COMMENTARY: The recent FBI takedown of the Dispossessor ransomware gang serves as a powerful reminder that fundamental cybersecurity practices are crucial in preventing devastating attacks. This group exploited well-known vulnerabilities, such as weak passwords and the lack of multi-factor authentication (MFA)— security issues we've repeatedly seen in major breaches.
One of the most striking examples of how basic security failures can lead to significant breaches is the 2019 Capital One incident. Here, a misconfigured web application firewall let an attacker exploit weak access controls, leading to the exposure of more than 100 million customer records. Properly enforced MFA and tighter access controls could have drastically mitigated the damage or even prevented the breach entirely.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
Similarly, in 2021, the Colonial Pipeline attack underscored the critical need for MFA. This breach was facilitated by a single compromised password that didn’t require any additional verification. The consequences were severe, leading to widespread fuel shortages across the East Coast. Had MFA been required on critical systems, the attackers would have faced a much more resilient barrier to entry, potentially averting the crisis.
MFA: A critical, yet incomplete option
While companies must deploy MFA as a vital layer of defense, it’s not without its vulnerabilities. Attackers are becoming more sophisticated, employing techniques like "MFA fatigue" attacks. A notable example occurred against Uber in 2022, in which an attacker armed with an employee's credentials repeatedly sent push notifications for authentication approval. Overwhelmed, the employee eventually approved one of these requests, giving the attacker access to Uber’s internal systems.
This incident highlights MFA's shortcomings—particularly when users are pressured or unaware of the risks. To enhance the effectiveness of MFA, teams should combine it with other security measures such as network segmentation, endpoint detection and response (EDR), and regular employee training. For instance, implementing risk-based authentication, which requires additional verification for anomalous login attempts, makes MFA more robust and resistant to such attacks.
Enhancing security without breaking the bank
Small and medium-sized businesses often face budget constraints, but effective cybersecurity doesn’t have to cost a lot of money. Teams can enforce strong password policies using affordable tools, and MFA products are increasingly accessible, even for smaller organizations.
However, it's also time to consider moving beyond traditional methods. Passwordless authentication options such as biometrics or hardware tokens are emerging as more secure alternatives, offering enhanced security without the complexities of managing passwords. These methods promise to eliminate the risks associated with weak or reused passwords, significantly reducing the attack surface.
In addition to MFA and passwordless authentication, network segmentation plays a big role in minimizing damage if an attack does take place. By isolating critical systems from less secure parts of the network, businesses can contain threats more effectively, preventing them from spreading and causing widespread damage.
The Dispossessor ransomware gang's success underscores how failing to implement basic cybersecurity measures can lead to significant consequences. By enforcing strong passwords, implementing MFA, and considering more advanced strategies like passwordless authentication and network segmentation, businesses can protect themselves from being easy targets for cybercriminals.
For most organizations, it’s not just about adopting the latest technologies: it’s about applying common sense in a practical and consistent way to defend against ever-evolving threats.
Callie Guenther, senior manager of threat research, Critical Start
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
