The Dell Data Breaches of 2024

A serious wake-up call for everyone

2024 has been a bad year for cybersecurity, as giant companies were the targets of ever-more sophisticated and relentless attacks. The global tech powerhouse Dell Technologies went on the attack not just once but twice. It had suffered two major data breaches that exposed sensitive data and led many to question the company’s security controls. Such incidents are an open eye on the evolving threat environment and the fact that businesses must take cybersecurity seriously in a globalized economy.

In this blog, I cover the basics of what cybersecurity big companies such as Dell Technologies have to deal with in 2024. We’re using this analysis of attack vectors and technologies used in both Dell breaches to help illuminate the bigger picture for cybersecurity in a more digitally savvy world and the critical role that strong security plays in protecting sensitive data.

There has been An Increase in Cyber Threats This Year — So long and goodnight, internet!

In 2024, there have been more cyber-attacks on businesses, large and small. Cybercriminals are becoming savvy with sophisticated techniques and leveraging systems and human weaknesses to gain unauthorized access to critical information. This has particularly worried companies like Dell, with so much sensitive customer and employee data at stake.

These have included several reasons:

The Increased Attack Surface: Cybercriminals’ increased use of digital technologies and the cloud has increased their attack surface. Companies have to deal with a vulnerable network of devices and infrastructures. However, this interdependence comes with many trade-offs, opening up vulnerabilities for hackers to hack into networks.
Evolution of Advanced Threat Strategies: Attackers pursue new methods and tactics. They use the latest techniques, such as AI, machine learning, automation, and more, to perform targeted and advanced attacks. This makes it easier for them to bypass conventional security systems and attack weak spots.
Human Factor: Human error is still key in most cyberattacks. Hackers can access systems and information by scanning, social engineering, and shady passwords.
Ransomware Is On The Rise: Ransomware is becoming a common attack, with hackers stealing the most important data and demanding ransom to unlock it. Attacks have the power to hinder organizations and take their profits.
The Cybersecurity Skills Deficit: The cybersecurity skills deficit is increasing, making it difficult for organizations to attract and keep qualified staff to fight cyber attacks.

The Dell Breach: A Case of Incessant Brute-Force Failure The First Dell Breach: A Manifestation of Unrelenting Brute-Force Failure

Dell announced in May 2024 a massive cybersecurity attack that could have affected 49 million customers. This attacker (a threat actor called “Menelik”) used a multi-step attack plan that started by registering partner accounts on Dell’s company portal. This innocent gesture provided the first rung in the ladder and allowed Menelik full privileges in the system.

This first trade-off brings a serious security concern: controlling and locking in partner access. Partnerships and alliances are necessary for business development, but security issues can be dangerous if not managed. Enterprises must have strong access controls and privilege management to guarantee that partners can access only what they need for their job functions.

Exploiting Partner Accounts — Going More In-Depth:

Hoarding partner accounts is a major issue for organizations. Cybercriminals usually aim for partner accounts as they are a good entry point to a company’s network. Attackers can then tunnel along the network, escalate credentials, and get a peek into data.

As part of the security measures for partner accounts, organizations must follow the following measures:

High Level of Access Control: Create role-based access control (RBAC) to restrict access to partners only to the data and resources they need to perform their responsibilities.
Account Privileges—Limit the privileges of your partner accounts so they cannot access confidential information or make unauthorized changes to your system.
Multi-Factor Authentication: To enhance security, activate multi-factor authentication (MFA) for all partner accounts.
Security Audits: Publish regular security audits of partner accounts to verify that they are set up correctly and that access rights are granted.
Security Training: Provide partners with security training so that they know cybersecurity risks and best practices.

The Brute-Force Attack

The next phase of Menelik’s attack was brute force, in which the attacker attacked the portal with more than 5,000 login attempts per minute for almost three weeks. This constant attack targeted accounts and unauthorized access to data. Dell did not report the vulnerability accessed, but if the attack succeeded, it points to a failure in their authentication, password, and intrusion detection systems.

What exactly are Brute-Force Attacks? :

Brute-force attacks are one of the multiple ways cybercriminals like to hack into computers and accounts. They work by repeatedly trying various password combinations until the perfect one is achieved. Brute-force attacks are very effective if the passwords are complicated and long.

When it comes to brute-force attacks, enterprises should apply the following security policies:

Strong Password Policies: Implement strong password policies and insist that users type long passwords with at least one upper- and lowercase letter, number, and symbol.
Account Lockout Policies: Create account lockout policies that close accounts after a certain number of failed logins. This will prevent hackers from repeatedly trying the same password.
Multi-Factor Authentication: Use MFA for a bit of extra security. MFA mandates a second authentication—a mobile application code or hardware token—in addition to the password.
Intrusion Prevention and Security Systems: Implement intrusion prevention and security systems (IDPS) to check the network traffic for anomalies, such as brute-force attacks. IDPS prevents brute-force attacks and warns security staff against threats.

