When it comes to cyberattacks, everybody is at risk, whether it be big corporations, government bodies, small businesses, or private individuals.
In this article, we will look at three successful cyberattacks that targeted high-profile companies, and some of the most effective methods you can use to mitigate attacks against yourself and your small business.
In July, a sophisticated cyberattack successfully hacked multiple verified Twitter accounts using social engineering techniques. Combined, the number of followers of the breached accounts reached nearly 330 million people.
The far-flung hack managed to gain access to the Twitter accounts of Warren Buffett, Joe Biden, Barack Obama, Bill Gates, Elon Musk, Michael Bloomberg, Jeff Bezos, Kanye West, and Kim Kardashian West.
The hackers posted a message on each of the Twitter accounts which read:
"I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes."
It's unknown how many people fell for the scam, but by targeting Twitter employees with access to internal systems and tools, the hackers were able to put their message in front of millions of people.
Britain, Canada, and the USA accused Russia of attempting to steal valuable data from scientists working on a COVID-19 vaccine.
They allege that a known Russian hacking group APT29, which goes by the name of 'Cozy Bear' and is also believed to be part of the Russian Intelligence service, is attacking Coronavirus research centers and institutions.
It's been reported by CNN that the hackers used a variety of techniques such as spear phishing and customer malware.
Spear phishing is a targeted email scam where the attackers send emails pretending to be from a trusted source, often mimicking the company's names and roles.
Custom malware such as 'WellMess' and 'WellMail' can deploy hidden scripts to upload and download information.
A Government report warns that APT29 will probably continue their attacks on organizations researching a COVID-19 vaccine and that organizations must try to defend themselves by implementing a variety of mitigation factors.
In May 2020, hackers carried out an attack on EasyJet's customer database and took off with 9 million customers' details, including private credit card details of around 2,000 customers.
EasyJet didn't initially release any information about the nature of the attack, such as how it took place and which systems were exploited, but they eventually confirmed that the attackers had access to customer data for at least four months. How the attackers gained access and remain undetected for so long remains a mystery.
As you can see from the three examples above, cyberattacks can happen in many different ways and for various purposes. It could be they're trying to steal data, plant malware code to disrupt operations, or simply post fake messages to scam people out of money.
Still, we can learn valuable lessons from successful attacks. Let's look at some of the essential defense methods you can use with your company to avoid similar attacks.
One of the biggest cybersecurity threats to a business is human error. The majority of breaches made in the last decade were the result of someone's mistake. The attack on Twitter was successful because employees were duped by social engineering, a tactic in which you are manipulated into doing something you would not normally do, such as sharing private credentials.
It can be as easy as receiving a phone call from someone pretending to be in your IT department or receiving an email that looks legitimate, asking you to reset your password, often by clicking on a specific link, which turns out to be a scam.
Other forms of human error which open the door for cybercriminals can occur when systems are misconfigured, or malware is mistakenly introduced to the network.
The best way to combat human error is by educating your employees and training them to prevent mistakes from happening in the first place. Teach them how to spot suspicious emails, to never share critical information or passwords without confirming with a security officer or member of IT, and keep them updated on the latest successful attacks.
2FA is a method to mitigate attacks by hackers trying to gain entry to your online services, network, or data servers. Passwords can be stolen or guessed by cybercriminals, giving them instant access to your data.
2FA helps prevent unauthorized access by asking the user to prove their identity with a second factor. This can be a code sent by text or generated by an APP on their phone. Without providing the second factor, attackers can't gain access even if they have the password.
Wherever passwords are used in your business for authentication, you should also use 2FA to prevent criminals from accessing your network even if they steal, guess, or socially hack your passwords.
Remote workers and traveling business professionals often need to connect to the company network and data servers. But using an unprotected connection creates a severe gap in the company's defenses.
It's been shown time and time again that anti-virus measures alone aren't enough to protect your employees' work devices, especially as more and more people are using their personal devices for work. On the surface, this may seem harmless, but there's no guarantee that the endpoint isn't riddled with malware and malicious apps.
If an employee downloads a productivity app that contains malware, it can spread to the entire company network once they connect to it.
Connecting with an unsecured network such as public WiFi or hotspot can also create a getaway for hackers to gain entry and steal data or inject malicious code.
To combat these threats, employees can use a Cloud VPN when connecting to the network. A Cloud VPN creates an encrypted virtual tunnel between the device and the network for data to pass through. All the traffic between your device and system are encrypted with the highest security levels. The device is also shielded from hackers who will try to latch onto it to steal data and infect it with malware.