Cyberattacks and data breaches are omnipresent in the headlines, and this trend shows no sign of slowing down. In fact, for a third consecutive year, instances of data breaches have been on the rise compared to Q1 of the year before. And what is even more troubling is that data exfiltration has become routine in many of these attacks.
What is Data Exfiltration?
Data exfiltration is the theft or unauthorized removal of data from devices or networks arising from a data breach. While many cybercriminals aim to steal and sell data—think of that big Target data breach from 2013 in which hackers stole $40 million credit and debit card records—not all are so straightforward. Not all hackers are looking to steal data to sell on the dark web. Instead, some use data exfiltration as leverage to force compliance with their demands.
In looking back at some of the cyberattacks from the past year, we hope to demonstrate how data exfiltration works and the potential risk from this form of attack—as well as the importance of putting security measures in place to avoid facing your own attack or breach.
Data Exfiltration in Action
In May 2021, the Colonial Pipeline shutdown caused East Coast gas prices to soar amid panic buying. The cause? The fuel pipeline was shut down because of a ransomware attack carried out by a cybercriminal hacking organization. In addition to hackers targeting the company’s billing systems, they also stole nearly 100 gigabytes of data and threatened to release it if the ransom wasn’t paid. The attack lasted for five days and ended when Colonial paid the $4.4 million ransom for the encryption key and avoided data release. While some of the payment was eventually recovered, the company had already taken considerable losses in productivity and reputation and even faced class-action lawsuits because of the breach.
Less than a month after the Colonial Pipeline attack, JBS Foods found itself in the crosshairs in June 2021. While JBS Foods claimed that there was no evidence that any company data was exfiltrated, independent investigations into the attack found that the hackers did steal data for months leading up to the attack. The attack and subsequent delay in productivity generated fears of exacerbating existing supply chain shortages and inflating prices which led JBS to pay an $11 million ransom, one of the largest publicly acknowledged ransoms of all time, to bring their plants back online.
In July of 2021, an attack was launched against Kaseya. This attack compromised and exploited the Kaseya VSA product itself, but the hackers’ true intention was to access as many downstream customers through the platform as possible to maximize the potential earnings from their ransomware attack. This kind of attack is referred to as a supply chain ransomware attack. In the Kasey ransomware incident, the hackers responsible for the attack hoped to magnify their results by targeting a service provider and gaining access to clients’ systems. While there was no documented evidence of data exfiltration from this attack, the potential for widespread data theft from this type of attack should be obvious.
Three Attacks, One Lesson
These cases echo the same message: potential risks from a deficient or merely adequate cybersecurity posture are significant. In March, United States President Joe Biden issued a statement on the nation’s cybersecurity that echoes a similar sentiment saying, “You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely. We need everyone to do their part to meet one of the defining threats of our time — your vigilance and urgency today can prevent or mitigate attacks tomorrow.” It is more evident than ever before that as the cyber threat landscape continues to escalate, it requires a rigorous and proactive security strategy to protect a wide range of potential methods, including data exfiltration.
The Next Step
When was your company’s last risk assessment? Did you make the recommended improvements? What is your current cybersecurity posture? Even if you operate a small or medium-sized business, a lack of a robust cybersecurity posture can be detrimental. In fact, in many cases, small to medium-sized enterprises are even considered more attractive targets due to their likelihood of having lesser cybersecurity measures and because they don’t generate unwanted media attention on the hackers. Businesses of all sizes must protect their assets, intellectual property, and employee, vendor, and customer information with a robust cybersecurity posture.
A good place to begin evaluating your current cybersecurity readiness is by utilizing our Cybersecurity Evaluation Checklist as an assessment tool. This checklist is a jumping-off point to help your firm determine its current cyber risk exposure and readiness for critical event management.
After completing the checklist, reach out to learn more about how Coretelligent can help to strengthen your cybersecurity posture and protect your data. You can learn more about what we offer, including cloud-based solutions, backup and business continuity services, IT planning and strategy, compliance solutions, and more here.