A Q3 Report by Risk Based Security on data breaches in 2020 showed that by the end of Q2, 2020 was already considered as the worst year in terms of data exposed. To add a cherry on the top, in Q3, a total of six breaches together accounted for approximately 8 billion exposed records. The pandemic further made the health sector most vulnerable to data breaches. No surprises there!
Another 2020 defence report by CyberEdge Group revealed that the percentage of organisations facing a successful cyberattack reached 80.7% in 2020.
With the global health crises impacting thousands of lives and making remote working as the new norm, the year 2020 will be remembered as the year of explosion of cyber incidents.
Biggest Cyberattacks of 2020
Here is our list of some of the most shocking cyber attacks of 2020 arranged according to the date of incidence.
AWS DDoS Attack (Feb 2020)
According to Amazon’s Q1 2020 threat report, in February 2020, Amazon Web Services faced one of the largest DDoS attacks with a record-breaking peak traffic volume of 2.3 Tbps, which is way over the previously recorded volume of 1.7 Tbps seen in March 2018. The report also mentioned that the attack was facilitated using hijacked CLDAP or Connection-less Lightweight Directory Access Protocol web servers. This protocol is known to magnify DDoS attacks by 50-60%. Fortunately, AWS Shield helped them to thwart this attack successfully.
Phishing Attack on the World Health Organization (March 2020)
In 2020, we also had another set of malicious attacks wherein hackers took advantage of people expecting updates from WHO regarding the pandemic. It sparked off a series of phishing campaigns that began spoofing WHO’s name and images, tricking people into clicking malicious links. It was found by some researchers working at IBM X who received emails directly from the director-general of WHO, Dr Tedros Adhanom Ghebreyesus. The attachments inside the emails were malicious and triggered a keylogger and an info-stealer attack. The email also had links to a fake landing page that imitated WHO website with a login popup. The moment visitors typed in their credentials, these details were sent to the hacker and the critical information in the associated accounts was compromised.
Wishbone App Data Compromise (May 2020)
In May 2020, a brazen hacker by the name of ShinyHunter, declared his involvement in selling the data of approximately 40 million registered users on Wishbone App. The Wishbone App allows users to compare two products through poll voting. The data from the app was being sold openly on hacking forums through ads. The hacker also admitted the hacking timeline dated back to January 2020.
Twitter Attack (July 2020)
July 2020 brought in a major social engineering attack on the famous microblogging social media network Twitter. In this huge security breach, the Twitter accounts of famous public figures including Joe Biden, Elon Musk, Kim Kardashian, Barrack Obama, Jeff Bezos and Bill Gates were hacked. Six hours after the hack happened, Twitter issued a statement attributing these attacks to social engineering that was targeted towards some of the Twitter employees who had access to the internal systems.
It was a classic Bitcoin scam, where the followers of the compromised accounts were asked to transfer bitcoins in the given wallet and were promised to get double the amount back.
Microsoft Office 365 BEC Attack (Nov 2020)
Last year the FBI received about 467,361 internet and cyber-crime complaints, amounting to losses worth more than $3.5 billion. Of these, approximately 50% of them were due to Email Account Compromise a.k.a Business Email Compromise. In fact, from mid-March 2020 to early June 2020, the BEC scams skyrocketed to 3000% as per the reports by Agari Cyber-Intelligence Division.
In late November 2020, news broke about a threat actor trading passwords of the email accounts of C-level executives globally. It was unclear where did the seller receive these credentials from. He sold access anywhere from $100 to $1,500, according to the company size or user role. His database included executives like CEOs, COOs, CFOs, CMOs, CTOs, President, VPs, Executive Assistants, Finance Managers, Accountants, Directors etc.
Solorigate aka SolarWinds Supply Chain Attack 2020 (December 2020)
In what is considered as one of the most wide scaled disastrous cyber incidents of 2020, the Solorigate supply chain attack targeted over 200 organisations. Investigations by FBI, CISA and ODNI mentioned that SolarWinds, an American corporate software management tool, had their supply chain hacked by the Russian threat actors.
Industry mammoths like Microsoft, Intel, CISCO were among the affected 425 of US Fortune 500 companies. Telecommunications companies, accounting firms, the Pentagon, as well as hundreds of educational institutions were impacted globally. Having access to SolarWind’s distribution pipeline, the hackers compromised the Orion platform using discrete malicious codes. The attack went unnoticed until the cybersecurity firm FireEye discovered this breach while using the Orion platform themselves. A few days later, Microsoft shared that they detected a trojan hiding within the Orion Updates as well.
Building Cyber Resilience in 2021
Every organisation, big or small, is equally vulnerable to cyber attacks.
We keep repeating this over and over, cyber attacks do not depend on the size of organisations. It is, therefore, crucial to wear the right safety harness for 2021. Here are some must-follow tips to strengthen your cybersecurity posture this year:
Develop a NIST Incident Response Plan
To combat the new age hackers equipped with sophisticated tools, an Incident Response plan or IR Plan needs to be developed. An IR plan is essentially a set of instructions developed to help organisations prepare for, detect, respond to, and recover from cybersecurity incidents. Apart from having a company-specific plan, it is important to build it on the foundation of the industry-standard incident response framework by NIST. A typical IR plan may contain technology-focused approaches, but given the present threat landscape, a holistic approach is necessary.
A holistic approach involves your entire company ecosystem including people, processes and technology. This means comprising areas like human resources, finance, employee communications, customer services, legal, suppliers, partners etc. The goals for an incident response plan are very simple:
Automate Cyber Security as much as Possible
It is no surprise that the cyberattack incidents have been on an exponential rise for the past few years. Statistics by Verizon clearly state that in 2020 nearly 52% of breaches happened due to hacking, 28% reported malware, about 32% revolved around phishing and 33% around social engineering. The most common causes of data breaches were outlined as stolen credentials, weak passwords, malware, social engineering, multiple access to the files, and application vulnerabilities. Overwhelming isn’t it?
Security professionals face these challenges on a daily basis and are hence prone to alert fatigue. It is practically impossible to strike a balance between tending to important issues and ignoring false positives without wasting the precious hours of the day. Adding onto this, there is a huge talent gap in the security industry pool currently. Keeping all these issues in perspective, cybersecurity automation is the way to go in 2021.
Address BYOD Security Vulnerabilities
The BYOD market is expected to grow at a CAGR of 15% reaching USD 430.45 billion by 2025. The explosion of startups and small-to-medium sized enterprises along with a rapid movement to remote working has led enterprises of all sizes to embrace the BYOD culture. Unfortunately, BYOD brings its own share of security concerns. Of these, data leakage, malware infections and unauthorised access to data and systems remain the biggest challenges for organisations.
Most companies want to reap the benefit of increased productivity through personal device usage but become completely ignorant of the low file sharing app visibility, zero control over mobile enterprise messaging tools, and absence of cloud-based anti-malware solutions in the devices. To handle this situation in 2021, companies need to revise their BYOD policies and opt for robust cloud security platforms that effectively make interactions between users, devices, apps, or web destinations.
Looking at the major cyber incidents of 2020, we should learn to not repeat the same mistakes in the year 2021. Staying up to date with the cybersecurity trends for 2021 and security best practices help companies be prepared for the advanced threat landscape and save themselves from potential revenue and reputation damage.