When news surfaced that San Mateo, CA-based camera manufacturer Verkada Inc. suffered a breach, it did not take long to realize the extent. Within hours there were reports of live feeds from over 150,000 of its security cameras including those in prisons, hospitals, schools, police stations, tech offices and manufacturing environments including Tesla Motors.
How did it happen? A group of hackers accessed the data collected through compromised administrative credentials. The hackers claiming responsibility for the incident said the breach was intended to show the dangerous pervasiveness of video surveillance.
Why does this matter?
"Once more, we are watching a broad-scale cyberattack affect large organizations, healthcare systems, schools and even detention centers. There's little doubt there will be even more organizations affected, despite the industry just recently learning about the SolarWinds breach, where we failed to deploy best practices to safeguard credentials and digital identities, says Exabeam President Ralph Pisani, in a statement. “The Verkada breach is especially dangerous because the hackers used stolen credentials to obtain root access on the surveillance system. This provides the potential for lateral movement, which means they could execute their own code and steal sensitive data stored elsewhere on the network.”
Pisani continues, “This has serious implications for individuals and enterprises, so we must do more to safeguard credentials as they remain the most valuable asset for malicious actors. We do this by teaching proper credential protection through security awareness training, including using multi-factor authentication,” he says. “We can also employ security solutions that protect email servers, but individuals should also know how to accurately spot phishing emails in both personal and professional email accounts.”
Webroot Senior Security Analyst Tyler Moffitt tells IndustryWeek, “As Verkada’s data storage is fully centralized, hackers would have access to all data and streams that their manufacturing customers set up. Because of the large amount of, often blind, trust put in manufacturers who manage home and business cameras, streams and accounts, the biggest impact to them might be increased scrutiny of the security of their camera networks and overall security posture. This can then have further reaching effects for sales, customer relationships and a manufacturer’s brand reputation.”
Centrify CEO Art Gilliland agrees adding that not only can this type of infiltration harm the breached supplier, it puts customers and, more importantly, the people they serve, at risk. “In this instance, images and videos of corporate offices and even medical patients being treated are being leaked. This type of breach can have physical security implications as well by giving people inside looks at office layouts and possibly even security systems.”
Lessons learned
According to Gilliland, preventing similar breaches from happening in the future, starts with implementing modern privileged access management (PAM) to reduce exposure. “By leveraging existing enterprise identity infrastructure to enforce least privilege access for humans and machines, taking a Zero Trust authentication approach, and minimizing the use of shared accounts, organizations can provide a more granular level of access control while also increasing accountability and reducing the overall threat scape, including attack surfaces such as security cameras,” says Gilliland.
Exabeam’s Pisani adds, “Organizations can use proactive threat intelligence to identify campaigns targeted at them and behavioral analytics technology to reliably distinguish normal user behavior from the abnormal activity of attackers, to identify and remove intruders from the network. Exabeam advocates strongly for alert and aware cyber citizenship, and we share these suggestions to educate the community, while fulfilling the mission of helping security teams to outsmart the odds."
According to Moffitt, any manufacturers involved in this situation needs to quickly communicate “to employees and initiate communications protocols for alerting customers and other stakeholders,” he says. “Also consider changing cameras to a local NVR or DVR storage. While not as convenient as storage and management through a site or app, through these methods manufacturers are in charge of their data and access, and no third-party compromise would jeopardize that.”
