Thought Leadership
Thought Leadership
Resources
Blog
January 2025: Breach Roundup
Thought Leadership

January 2025: Breach Roundup

Written By
Beyond Identity
Published On
Feb 4, 2025

Nidec Corporation

Date: June, 2024

Attack Type: Multi-Factor Authentication / Perimeter-Based Defense

Source: https://breach-hq.com/breaches/nidec/2024-jun

Breach Summary

The Nidec Corporation suffered a ransomware incident that resulted in the exposure of over 50,000 files containing sensitive business documents, internal policies, and correspondence with partners. Attackers infiltrated the networking infrastructure of Nidec Precision in Vietnam using compromised VPN credentials. The attack was attributed to the 8BASE and Everest ransomware gangs.

Beyond Identity Defense

VPNs work best when you can trust the device that is connecting over the VPN. If that trust can't be established, then the VPN serves as security theater, allowing anyone with the credentials to access corporate resources. When used with traditional memoized credentials such as username/password or with legacy SSO, becomes a serious threat.

When Beyond Identity is used to authenticate the user and device in order to log into the VPN or SSO session, the credential used bound to the device and cannot be read or moved by bad actors, eliminating the risk that a bad actor can gain access from stolen credentials or a second device. Additionally, with hardware-backed, cryptographic, device-bound credentials, they cannot be shared or moved from the approved user and device from which are created on. In this case, the attacker would have been unable to ascertain the credentials to the VPN either through sharing or theft.

Lastly, Beyond Identity deploys strong, single device MFA using inherence factors and a policy engine that would provide 3 strong preventative factors in this scenario.

PowerSchool

Date: January, 2025

Attack Type: Multi-Factor Authentication / Symmetric Credentials

Source: https://techcrunch.com/2025/01/17/malware-stole-internal-powerschool-passwords-from-engineers-hacked-computer/

Breach Summary

Hackers responsible for the PowerSchool breach allegedly accessed the personal data of more than 62 million students and 9.5 million teachers. PowerSchool says on its website that its technology is used by more than 60 million students. The compromised systems were not protected with Multi-Factor authentication and were susceptible to password-based attacks. The attack was specifically aimed at the company's support system.

Beyond Identity Defense

Beyond Identity protects all critical assets including applications and devices with strong, hardware-bound, phishing-resistant multi-factor authentication (MFA). In this circumstance, symmetric credentials (Username / Password) were easily ascertained by the attacker as a means to access critical personal information and records.

Beyond Identity would have provided several layers of protection in this case that were not implemented.

  1. The elimination of a shared secret (the password) with device-bound cryptographic asymmetric credentials
  2. Strong, phishing-resistant single device based multi-factor authentication

The attacker would not have been able to access the system without from an unsanctioned device nor would they have been able to circumvent the strong identity-based controls that Beyond Identity would have deployed

Get started with Device360 today
Popular blogs
How to Eliminate Identity-Based Threats
Learn more →
Active Microsoft ADFS Phishing Campaign that Bypasses MFA
Learn more →
January 2025: Breach Roundup
Learn more →

January 2025: Breach Roundup

Download

Nidec Corporation

Date: June, 2024

Attack Type: Multi-Factor Authentication / Perimeter-Based Defense

Source: https://breach-hq.com/breaches/nidec/2024-jun

Breach Summary

The Nidec Corporation suffered a ransomware incident that resulted in the exposure of over 50,000 files containing sensitive business documents, internal policies, and correspondence with partners. Attackers infiltrated the networking infrastructure of Nidec Precision in Vietnam using compromised VPN credentials. The attack was attributed to the 8BASE and Everest ransomware gangs.

Beyond Identity Defense

VPNs work best when you can trust the device that is connecting over the VPN. If that trust can't be established, then the VPN serves as security theater, allowing anyone with the credentials to access corporate resources. When used with traditional memoized credentials such as username/password or with legacy SSO, becomes a serious threat.

When Beyond Identity is used to authenticate the user and device in order to log into the VPN or SSO session, the credential used bound to the device and cannot be read or moved by bad actors, eliminating the risk that a bad actor can gain access from stolen credentials or a second device. Additionally, with hardware-backed, cryptographic, device-bound credentials, they cannot be shared or moved from the approved user and device from which are created on. In this case, the attacker would have been unable to ascertain the credentials to the VPN either through sharing or theft.

Lastly, Beyond Identity deploys strong, single device MFA using inherence factors and a policy engine that would provide 3 strong preventative factors in this scenario.

PowerSchool

Date: January, 2025

Attack Type: Multi-Factor Authentication / Symmetric Credentials

Source: https://techcrunch.com/2025/01/17/malware-stole-internal-powerschool-passwords-from-engineers-hacked-computer/

Breach Summary

Hackers responsible for the PowerSchool breach allegedly accessed the personal data of more than 62 million students and 9.5 million teachers. PowerSchool says on its website that its technology is used by more than 60 million students. The compromised systems were not protected with Multi-Factor authentication and were susceptible to password-based attacks. The attack was specifically aimed at the company's support system.

Beyond Identity Defense

Beyond Identity protects all critical assets including applications and devices with strong, hardware-bound, phishing-resistant multi-factor authentication (MFA). In this circumstance, symmetric credentials (Username / Password) were easily ascertained by the attacker as a means to access critical personal information and records.

Beyond Identity would have provided several layers of protection in this case that were not implemented.

