Ticketmaster cyberattack - what lessons can be learnt?
The scale of the recent Ticketmaster hacking incident has grown to the point of impacting as many as 560 million people around the world.
On the dark web, hacking group ShinyHunters says it now has 1.3 terabytes of data from global customers of both Ticketmaster and Live Nation, including their names, emails, addresses, phone numbers, and the last four digits of credit card numbers.
This data is reportedly up for sale, with the hackers asking US$500 million for data, which could then be used for identity theft and other types of fraud.
The Ticketmaster incident is only the latest breach to expose an organisation to ransom and fraud and once again underlines the responsibility they have in safeguarding the data of their customers. Coincidentally, local competitor Ticketek has also registered a data breach with the Department of Home Affairs, only days after the Ticketmaster event - demonstrating an alarming trend of entertainment industry-focused cyberattacks.
The number one security risk for organisations in the Asia Pacific region today is the risk of compromised credentials and insider threats.
There is positive news in the battle against cyber adversaries, however, and that is in the capabilities offered by artificial intelligence and machine learning as part of a proactive cyberdefence strategy.
Using a sophisticated security incident and event management (SIEM) platform, organisations can set a baseline to establish what constitutes ‘normal’ behaviour across all networks, systems and employee devices. This creates a clear picture of the organisation’s many systems and processes and allows the platform to detect anything suspicious.
SIEM systems provide real-time monitoring and correlate events and alerts for potential security incidents. They also help in identifying patterns of abnormal behaviour or known attack signatures by analysing event logs.
Now that AI and ML are being incorporated into these tools, SIEMs are getting smarter and faster at pulling data together from a diverse array of sources, allowing them to better understand what kind of behaviour constitutes a threat.
In the case of breaches like these, where data theft was involved, SIEM systems detect anomalous activities or patterns in the network or system logs at an early stage and identify any compromised systems. Unusual access patterns, unauthorised system changes, or other indicators of compromise could trigger alerts for further investigation.
SIEM systems are integrated into well-defined threat detection and incident response (TDIR) strategies, which ensure that once a potential threat is identified, incident response teams can swiftly contain and neutralise the threat, preventing further damage. This may involve isolating affected systems, patching vulnerabilities, and recovering compromised data.
In the aftermath of breaches like these, both SIEM and TDIR strategies will play a crucial role in post-incident analysis. They help organisations conduct forensic investigations to understand the scope of the attack, identify the entry point, and develop strategies to prevent similar incidents in the future.
In the past, SIEMs required meticulous management through every stage of the data pipeline, from ingestion to policy, viewing, and analysis. While already a mature technology, AI and ML are driving the development of the next generation of SIEM, which provides new capabilities in areas such as user and entity behaviour analytics (UEBA) and automated response.
Hackers work in real-time, and security systems need to be able to respond to threats as they occur. Powering detection with AI and ML allows for the faster detection of abnormal behaviours and for a response in real time.
These next generation SIEMs present as a key solution available to organisations in the ongoing technology war against the cybercriminals. Implementing them now gives organisations a better chance of identifying and nullifying attacks and keeping their systems safe along with the personal data of their customers.
