• There are no suggestions because the search field is empty.
3 min read

3 Lessons to Learn from Real-Life Cyberattacks

Josh Moore
Written by Josh Moore

Cloud technology, business applications and machine learning increasingly runs the world and makes almost every modern business faster and more competitive. But with the undeniable benefits of technology come some unavoidable risks:

Let’s look at just a handful of recent cybersecurity breaches and dive into the important lessons every organization needs to internalize about cybersecurity.


In March, Volkswagen Group of America, Inc. was notified that a partner had left unsecured data on the Internet that had been accessed by an unauthorized party. Thanks to an outside vendor that VW and Audi and some of their dealers use, criminals had been able to gather personal information from customers between 2014 and 2019. In most cases, that included driver's license numbers and, in a small number of cases, Social Security numbers, VW or Audi account numbers and birthdays for 3.3 million customers.

After a similar breach several years ago, Target has tried to improve security, especially where outside partners are involved. The attackers backed their way into Target's corporate network by compromising a third-party vendor. The number of vendors targeted is unknown. However, it only took one. That happened to be Fazio Mechanical, a refrigeration contractor.

A phishing email duped at least one Fazio employee, allowing Citadel, a variant of the Zeus banking trojan, to be installed on Fazio computers. With Citadel in place, the attackers waited until the malware offered what they were looking for - Fazio Mechanical's login credentials. In response to this incident, a corporate webpage describes changes made by the company regarding their security posture, including the following:

  • Monitoring and logging of all system activity
  • Updated firewall rules and policies
  • Limited or disabled vendor access to their network
  • Disabled, reset, or reduced privileges on over 445,000 Target personnel and contractor accounts
  • Expanded the use of two-factor authentication and password vaults
  • Trained individuals on password policies


The Dark Nexus botnet was first discovered in late 2019 and has continued to evolve and spawn into 40 iterations that have wreaked havoc around the globe. The botnet was initially developed to unleash both malware and a distributed denial-of-service (DDoS) attack on IoT devices such as video recorders and routers. 

The Internet of Things (IoT) enables organizations to connect its systems and make more work automated. But as your IoT usage grow, so do your potential risk. As seen with the Dark Nexus botnet, large numbers of connected access points are attractive targets for cybercriminals. A strategy for safeguarding IoT should include the following:

  • Conduct a risk assessment of all IoT deployments and then establishing a security baseline is a more effective approach than implementing a blanket level of security.
  • Scan for unauthorized IoT devices, including smart TVs, set-top or cable boxes, IP cameras and smartwatches, which can be used as a backdoor into your network. Once you identify these devices, you should update security settings. 
  • Change default passwords for all identified devices. Attackers can easily identify and access internet-connected systems that use shared default passwords. It is vital to change default manufacturer passwords and restrict network access to critical and important systems

Statistics provided by the technology research firm Comparitech indicate that the critical technical methods of solving issues with default passwords (the most common tactic cybercriminals use to attack IoT) require a focus on authentication, access control and encryption.


Several years ago, the online cloud storage company DropBox revealed that 100 million user accounts and personal information was stolen after an employee’s password was compromised. It turned out that the employee’s password was part of a LinkedIn data breach and was reused to access a Dropbox corporate account. In other words, this employee reused the same passwords for vital corporate data as they did for personal accounts.

This incident illustrates one of the long-standing issues of policing passwords. Despite the large number of public incidents involving stolen passwords, people continue to have what appears to be a low disregard for considering their security implications, as reported in an article by CNN.

The National Cyber Security Centre (NCSC) offers valuable advice for devising an effective password management strategy: 

  • Consider implementing technical solutions that limit the reliance on passwords, especially for access to critical data.
  • Broaden your password protection measures to include an extra level of protection, including multi-factor authentication (MFA).
  • Train all employees about the importance of password security and hammer the lessons into them on a consistent basis so they understand the importance and consequences of their actions.


There is an overused saying in the cybersecurity world that says, “It’s not a question of if you get breached, it’s a question of when.” Although this may seem a bit dramatic, when you consider all the stories we see on our newsfeeds about ongoing cybersecurity breaches, it’s certainly not a bad idea to be prepared for a cyberattack.

Protecting against cyberattacks is certainly an important piece of the puzzle, but we also need to know how to properly detect a breach, how to respond to it and how to recover from it. If you’d like to learn more about responding to cybersecurity threats, download our free Cybersecurity Handbook. If you would like a cybersecurity roadmap for your organization, reach out to us today for a cybersecurity risk assessment.  

Cybersecurity risks checklist CTA

Subscribe by Email