2020 brought a lot of unforeseen circumstances with it. A lot has happened between the rampant risk in cyber attacks across the digital landscape to the COVID-19 pandemic affecting every aspect of life. We have compiled a list of what we believe are the top cyber events of 2020 in emerging risk areas.
The need for organizations to gain visibility into their cyber posture has become more critical than ever. As workforces globally have shifted towards virtualization of the workplace, management, and other challenges, cyber threats have multiplied across industries. Organizations have a greater responsibility than ever before to protect citizens, industries, and themselves from cyber threats.
Top Cyber Attacks of 2020
Twitter | July | Social Engineering
Bad Actors used a phone spear-phishing attack to invade an organization’s internal network and employee credentials to access internal support tools. With these tools, hackers targeted 130 Twitter accounts and were able to post tweets, intercept DMs in private inboxes, and download sensitive data. The accounts included Apple, Uber, Bill Gates, Jeff Bezos, Warren Buffet, Kanye West, and many others. Fortunately, the perpetrators were caught, but not at the expense of reputational and financial damage.
We can conclude that using digital risk management to govern social media can help mitigate the potential risks associated with a hack. While it may sound rudimentary, taking simple steps like enabling two-factor authentication and enacting policies that prevent employees from using work computers for personal business can go a long way toward protecting an organization. Saving organizations face and retain confidence with clients, and the public should a data breach occur with their social media channels.
Marriott | January-February | Phishing
Bad actors were able to hack into an application that hotels operated and franchised under Mariott’s brand. They were able to compromise two employees' login credentials, and it is suspected these hackers gained access to names, birthdates, telephone numbers, language preferences, and loyalty account numbers.
By securing these hotels’ networks and applications, mitigating this risk should have been possible. Keeping strong, complex passwords and establishing organizational rules for using applications over the network could have almost entirely prevented this security breach.
Zoom | April | Password Stuffing & Zoombombing
Over 500,000 Zoom account credentials were deposited onto dark web forums, many of which were given away for free or as low as a penny each. Since the pandemic, Zoom has exploded as teams have transitioned to working at home. This has given rise to the trolling activity of Zoombombing and has made Zoom a ripe target for bad actors looking to cause trouble. Often these activities go online in the hope of becoming a viral sensation. At best, they function to draw time and resources away from organizations. At their worst, they can be used to take sensitive data and information on organizations and their employees.
Zoom has been rolling out security updates to counter these security incidents and offers the ability to password-protect calls that may be easily accessible using a link. Organizations can help mitigate these kinds of risks by keeping their software up to date and using passwords to protect their conferences and waiting rooms to authenticate visitors joining their Zoom calls.
Magellan Health | April | Ransomware
Magellan Health was reportedly the victim of a cyber attack in which hackers exfiltrated data before deploying a ransomware payload. This attack resulted in over 365,00 being impacted.
This attack was an elaborate social engineering phishing scheme where actors impersonated a Magellan client and gained access to the system five days before initiating a ransomware attack. The malware attack could steal employees’ credentials and patient data, including health insurance account data and treatment information.
This attack could have been mitigated if Magellan took better steps toward authenticating and verifying the client being impersonated. Unfortunately, user error and lack of training remain among the most common catalysts for cybersecurity incidents.
Finastra | March | Ransomware (Ryuk)
In March, the world’s third-largest fintech software provider, Finastra, found itself the victim of Ryuk Ransomware. It's suspected they were using an unpatched Pulse Secure VPN, which is vulnerable to CVE-2019-11510. This vulnerability was found to have severe security issues that allow hackers to write arbitrary files to the host. Although it is not known if Finastra was breached through this vulnerability, they did not pay the ransom.
If Finastra was breached using CVE-2019-11510, simply using an up-to-date VPN could have mitigated this cyber risk. Additionally, organizations have found success in detecting Ryuk using machine learning in tandem with their vulnerability scanning practices.
Utilizing an integrated risk management solution can help provide organization-wide visibility and guidance to reduce risks like many of these organizations have fallen victim to in 2020. If you would like to learn more, be sure to watch one of our webinars, Top Cyber Events of 2020 with Principal Solutions Architect Steve Torino, as he discusses in depth the consequences of these events, how they could have been prevented, and how organizations can adjust to prevent themselves from repeating the same mistakes.