Cybercrooks, a nefarious work-from-home lot, didn’t seem to slow down any of their activity. Instead, they ramped up. Way up. FinTech News reports that ransomware attacks climbed 148%, and that was just in March. Through August 2020, phishing attempts rose a staggering 600 percent, and cloud-based attacks jumped 630% between January and August.
COVID-19 grabbed most of the headlines last year, so some of the cyberattacks on well-known companies didn’t receive their due. They’ll get it now. We’re going to look at five hacks and cyberattacks that happened last year to companies whose names you might recognize. We’ll wrap up with some actions you can take to prevent what happened to them from happening to you.
As you probably know, the SolarWinds supply chain attack came to light in December of 2020, and in just that short window became THE biggest story in cybersecurity. The list of victims so far includes Microsoft and a half dozen of U.S. agencies including the Departments of Treasury, State, and Energy. The full extent of the attack is a continuing story. Other than this mention, it won’t be on this list. So let’s get started with a company everyone will recognize: Zoom.
5 Cyber Hacks and Attacks of 2020
1. Zoom – Raise your hand if you heard of Zoom before the pandemic? The audio and videoconferencing platform quickly became part of our vocabulary, even becoming a verb. “Sorry, can’t help with the dishes, honey. I’ve gotta Zoom.” Turns out, Zoom itself wasn’t hacked. Instead, it was a victim of what’s termed credential stuffing—credentials obtained from one source are run against another database using bots. The resulting list of validated logins, passwords, and other data can be used to commit fraud or sold on the dark web.
2. Magellan Health – The attack began with successful phishing attempts and ended with the compromise of personal information of more than 365,000 patients and employees nationwide. After the attackers gained access to Magellan’s systems, they were able to launch ransomware on one corporate server before the activity was detected. Upon discovery, Magellan took swift action to prevent further damage.
3. Twitter Bitcoin Hack – The perps employed social engineering tactics to gain access to Twitter’s administrative controls. Then they sent out tweets with a phony offer about Bitcoin. First thought to be a publicity stunt, the tweet encouraged folks to send Bitcoin to a designated address, and after doing so, they would receive double the amount they sent.
4. Carnival Cruise Lines – In August 2020, the popular cruise lines announced it was investigating a ransomware attack on one of its brand’s IT systems. Carnival claims that as of October 2020, they’ve not seen the misuse of data that included the personal information of some guests, employees, and crew members.
5. Marriott Data Breach – Hackers successfully phished two employees and netted their login credentials to gain access to a guest services application. The breach affected over five million guests and collected loyalty account information, contact details, and the holy grail of cyber crooks, personal information.
Tips for Shoring Up Your Systems
Some lists, like Top Executive, you want to make. And some you don’t, like becoming another cybercrime victim on an ever-growing list. Here are a few ideas you can use to shore up your IT defenses.
- Educate your employees so they’re aware of social engineering techniques. As seen with the Marriott breach, just one or two employees falling for a cybercrook’s ruse is all it takes for more damage to happen.
- Keep up to date with security patches. Make it a regular routine to install all patches to protect your software, applications, and systems.
- Secure your domain with email protocols like DMARC, SPF, and DKIM. These protocols not only block email spoofing and spam but also block BEC attacks.
- Periodically run VAPT (Vulnerability Assessment and Penetration Test). You want to find your weak spots before hackers do.
- Add additional layers of security by using Multi-Factor Authentication (MFA). It can be relatively simple for a hacker to compromise an account if only a username and password are required. Putting additional security checks in place that allows a user to verify their identity in other ways helps secure the login process and protects both the business and consumer.
These are just a few ways you can safeguard your company’s data and your customers’ personal information. With cyber hacks and attacks continuing to rise, it might be time to consider hosted solutions so you can refocus on bringing on more business.
Contact HIG today to ask about secure IT solutions.