24 billion record breach puts SMEs at greatest risk
Small businesses with inadequate IT support, which rely on single sign-on credentials for access to e-mail, accounting software and customer relationship management (CRM) platforms, are the most at risk from a data breach containing 24 billion records, say two experts.
Cybernews researchers found an exposed Elasticsearch cluster – a high-performance database that stores, indexes and rapidly searches massive volumes of structured data – containing 24 billion records and more than 8.3TB of data. The database was exposed to the internet because of a configuration error, it says.
Most records appear to be infostealer logs, including usernames, e-mails, passwords and login URLs drawn from 36 sources, including Telegram channels and breach compilations. The database is no longer publicly exposed, but reused passwords may still put accounts at risk, says Cybernews.
Jacqui Muller, Belgium Campus iTversity researcher and PhD candidate in computer science, says: “For many South African SMEs, the greatest risk is not necessarily the business application itself, but the Google or Microsoft account employees use to access it.”
Many organisations rely on single sign-on, allowing staff to log into multiple business services using the same Google or Microsoft credentials, says Muller. “If that primary account is compromised and is not adequately protected with multi-factor authentication (MFA), an attacker could potentially gain access to every connected platform, from ERP and accounting software, to CRM, collaboration and cloud services.”
One key, every door
Muller explains that this makes ERP platforms particularly attractive targets because they are at the centre of finance, procurement, payroll and supplier management. While most major ERP vendors support MFA, it is the customer that decides whether and how it is enforced – which could result in two companies using the same software having very different security levels.
“SMEs are often more exposed because they may lack dedicated IT security resources and do not consistently enforce MFA across identity provider accounts or require it at every login,” says Muller.
Many organisations also rely on location-based or “trusted location” policies, where users signing in from familiar geographic areas face fewer authentication checks, Muller explains. “However, attackers can spoof or route their traffic through the same geographic regions, reducing the effectiveness of location alone as a security control.”
By this year, attackers were using AI to scale and accelerate cyber crime, which extends from generating code and automating attacks, to crafting convincing phishing and deepfake scams. The AI Incident Database lists more than 7 000 incidents in which AI was used as a hacking tool.