A data exfiltration attack involves the unauthorized transfer of sensitive data, such as personal data and intellectual property, out of a target system and into a separate location. These transfers could either occur internally, through insider threats, or externally, through remote Command and Control servers. Every cyberattack with a data theft objective could be classified as a data exfiltration attack.

Data breaches are cybersecurity events that significantly harm a company’s reputation, finances, and compliance posture. When information is leaked or extracted from your database via a third-party partner, that is known as a third-party data breach. These events can have a devastating impact when your company handles sensitive information belonging to clients.

2021 was another record-breaking year for cyber attacks, with reports of massive breaches and huge ransomware demands dominating headlines. It’s a trend that does not seem to be slowing any time soon, either. Currently, there are thousands of vendors in the market, with over $130 billion spent annually on defense and yet, the number of breaches continues to rise. Arctic Wolf's 2021 Data Breaches in Review counts down the most noteworthy, high-profile, and damaging data cybercrimes of the year.

Picture this. You’re an administrator in charge of providing basic amenities and day-to-day needs across 1,000 beds in an urban multispecialty hospital. One fine morning, you notice that all the patients’ bedside monitoring systems (the computer-like devices that display patient vitals like heartbeat and blood pressure) have stopped functioning, leaving doctors and nurses in the dark.

In the latter part of December 2021, WhiteSource Diffend detected the new release of a package called @maui-mf/app-auth. This package used a vector of attack that was similar to the server side request forgery (SSRF) attack against Capital One in 2019, in which a server was tricked into executing commands on behalf of a remote user, thereby enabling the user to treat the server as a proxy for requests and gain access to non-public endpoints.

Tsippi Dach explores some notable breaches caused by mis configuration s and how organizations can avoid becoming the next big headline.

Organizations often have their confidential information illicitly for sale on the darknets, but they don’t know it. Statistically, over 75% of compromised credentials are reported to the victim organization by law enforcement when it has become too late. That’s why dark web monitoring tools providers are the appropriate solution to help you know on time when your credentials are stolen and exposed on the dark web.

As Data Privacy Day once again rolls around, we can look back at some healthy improvements when it comes to privacy that organizations made over the previous 12 months. We can also use this yearly reminder on such an important topic to look forward to the coming year to pinpoint where additional changes are needed.

The number of U.S. data breaches reported in 2021 increased dramatically over the preceding year. As reported by the Identity Theft Resource Center (ITRC), there were 1,291 data breaches between January 1, 2021 and September 30, 2021. The volume beat out the 1,108 breaches detected over the course of Full Year (FY) 2020. It’s therefore not surprising that data compromises year-to-date (YTD) was up 27% last year compared to FY 2020.

On June 23, 2021, threat actors reported that they had stolen a terabyte of data from Saudi Aramco, a state-owned oil company in Saudi Arabia. The threat actors released samples of data they had procured after redacting critical information. They also claimed to have detailed information on Aramco’s employees, such as their full names, photographs, passport scans, emails, phone numbers, residence permit (Iqama card) numbers, job titles, employee ID numbers, and family information.