Ever since organizations have shifted their business to remote operations due to the COVID-19 pandemic, there has been a dramatic rise in the number of data breaches. In the first half itself, cases of data breaches have been reported in 81 global companies from 81 countries!
Besides, a security research firm recently revealed the impact on the data breach landscape due to COVID-19 where 80% of data breaches have occurred either because of stolen credentials or brute-force attacks!
Currently, cybercriminals are exploiting the situation of the pandemic to launch highly sophisticated cyberattacks on every industry possible. In the first six months of 2020, various Fortune 500 companies became the target of massive data breaches where hackers sold account credentials, sensitive data, confidential and financial information of these organizations cybercriminal forums.
Till now, nearly 16 billion records have been exposed this year. Moreover, according to researchers, 8.4 billion records have been exposed in the Q1 of 2020 alone! This number is a 273% increase in comparison with the first half of 2019 during which 4.1 billion records were exposed! (Source: Security Boulevard)
Let us take you through the biggest cyberattacks of 2020 till now.
Twitter took the whole internet by storm when it was hit by one of the most brazen online attacks in history! The social media platform suffered a breach where the hackers verified Twitter accounts of high profile US personalities like Barack Obama, Elon Musk, Joseph R. Biden Jr., Bill Gates, and many more.
Out of 130 targeted accounts, hackers were able to reset 45 user accounts’ passwords. Hackers posted fake tweets from these accounts, offering to send $2000 for $1000 sent to an unknown Bitcoin address. Reportedly, the Twitter breach well-coordinated scam made attackers swindle $121,000 in Bitcoin through nearly 300 transactions.
According to the Twitter Support, “the attack on July 15, 2020, targeted a small number of employees through a phone spear-phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”
Marriott Data Breach
On March 31st, 2020, the hotel chain Marriott disclosed a security breach that impacted the data of more than 5.2 million hotel guests who used their company’s loyalty application.
Hackers obtained login credentials of two accounts of Marriott employees who had access to customer information regarding the loyalty scheme of the hotel chain. They used the information to siphon off the data approximately a month before the breach was discovered.
The data accessed in the breach involved personal details such as names, birthdates, and telephone numbers, travel information, and loyalty program information.
According to the Marriot, hackers might have obtained credentials of their employees either by credential stuffing or phishing. Previously, the hotel giant announced a data breach in late 2018 in which up to 500 million guests were impacted!
MGM Data Dump
Last year in 2019, MGM Resorts suffered a massive data breach. The news of the breach incident started to circulate in February 2020 when hackers leaked the personal details of 10.6 million hotel guests for free download. But in the later findings, the number increased by 14 times (nearly 142 million) than the number recorded in February 2020.
The personal information published on the hacking forum included name, home address, phone numbers, email address, and DOB of guests. The leaked files of guests included Justin Bieber, Twitter CEO Jack Dorsey, and many major government agency officials.
However, a spokesperson from MGM Resorts confirmed that impacted guests were notified about the data breach. In addition, it said, “We are confident that no financial, payment card or password data was involved in this matter.”
Zoom Credentials Up for Sale!
Due to the COVID-19 pandemic, various organizations across the globe adopted work from home policy. In view of the situation, the Zoom video conferencing app became the most used application for the virtual meeting and got popular among cybercriminals too.
Within a short span of time, the application became vulnerable to various security threats and eventually became a victim of the data breach. In the first week of April 2020, the news of “500,000 stolen Zoom passwords available for sale in dark web crime forums” shook the application users.
It was reported that more than half a million Zoom account login credentials were up for sale and some of the accounts’ credentials were given away for free. In fact, some of the login credentials were sold for less than a US cent each!
Along with account login credentials, victims’ personal meeting URLs and HostKeys were available too. The leaked accounts’ details belonged to financial institutions, banks, colleges, and various organizations.
Magellan Health (Ransomware Attack and Data Breach)
One of Fortune 500 companies, Magellan Health was struck by a ransomware attack and data breach in April 2020. The healthcare giant confirmed by stating that about 365,000 patients were affected in the sophisticated cyberattack.
According to the investigation, the attack was launched with a fully planned process where hackers first installed malware to steal employee login credentials. Then they leveraged a phishing scheme to gain access to systems of Magellan after sending out a phishing email and impersonating as their client before deploying ransomware attack.
The data thieves were able to steal login credentials of employees, personal information, employee ID numbers, sensitive patient details such as W-2 information, Social Security numbers, or Taxpayer ID numbers.
Is Your Organization Secured From Data Thieves?
The global shift to remotely working culture has leveraged cybercriminals to launch highly sophisticated cyberattacks. Moreover, ransomware, phishing, DDoS, BEC attacks, etc. are amongst the most common types of data breaches that we have witnessed this year, till now.
Clearly, the first half of 2020 was quite challenging for organizations in terms of cybersecurity along with the adoption of new normal changes. Besides, we are still unsure of what cybercriminals have in store for the next six months of 2020.
Although, by learning lessons from the recent data breaches, we can secure our organizations from emerging cyber threats. Here are some of the “must follow” security measures for your organization to stay secured in these unsecured times:
- Educate your employees with security awareness training to help them in recognizing and combating emerging cyber threats.
- Incorporate phishing incident response tool to instantly report suspicious-looking and unsolicited emails.
- Secure your email domains against email spoofing attacks by implementing email authentication protocols.
- Keep all your software and applications updated with the latest security patches from time to time.
- Use a VPN connection for a protected network to keep hackers and other threat actors at bay while working remotely.