The Second Dell Break: Leaks Internal Employee Data

Only a few months later, in September 2024, Dell was hit again with internal employee data leakage. The threat actor, who went by the name “grep,” purported to have accessed a database of more than 10,800 Dell employees and partners, which comprised employee IDs, names, occupations, and internal ID strings.

Although it is unclear how this data was obtained, “grep” later speculated that it was hacked by Atlassian tools: Jira, Jenkins, and Confluence. When improperly protected, these co-working and dev platforms allow hackers to access confidential data and internal systems.

This is another example of why we should ensure we are protected with collaboration and development tools. Businesses must set up those platforms with good security features, such as access management, multi-factor authentication, and frequent security patches. Employee training on security best practices is also essential.

Securing Collaboration and Development Tools

A toolkit for cooperation and development is necessary for today’s companies, but it is also a security problem. These tools frequently save the source code, project plans, and employee information. Hackers can abuse them to access sensitive data and disrupt business operations if they’re not adequately protected.

Organizations should follow the following security procedures to protect collaboration and development tools:

High-Level Access Controls: High-level access controls are applied to restrict who can access these tools and their data.
Multi-Factor Authentication: Make these tools available to all users who sign in using MFA.
Patches & Updates Security Update: Update these tools regularly on security patches and updates.
Vulnerability Scan: Ensure regular vulnerability scans to find and fix security flaws.
Data Encryption: Encrypt the data using these tools.
Security Education: Tell employees what is at risk with these tools and make them implement security procedures.
The More General Implications: Cybersecurity in a Digital Age.

Dell and the hundreds of other attacks in the past few years highlight how more people and businesses are being compromised in an increasingly globalized world. The social effects of these breaches are profound:

Economic Impact: A data breach can lead to huge economic effects on companies, including data loss, legal costs, fines, reputational harm, and many others.
Privacy Violations: Sharing personal data could expose a person to identity theft, money laundering, and mental anguish.
Loss of Trust: Violent attacks can weaken the public’s trust in digital products and institutions and hinder the expansion of the digital economy.
Cyber Attacks against National Security: Sometimes, cyber attacks against critical infrastructure and national security agencies.
Staying Safe From Cyber Attacks: It’s A Mutual Responsibility

The Dell breaches were the first to set everyone and companies on their feet regarding cybersecurity. Cybersecurity is a collective responsibility, and we all have a part to play.

For Individuals:

Strong Passwords: Have very strong, special passwords on all your accounts online.
Multi-Factor Authentication: Allow multi-factor authentication when possible.
Beware of Phishing Emails and Social Engineering: Beware of phishing emails and social engineering.
Updates to Software: Update software and operating systems with the latest security patches.
Secure Wi-Fi: Protect your Wi-Fi with strong passwords, and don’t trust public Wi-Fi to make money.

For Organizations:

Complete Security Plan: Create a cybersecurity plan covering prevention, detection, and response.
Risk Management: Review risk regularly to identify areas for improvement and assign security priorities.
Security Awareness Training: Train employees on cyber threats and practices as part of your security awareness training.
Strong Access Controls: Establish robust access controls that control who can and cannot see confidential data and systems.
Multi-Factor Authentication: Multi-factor authentication is required for all users.
Data Encryption: Encrypt data at rest and in transit.
Security Audits: Develop a program to check for vulnerabilities.
Cyber Attack Incident Response Plan: Prepare an incident response plan to inform the organization of cyber-attack action.
Third-Party Security Control: Measure and control the security controls of third-party suppliers and partners.
Cybersecurity Insurance: Purchase cybersecurity insurance to avoid the financial blow of a cyberattack.

The Dell data breaches have shown us that cyber threats are important and that we should take them more seriously. Understanding how attackers make their moves and which technologies they choose to attack can help users and businesses protect themselves in advance.

Acting responsibly regarding cybersecurity can make the Internet safer and more secure. It’s important to stay updated on cybersecurity news and practices for protecting sensitive data. Keeping security updates and training up to date can help reduce cyber-attacks. But always remember that prevention is the way to stay safe online.

References

Cost of a data breach 2023. (n.d.). Retrieved from https://www.ibm.com/reports/data-breach

Data breach response: A guide for business. (2023, August 10). Retrieved from https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business

Dell investigates data breach claims after a hacker leaks employee info. (2024, September 20). Retrieved from https://www.bleepingcomputer.com/news/security/dell-investigates-data-breach-claims-after-hacker-leaks-employee-info/

Menon, N. (2024, May 20). Dell data breach: The personal information of 49 million customers was compromised due to the latest API abuse. Retrieved from https://securityboulevard.com/2024/05/dell-data-breach-personal-information-of-49-million-customers-compromised-due-to-latest-api-abuse/

Courtney Jones

Cybersecurity Student

CS 462