  1. The elimination of a shared secret (the password) with device-bound cryptographic asymmetric credentials
  2. Strong, phishing-resistant single device based multi-factor authentication

The attacker would not have been able to access the system without from an unsanctioned device nor would they have been able to circumvent the strong identity-based controls that Beyond Identity would have deployed

January 2025: Breach Roundup

Learn more about the breaches that made the news in January 2025

Nidec Corporation

Date: June, 2024

Attack Type: Multi-Factor Authentication / Perimeter-Based Defense

Source: https://breach-hq.com/breaches/nidec/2024-jun

Breach Summary

The Nidec Corporation suffered a ransomware incident that resulted in the exposure of over 50,000 files containing sensitive business documents, internal policies, and correspondence with partners. Attackers infiltrated the networking infrastructure of Nidec Precision in Vietnam using compromised VPN credentials. The attack was attributed to the 8BASE and Everest ransomware gangs.

Beyond Identity Defense

VPNs work best when you can trust the device that is connecting over the VPN. If that trust can't be established, then the VPN serves as security theater, allowing anyone with the credentials to access corporate resources. When used with traditional memoized credentials such as username/password or with legacy SSO, becomes a serious threat.

When Beyond Identity is used to authenticate the user and device in order to log into the VPN or SSO session, the credential used bound to the device and cannot be read or moved by bad actors, eliminating the risk that a bad actor can gain access from stolen credentials or a second device. Additionally, with hardware-backed, cryptographic, device-bound credentials, they cannot be shared or moved from the approved user and device from which are created on. In this case, the attacker would have been unable to ascertain the credentials to the VPN either through sharing or theft.

Lastly, Beyond Identity deploys strong, single device MFA using inherence factors and a policy engine that would provide 3 strong preventative factors in this scenario.

PowerSchool

Date: January, 2025

Attack Type: Multi-Factor Authentication / Symmetric Credentials

Source: https://techcrunch.com/2025/01/17/malware-stole-internal-powerschool-passwords-from-engineers-hacked-computer/

Breach Summary

Hackers responsible for the PowerSchool breach allegedly accessed the personal data of more than 62 million students and 9.5 million teachers. PowerSchool says on its website that its technology is used by more than 60 million students. The compromised systems were not protected with Multi-Factor authentication and were susceptible to password-based attacks. The attack was specifically aimed at the company's support system.

Beyond Identity Defense

Beyond Identity protects all critical assets including applications and devices with strong, hardware-bound, phishing-resistant multi-factor authentication (MFA). In this circumstance, symmetric credentials (Username / Password) were easily ascertained by the attacker as a means to access critical personal information and records.

Beyond Identity would have provided several layers of protection in this case that were not implemented.

  1. The elimination of a shared secret (the password) with device-bound cryptographic asymmetric credentials
  2. Strong, phishing-resistant single device based multi-factor authentication

The attacker would not have been able to access the system without from an unsanctioned device nor would they have been able to circumvent the strong identity-based controls that Beyond Identity would have deployed

January 2025: Breach Roundup

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Subscribe on SpotifySubscribe on Apple

Nidec Corporation

Date: June, 2024

Attack Type: Multi-Factor Authentication / Perimeter-Based Defense

Source: https://breach-hq.com/breaches/nidec/2024-jun

Breach Summary

The Nidec Corporation suffered a ransomware incident that resulted in the exposure of over 50,000 files containing sensitive business documents, internal policies, and correspondence with partners. Attackers infiltrated the networking infrastructure of Nidec Precision in Vietnam using compromised VPN credentials. The attack was attributed to the 8BASE and Everest ransomware gangs.

Beyond Identity Defense

VPNs work best when you can trust the device that is connecting over the VPN. If that trust can't be established, then the VPN serves as security theater, allowing anyone with the credentials to access corporate resources. When used with traditional memoized credentials such as username/password or with legacy SSO, becomes a serious threat.

When Beyond Identity is used to authenticate the user and device in order to log into the VPN or SSO session, the credential used bound to the device and cannot be read or moved by bad actors, eliminating the risk that a bad actor can gain access from stolen credentials or a second device. Additionally, with hardware-backed, cryptographic, device-bound credentials, they cannot be shared or moved from the approved user and device from which are created on. In this case, the attacker would have been unable to ascertain the credentials to the VPN either through sharing or theft.

Lastly, Beyond Identity deploys strong, single device MFA using inherence factors and a policy engine that would provide 3 strong preventative factors in this scenario.

PowerSchool

Date: January, 2025

Attack Type: Multi-Factor Authentication / Symmetric Credentials

Source: https://techcrunch.com/2025/01/17/malware-stole-internal-powerschool-passwords-from-engineers-hacked-computer/

Breach Summary

Hackers responsible for the PowerSchool breach allegedly accessed the personal data of more than 62 million students and 9.5 million teachers. PowerSchool says on its website that its technology is used by more than 60 million students. The compromised systems were not protected with Multi-Factor authentication and were susceptible to password-based attacks. The attack was specifically aimed at the company's support system.

Beyond Identity Defense

Beyond Identity protects all critical assets including applications and devices with strong, hardware-bound, phishing-resistant multi-factor authentication (MFA). In this circumstance, symmetric credentials (Username / Password) were easily ascertained by the attacker as a means to access critical personal information and records.

Beyond Identity would have provided several layers of protection in this case that were not implemented.

  1. The elimination of a shared secret (the password) with device-bound cryptographic asymmetric credentials
  2. Strong, phishing-resistant single device based multi-factor authentication

The attacker would not have been able to access the system without from an unsanctioned device nor would they have been able to circumvent the strong identity-based controls that Beyond Identity would have deployed

Book

January 2025: Breach Roundup

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Download the book

Download the book

Download the book
suggested resources
Zero Trust
Passwordless
DevOps
CIAM
Workforce
Infographic
Secure Workforce
Thought Leadership
Product
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept