<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Top 5 Cyber Events 2020

down-arrow

2020 brought a lot of unforeseen circumstances with it. A lot has happened between the rampant risk in cyber attacks across the digital landscape to the COVID-19 pandemic affecting every aspect of life. We have compiled a list of what we believe are the top cyber events of 2020 in emerging risk areas.

The need for organizations to gain visibility into their cyber posture has become more critical than ever. As workforces globally have shifted towards virtualization of the workplace, management, and other challenges, cyber threats have multiplied across industries. Organizations have a greater responsibility than ever before to protect citizens, industries, and themselves from cyber threats.

Top Cyber Attacks of 2020

Twitter | July | Social Engineering

Bad Actors used a phone spear-phishing attack to invade an organization’s internal network and employee credentials to access internal support tools. With these tools, hackers targeted 130 Twitter accounts and were able to post tweets, intercept DMs in private inboxes, and download sensitive data. The accounts included Apple, Uber, Bill Gates, Jeff Bezos, Warren Buffet, Kanye West, and many others. Fortunately, the perpetrators were caught, but not at the expense of reputational and financial damage.

We can conclude that using digital risk management to govern social media can help mitigate the potential risks associated with a hack. While it may sound rudimentary, taking simple steps like enabling two-factor authentication and enacting policies that prevent employees from using work computers for personal business can go a long way towards protecting an organization. Saving organizations face and retain confidence with clients, and the public should a data breach occur with their social media channels.

Marriott | January-February | Phishing

Bad actors were able to hack into an application that hotels operated and franchised under Mariott’s brand. They were able to compromise two employees' login credentials, and it is suspected these hackers gained access to names, birthdates, telephone numbers, language preferences, and loyalty account numbers.

By securing these hotels’ network and application, mitigating this risk should have been possible. Keeping strong, complex passwords and establishing organizational rules for using applications over the network could have almost entirely prevented this security breach.

Zoom | April | Password Stuffing & Zoombombing

Over 500,000 Zoom account credentials were deposited onto dark web forums, many of which were given away for free or as low as a penny each. Since the pandemic, Zoom has exploded as teams have transitioned to working at home. This has given rise to the trolling activity of Zoombombing and has made Zoom a ripe target for bad actors looking to cause trouble. Often these activities go online in the hope of becoming a viral sensation. At best, they function to draw time and resources away from organizations. At their worst, they can be used to take sensitive data and information on organizations and their employees.

Zoom has been rolling out security updates to counter these security incidents and offers the ability to password protect calls that may be easily accessible using a link. Organizations can help mitigate these kinds of risks by keeping their software up to date and using passwords to protect their conferences and waiting rooms to authenticate visitors joining their Zoom calls.

Magellan Health | April | Ransomware

Magellan Health was reportedly the victim of a cyber attack in which hackers exfiltrated data before deploying a ransomware payload. This attack resulted in over 365,00 being impacted.

This attack was an elaborate social engineering phishing scheme where actors impersonated a Magellan client and gained access to the system five days before initiating a ransomware attack. The malware attack could steal employees’ credentials and patient data, including health insurance account data and treatment information.

This attack could have been mitigated if Magellan took better steps towards authenticating and verifying the client being impersonated. Unfortunately, user error and lack of training remain among the most common catalysts for cybersecurity incidents.

Finastra | March | Ransomware (Ryuk)

In March, the world’s third-largest fintech software provider, Finastra, found itself the victim of Ryuk Ransomware. It's suspected they were using an unpatched Pulse Secure VPN, which is vulnerable to CVE-2019-11510. This vulnerability was found to have severe security issues that allow hackers to write arbitrary files to the host. Although it is not known if Finastra was breached through this vulnerability, they did not pay the ransom.

If Finastra was breached using CVE-2019-11510, simply using an up to date VPN could have mitigated this cyber risk. Additionally, organizations have found success in detecting Ryuk using machine learning in tandem with their vulnerability scanning practices.

Utilizing an integrated risk management solution can help provide organization-wide visibility and guidance to reduce risks like many these organizations have fallen victim to in 2020. If you would like to learn more, be sure watch one of our webinar, Top Cyber Events of 2020 with Principal Solutions Architect Steve Torino, as he discusses in depth the consequences of these events, how they could have been prevented and how organizations can adjust to prevent themselves from repeating the same mistakes.

You may also like

New Gartner Report Identifies ...
on September 15, 2021

With a variety of risks growing out of the pandemic, cybersecurity control failures was listed as the top executive concern during Q1 2021. According to the Gartner Emerging Risks ...

Why IOT in the Commercial ...
on September 14, 2021

Every month there seems to be a new device that changes the way we travel, communicate, conduct business, and live our personal lives. The transformation promises efficiency and ...

Why the Chemical Sector is ...
on September 1, 2021

The chemical sector encompasses more than 70,000 diverse products that are critical to the modern global infrastructure. Several thousand chemical facilities ship, manufacture, ...

Kyndall Elliott
What Does the Future of Risk ...
on August 31, 2021

Cyber risk is the top concern for water and wastewater systems. With government intelligence confirming cyber attacks staged by Russia and Iran, utilities need strong risk ...

What Threatens Other Critical ...
on August 24, 2021

Everyone knows that one person that likes to say that they’re not addicted to their phone. In 2021, it’s difficult to find a way to socialize, work, access vital services, and be ...

Is the Energy Sector Paving the ...
on August 13, 2021

It’s difficult to imagine a day in which the products and services we use are not connected back to the energy sector. How we heat or cool our homes to how we remotely work are ...