From the time when organizations shifted their business to remote operations because of the COVID-19 epidemic, the number of data breaches has dramatically increased. In the first half, there were reports of data breaches in 81 international companies from 81 countries! Besides, a recent report from a security agency describes the impact on data breaches due to the pandemic where stolen credentials and power attacks alone caused 80% of the data breaches. Currently, perpetrators are using the scourge of the epidemic to launch a highly sophisticated cyber-attack in every possible industry. During the first half of 2020, various companies of Fortune 500 faced big data breaches where the hackers sold the account guarantees, sensitive, confidential and financial information of the companies. To date, approximately 16 billion records have been disclosed this year. To add to it, investigators say that 8.4 billion records have been disclosed only in the first quarter of 2020! This number has increased by 273% compared to the first half of 2019 when 4.1 billion records were disclosed! These are the top 5 data breaches of 2020: Twitter Attacked! Whole world of internet was storm-struck when it had to face one of the most defiant cyber attacks in history! The data breach involved hackers getting access to the Twitter accounts of renowned personalities of the US like Barack Obama the former President, Elon Musk, Bill Gates and many others. From the 130 targeted accounts, hackers succeeded in resetting 45 user accounts’ passwords. Following that, they posted fake tweets from those accounts, offering a return of $2000 for every $1000 they can send to an unknown Bitcoin address. Reports have revealed that the breach was able to make the hackers a total of $121,000 in Bitcoin from about 300 transactions. Twitter Support says that the attack was targeted on a small number of employees through a phone using spear-phishing method, and that the attackers’ attempt was to mislead certain employees to later exploit human vulnerabilities and gain access to their internal systems. Marriott Cyber Attack The Marriott hotel chain, on the 31st of March 2020 agreed to have suffered a security breach impacting the data of more than 5.2 million hotel guests who made use of the company’s loyalty application. Hackers acquired the login credentials of two accounts of Marriott employees whose access to customer information about the loyalty scheme of the hotel chain was granted. The information was used to take away the data about a month before the breach was acknowledged. The data breached had personal details such as names, birthdates, and contact numbers, information regarding their travel and the loyalty program. As per Marriott’s statement, the credentials of their employees were obtained by hackers using credential stuffing or phishing. In the past, Marriott announced a data breach in the second half of 2018 where around 500 million guests bore the impact. Zoom Credentials Put For Sale The COVID-19 pandemic made organizations across the globe to adopt work from home policy. In this regard, the Zoom application became the first preference for virtual meetings and also got famous among the cyber criminals. Within quick time, Zoom became vulnerable to different security threats and eventually fell victim of the data breach. April 2020 had the news of 500,000 stolen Zoom credentials being available for sale in dark web forums, frightening its users. Login credentials of more than 0.5 million users were put to sale and some were even given away for free. To be frank, even some of the login credentials were valued for less than half a cent! The personal meeting URLs & Host Keys of the victims were also available. The leaked accounts were of various financial institutions, colleges and organizations. MGM Data Hack MGM Resorts, in 2019, bore a massive data breach. The outbreak of breach started to spread in February 2020 when the attackers leaked the personal details of around 10.6 million guests to download for free. It was later found that the number rose by 14 times than what happened in February 2020. The personal details including name, home address, phone and email contacts and birth details of the guests were published on the hackers forum. The list of guests also included Justin Bieber, Jack Dorsey CEO Twitter, and many more government officials. A person from MGM Resorts has reportedly confirmed that impacted guests were intimated about the data breach. It also said that they are confident that no data related to financial usages was involved in this matter. Magellan Health Data Breach A member of Fortune 500 companies, Magellan Health was hit by a ransomware attack followed by data hack in April 2020. They confirmed by giving a statement that about 0.365 million patients were affected in the attack. Investigations revealed that the attack was launched according to a planned process in which the attackers first introduced malware to retrieve employee login credentials. Nextly they implemented a phishing scheme to obtain access to the company systems after sending a phishing email and impersonating as one of their clients before beginning the ransomware attack. The attackers stole the login credentials of employees, their personal information, employee IDs and sensitive details of patients such as W-2 information, their Social Security numbers, or Taxpayer IDs. Looking at the attacks, we clearly get the idea that we are never sure of being 100% safe how technologically advanced we might be. Following are some of the ground security measures that can help our organization to stay safe in these unsafe conditions: Educating our employees on security by training them in recognizing and fighting the cyber threats. Implement phishing recognition tool to instantly report any suspicious-looking and unmonitored emails. Safeguard our emails and domains from spoofing attacks by using protocols like DMARC, SPF, and DKIM. Using a VPN connection to have a protected network, keeping hackers and other dangers off the shore.
