks detected were fuzzing attacks. That’s where cybercriminals use automation to find the points at which applications break to exploit.

  • About 12% of attacks were injection attacks. And most of the attackers were using automated tools like sqlmap to try to get into the applications. Many of these attacks were script kiddie-level noise. Those are attacks thrown at an application without reconnaissance to customize the attacks.

  • Bots pretending to be a Google bot or similar were a close third. Those accounted for just over 12% of the web application attacks analyzed.

  • Application distributed denial of service (DDoS) was surprisingly prevalent. This made up more than 9% of the sample Barracuda researchers analyzed. Cybercriminals are executing this across all geographies. A small portion of attacks come from bots blocked by site administrators.

Tushar Richabadas is Barracuda‘s senior product marketing manager for application and cloud security.

Richabadas-Tushar_Barracuda.jpg

Barracuda’s Tushar Richabada

“If you look at some of the big attack campaigns in the past, like the ones against Drupal that were dubbed ‘Drupalgeddon,’ you see hundreds and thousands of sites being hacked using automated tools,” he said. “The reasons for the attacks succeeding are typically lack of updating the website software … and lack of protection in place before the website, such as a web application firewall (WAF).”

Once a hack happens, bad actors can deface the site or use it for any kind of attack, Richabadas said. For instance, the servers can be used as …

… a relay for spam, as command-and-control servers for ransomware or to perform other attacks.

“Defacement of these sites leads to loss of reputation and business for the organization,” he said. “The worst, of course, are the ones that end up in data breaches. Getting hacked by these tools can lead to legal action and even business shutdowns.”

In many cases, organizations don’t understand how to block these attacks, Richabadas said. They may also lack time/personnel to keep sites updated and defended. For a long time, website protection has been a lower priority for organizations, though that’s changing rapidly.

“The top two things that can be done are better logging/visibility with a SIEM, and implementing web application protection with a WAF or WAF as a service,” he said. “Without proper visibility, you don’t get a clear understanding of the risks. A WAF can block attacks, including zero-day attacks, and provide the IT team with time to test and patch new vulnerabilities.”

ID Agent: Poor Passwords Still Major Cause of Breaches

Just this week, more than 3 million customers of a U.S. car service had their details compromised after a cybercriminal posted them to the dark web. The resulting data breach involved a large range of data exposure, including more than 93,000 bcrypt hashed passwords.

This is just another example of poor password security causing data breaches. In 2020 alone, more than 81% of data breaches were due to poor password security. And hackers dropped more than 22 million records on the dark web, signaling the need for a password security reset.

Year after year, people fail to recognize the importance of changing their passwords. But with increasing cyberattacks, this issue cannot be ignored.

ID Agent, a Kaseya company, has published a list of the 20 most common passwords of 2020. The list comes from a scan of nearly 3 million passwords found on the dark web last year. And it breaks down the most commonly used types of passwords by category.

The most common passwords by category are:

  • Names: maggie

  • Sports: baseball

  • Food: cookie

  • Places: Newyork

  • Animals: lemonfish

  • Famous People/Characters: Tigger

Among the most common passwords found on the dark web last year are: 123456, password, 12345678, 12341234, 1asdasdasdasd, Qwerty123, Password1 and 123456789.

Mike Puglia is chief strategy officer at Kaseya. He said people don’t take password security seriously. This is especially true as the average U.S. adult has between 90 and 135 different applications that require a set of credentials.

Puglia-Mike_Kaseya-2019.jpg

Kaseya’s Mike Puglia

“Most employees that generate their own passwords will use personal formulas made up of words and numbers that are important to them for easy recall,” he said. “Individuals tend to choose passwords that can be divided into 24 common combinations. And users will often only change one letter or digit in one of their preferred passwords when required to make a new one.”

Organizations should train employees in best practices around generating and storing passwords, Puglia said. In addition, they should frequently remind them of the importance of password security.

“Businesses should also use a robust identity and access management (IAM) system,” he said. “A combination of solutions that includes multifactor authentication, single sign-on protections and identity management tools is a critical component of any cybersecurity strategy, bolstering and augmenting the safety of data and systems at every access point.”

MSSPs can help organizations by providing them with IAM solutions that easily integrate with the organization’s existing applications, Puglia said.

“IAM solutions with single sign-on capabilities are especially impactful, as MSSPs can uniformly access all applications from one place and employees won’t need multiple passwords for the software solutions they use daily,” he said. “MSSPs can also work with organizations to set secure password policies that ensure employees aren’t reusing old passwords or creating easy-to-guess ones. Additionally, they can offer organizations automated email phishing defense solutions, as this provides an extra layer of protection from credential compromise.”

Read more about:

MSPs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like