December 14 2020
2020 has been an unprecedented year in cybersecurity. Back in January 2020 no-one could have predicted the massive impact that COVID-19 had on the world and the huge rush to get employees working from home. As the pandemic took hold, organisations had to make quick decisions from a business continuity perspective and getting their employees working from home took priority. However, the security ramifications of this was not fully considered.
At the same time, cybercriminals started to exploit the COVID-19 pandemic to carry out highly advanced cyberattacks. During the first six months of 2020, several large profile organisations became the victims of major data breaches. Hackers were able to obtain and sell account credentials and sensitive data, as well as confidential and financial records.
3 of the most high-profile data breaches that took place this year includes:
The Zoom credentials hack
More than 500,000 Zoom passwords were found to be available for sale on the Dark Web in April 2020, and many of these credentials were from many of the millions of new users of the platform due to the COVID-19 outbreak. While some of the credentials were given away for free, others were sold for as little as just a penny each. The credentials available contained the username, password, registered email address, host key and personal meeting URL. Such data gives a cyber-attacker access not just to a Zoom account but to the contents of any meetings it might have hosted or been part of.
The Twitter phishing attack
On 15 July 2020, a tweet was shared on many high-profile accounts. These include accounts owned by Joe Biden, Bill Gates, Elon Musk and Barak Obama amongst others. The tweet read, “I’m giving back to the community. All bitcoin sent to the address below will be sent back doubled! If you send $1000, I will send back $2000. Only doing this for 30 minutes.”
Within just a few hours the tweet reached more than 350 million people and resulted in $121,000 (£86,000 in Bitcoin being stolen as “donations”. Twitter later announced that the attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to their internal systems.
Twitter described what happened as a case of “social engineering”, where a hacker uses psychological manipulation to trick someone into giving away their login credentials or other sensitive information. Three were arrested the following month, including a UK national from Bognor Regis, and charged.
The EasyJet credential theft
Easyjet, the UK’s low-cost airline, announced earlier this year that cybercriminals had stolen data records of 9 million of their customers. Due to strict GDPR rules, organisations that breach data protection regulations are often in for very high financial penalties, and the law firm PGMBM filed a class action lawsuit on behalf of the affected Easyjet customers for £18bn.
Not only were the personal details of nine million Easyjet customers compromised, 2,200 also had their credit card details exposed, which added to the damage caused by the data breach. Easyjet promptly reported the breach to the Information Commissioner’s Office (ICO) and other regulatory authorities, but critics have claimed that they were slow to let their customers know about the breach, with some not finding out it for up to four months following what happened.
2020 has certainly brought many cybersecurity challenges to organisations, and they have had to keep up like never before when it comes to the growing cyber threat. According to IBM’s 2020 Cost of a Data Breach Report, stolen or compromised credentials and cloud misconfigurations are the most common causes of malicious breaches. In 2019, over 8.5 billion records were exposed, and this number is likely to be much higher in 2020.
Organisations need to rethink their security strategy, especially in the light of the movement to work remotely from home due to COVID-19 and consider the adoption of a zero-trust approach. They should re-examine how they authenticate users, and the extent of access users are granted to help minimise any potential problems. Organisations and their employees have been thrust into a remote working environment without warning, with many organisations’ remote networking capabilities still not as secure as their on-premise IT. This sudden shift to working from home has left many unsecured gaps that malicious actors are looking to exploit for financial gain, or to attempt to disrupt the usual operations of a business.
Securing endpoint and implementing stronger authentication protocols is critical, especially for the cloud and other off-premise networks. To improve their cybersecurity, organisations need to ensure that not only is their data well protected, but also that their staff are fully trained against the growing cyber threat. At CyBourn, we have a range of services that can help, giving you full peace of mind when it comes to your cybersecurity posture. Talk to us today to find out more.