With all the negativity that’s surrounding us today due to COVID-19, we are sure you are taking all the precautionary measures to protect yourself and your dear ones. At such crisis times, the last thing on your mind is either expecting your system getting hacked or data getting stolen. As the threat landscape continues to evolve in this remote work world, you need solutions that will keep up with the deadliest cyber attacks.
Let’s look at some stats from 2020
According to a security research firm, 81 global firms from 81 countries reported data breaches in the 1st half of 2020 alone.
In fact, 80% of firms have seen an increase in cyber attacks since last year. And there was a 238% rise in cyber attacks on banks alone. Phishing attacks have seen a dramatic increase of 600% since the end of February.
Also, ransomware attacks rose 148% in March. And the average ransomware payment increased by 33% to $111,605 as compared to Q4 2019. (Source: Fintech News)
It’s time you take action!
Today, cyber attackers have come up with more innovative ideas to set a new trend in phishing, cryptojacking, ransomware attack, IoT attack, etc. And though companies are investing in cybersecurity, the investments are mostly for stopping threats at the network perimeter level. And to keep pace, you need a more intelligent approach to security – one that can learn, evolve, and think. It’s time you do something about it now rather than regret later. To probe you to take action now, here are some deadliest cyber attacks that shook all of us in 2020. Let’s learn from these security incidents and make all the effort to protect our networks, our data and our organization.
Here are 2020’s five deadliest cyber attacks
Even Twitter couldn’t escape the cyberattack. Three hackers attacked this giant social media company in July, 2020 where many high-profile Twitter accounts got hijacked. Initially, it was thought to be a social engineering attack. But later, Twitter confirmed it to be a phone phishing attack – where attackers stole employees’ credentials to gain access to the company’s internal management systems. And hacked all high-profile Twitter accounts including Barack Obama, Jeff Nenzos, Elon Musk, Bill Gates, and many others.
What was the attack all about?
As mentioned above, attackers used a phone spear-phishing attack to access the credentials of Twitter employees who had access to internal support tools. They targeted 130 Twitter accounts and successfully tweeted from 45, accessing the direct messages inbox of 36. Also, downloaded the Twitter data of seven famous personalities.
The attackers then used these accounts to tweet out bitcoin scams. That is, these compromised accounts requested Bitcoin from their followers, promising double in return. Even though the tweets were only live for a short time, the attackers generated Bitcoin worth more than $100,000. Those duped into sending Bitcoin received nothing in return. However, 2 weeks after this cyberattack, the Department of Justice (DoJ) arraigned the 3 main suspects behind this attack.
Also, Twitter issued a statement saying – “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. However, we have locked accounts that were compromised. And will restore access to the original account owner only when we are certain we can do so securely.”
2. Marriott International
Marriot, one of the largest hotel brands with 7,300 hotel and resort properties in 134 countries suffered a data breach that greatly shook the hospitality industry. Hackers often target hotel chains both to sell the personal information of guests. And to track the travel details of government officials and business leaders with security clearances.
The first attack was in 2018. Here, the attackers illegally accessed information of approximately 500 million guests who made a reservation at a Starwood property. Thereby, making this attack one of the largest known data breaches in history.
In its second significant data breach (2020), Marriott revealed that hackers fraudulently accessed the personal details of approximately 5.2 M hotel guests. The attackers took the guest’s personally identifiable information including their names, addresses, phone numbers, birth dates, and airline loyalty information.
However, Marriott said that the data breach didn’t affect their Bonvoy account passwords or PINs, payment card information, address, emails, passport information, or driver’s license numbers.
Unfortunately, this came at a difficult time for the company. Because like many other companies, Marriott had temporarily furloughed several employees to survive the global drop in travel due to the pandemic.
Zoom is in zoom these days! Work-from-home wouldn’t have been a success without zoom – at least for a whole lot of us. Did you know? This widely used video and audio conferencing tool experienced revenue growth of 355% year-over-year in Q2 2020.
However, with such dramatic explosive growth, Zoom also experienced several security incidents. In a recent cyberattack, approximately 500,000 zoom user accounts emerged for sale on a dark web forum. Reportedly, the attackers obtained the accounts by using user IDs and passwords that were exposed in previous breaches.
That is, hackers gained access to important personal or corporate information that should have been kept secure. Not just that, Zoom codes were also easily guessable. This means users could join meetings without an invitation. And interrupt or share inappropriate materials – popularly known as ‘Zoom bombing’. I bet memories of zoom bombing are flashing before your eyes right now!
However, Zoom released a statement saying – it has hired intelligence firms to investigate incidents. And that it is implementing additional technology solutions to keep the users’ data as secure as possible. Not just that, it even enabled meeting passwords as a step to prevent ‘zoom bombing.’
4. Solar Winds
The SolarWinds hack is one of the deadliest of all cyber attacks that went undetected for months. In this breach, the attackers exploited the entire supply chain, thereby, compromising the multiple government systems and companies across.
What was the attack about?
On December 13, 2020, renowned cybersecurity firm FireEye announced the discovery of a highly sophisticated cyber intrusion that leveraged a commercial software application made by SolarWinds. FireEye found that the advanced persistent threat (APT) actors infiltrated the supply chain of SolarWinds, inserting a backdoor into the product. As customers downloaded the Trojan Horse installation packages from SolarWinds, attackers were able to access the systems running the SolarWinds product(s).
To elaborate, the hackers compromised one of the servers to gain access to updates and patches for SolarWinds Orion tools. The hackers then injected codes into the software updates, thereby infecting multiple clients at once. And this in turn allowed data modification as well as remote access to devices that had this software installed.
5. Magellan Health
Healthcare giant Magellan Health was a victim of a ransomware attack and data breach in April 2020. This particular security breach affected 8 Magellan Health entities and 365,000 patients. Thereby, making it one of the largest healthcare data breaches reported in 2020.
How did this attack begin?
Hackers first exfiltrated data by installing malware and then launched the ransomware attack five days later. The attackers pretended to be one of their valuable clients to get into Magellan’s system. Once they got access, they installed malware and stole all critical employee login credentials, including:
- The personal employee information and ID numbers
- Sensitive patient details such as W-2 information, Social Security numbers, or Taxpayer ID numbers, health insurance details, etc.
However, Magellan said they reported the incident to the law enforcement and FBI as soon as they discovered the breach – who then conducted a detailed investigation.
Bad news! The list doesn’t end here. There are many such cybersecurity incidents that are taking place even while you are reading this blog post. What’s the only way to stop it? Be alert at all times. Educate yourself and the people around you about the deadliest cyber attacks. Most importantly, take all the necessary precautionary measures to secure your networks, systems, data, and organizations. Even if this means, investing in a cybersecurity solution/tool.
Bottom line: First assess the security needs of your organization. And then embrace the best security solution that perfectly aligns with your business needs.
Protect yourself and your business from the virus!