As the news broke this week about a supermassive data leak containing an incredible 12 terabytes of information and 26 billion records, dubbed the “Mother of All Breaches,” or MOAB, it provided yet another timely opportunity for MSSPs to have conversations with their customers and end-users about the importance of protecting their data and much more.
MOAB may be the largest exfiltration of data ever discovered. According to Cybernews, there are likely hundreds of millions of records from Weibo (504M), MySpace (360M), Twitter (281M), Deezer (258M), Linkedin (251M), AdultFriendFinder (220M), Adobe (153M), Canva (143M), VK (101M), Daily Motion (86M), Dropbox (69M), Telegram (41M), and many other companies and organizations compromised.
The leak also includes records of various government organizations in the U.S., Brazil, Germany, Philippines, Turkey, and other countries.
MOAB’s Reminder for MSSPs
Tim Hastings, chief information security officer (CISO) for MSSP Legato Security, told MSSP Alert that MOAB is a reminder that cybersecurity best practices should continue to be at the forefront of every organization and user’s daily routine.
“The human element continues to be a threat vector commonly targeted by adversaries and steps such as multi-factor authentication and changing user passwords are a quick and easy way to prevent and mitigate the effects of this data breach,” he said. “MSSPs and security vendors can help further secure organizations by partaking in proactive security awareness training that teaches users how to identify and report suspicious or malicious activity.”
As MSSP end customers may be reading the headlines about this new breach, it’s an opportunity for MSSPs to emphasize the importance of basic cybersecurity hygiene practices such as:
- Use strong, hard-to-guess passwords
- Check for password duplicates and set up accounts that share the same passwords
- Keep an eye out for phishing and spear phishing attempts
- Enable multi-factor authentication, especially on key accounts
The MOAB leak does not appear to be made up of newly stolen data only. Most likely, it is a compilation of multiple breaches and perhaps the largest ever, according to reports.
With that in mind, Anudeep Parhar, chief operating officer of Entrust, an identity vendor, said that MSSPs should prioritize transparency, customer support and continuous improvement in the aftermath of any breach, whether it’s MOAB or not.
Bobby Cornwell, vice president of Strategic Partner Enablement & Integration at SonicWall, a cloud security provider, believes that the MOAB breach was predictable, and it should mean the beginning of how the AI revolution can and will be used by threat actors in the days ahead. He says the "good news" is that while MOAB may sound like "doom and gloom," there are things people can do to protect themselves from a potential future attack.
"Step one," he said, "is to go to a reputable network security website that offers a service that scans the internet and dark web for instances of your email and various passwords to see what comes up. If you see something that’s come up, stop what you’re doing and change that password immediately. The next step is to make sure you’re not using the same password for multiple logins. If hackers have one password from you that they know works, they’ll attempt to use it elsewhere to see if they can access anything else that might be attached to your name and email.”
The Security Training Imperative
Aimei Wei, chief technology officer at Stellar Cyber, an Open XDR specialist, noted that his colleagues have seen that customers who invest in training their people on security measures are more likely to maintain a better cyber health.
“Technologies such as machine learning and GenAI play a crucial role in identifying early signs of an attack,” she said. “However, without proper staff training, you remain vulnerable, especially if they click impulsively. Given that email, smartphones and web browsers are common attack vectors, a shift in mindset is necessary.”
Wei emphasized that technology alone is insufficient.
“As individuals are the gateway to organizations, building education and awareness is essential for knowing when to pause, think, and decide on appropriate actions,” she said. “Cookie settings serve as a notable example.”
A Watershed Moment?
Bob Dyachenko, who leads cybersecurity research at Comparitech and is co-owner of securitydiscovery.com, a cybersecurity and research collective, is credited with the MOAB discovery. Richard Bird, chief security officer at Traceable, a company focused on API security, believes researchers see the culprit as possibly a malicious actor, data broker or a server that handles massive volumes of data that has a vested interest in storing a lot of data — and that threat actors may use the combined data for a variety of attacks.
Bird didn’t mince words in issuing a call to action that MSSPs, MSPs and anyone who handles sensitive data should heed.
“Maybe it finally takes something like a MOAB to get the U.S. government and the companies that operate within its borders to wake the heck up,” he said. “We live in a nation with no national data privacy laws, no incentives for companies to be protectors of the data that they are trusted with, and no disincentives that seem to work. Companies will continue to trash the lives of their own customers by failing to protect the data that is associated with them and feel no pain for their failures.”