All it takes is one compromised credential for a hacker to access your company’s sensitive data. Every login and every device represents a gateway. If a cybercriminal steals either a physical device or user data, he or she gains access to your entire corporate network. That means the hacker can move laterally from one less sensitive application to others that hold valuable information. customer data or intellectual property. It’s a lesson one of the U.K.’s largest mobile network providers had to learn the hard way.
“Three lost 95,000 subscribers in the wake of the attack.”
Hundreds of thousands of records stolen
Three CEO Dave Dyson released a statement explaining that his company had experienced a data breach, and writing that the perpetrators obtained account information of 133,827 customers. Although the hackers did not obtain bank details, PINs, passwords or payment information, they made away with names, addresses, dates of birth, telephone numbers, account numbers and more. This all occurred as the cybercriminals launched an attack in which they initiated illegal device upgrades for eight customers for the purpose of stealing and then selling those phones.
The Telegraph interviewed an unnamed spokesman from Three who said the people behind the breach used authorized logins to access Three’s upgrade system. As a result, the company lost 95,000 subscribes in the wake of the attack, costing it approximately £60 million.
Neither The Telegraph nor Dyson disclosed how the hackers obtained credentials to Three’s upgrade system. However, Trend Micro noted cybercriminals often target low-risk credentials first before moving laterally to more high-risk applications.
How could have Three mitigated the severity of this cyberattack?
Hindering lateral movement
Preventing hackers from stealing credentials is a never-ending, uphill battle that companies will never fully win. The best approach to mitigating the impact of data breaches is to cryptographically segment applications and set role-based access controls. While the former encrypts application data flows associated with specific users, the latter prevents unauthorized employees from accessing critical applications. This approach contains data breaches and stops hackers from moving laterally across networks, which eventually allows them to view and alter application data.
Role-based access control and cryptographic segmentation are the core functions within Certes Networks’ CryptoFlow solutions. To learn more, check out our white paper.