Ever since organizations have shifted their business to remote operations due to the COVID-19 pandemic, there has been a dramatic rise in the number of data breaches. In the first half itself, cases of data breaches have been reported in 81 global companies from 81 countries! Besides, a security research firm recently revealed the impact on the data breach landscape due to COVID-19 where 80% of data breaches have occurred either because of stolen credentials or brute-force attacks! Currently, cybercriminals are exploiting the situation of the pandemic to launch highly sophisticated cyberattacks on every industry possible. In the first six months of 2020, various Fortune 500 companies became the target of massive data breaches where hackers sold account credentials, sensitive data, confidential and financial information of these organizations cybercriminal forums. Till now, nearly 16 billion records have been exposed this year. Moreover, according to researchers, 8.4 billion records have been exposed in the Q1 of 2020 alone! This number is a 273% increase in comparison with the first half of 2019 during which 4.1 billion records were exposed! (Source: Security Boulevard) Let us take you through the biggest cyberattacks of 2020 till now. Twitter Hack Twitter took the whole internet by storm when it was hit by one of the most brazen online attacks in history! The social media platform suffered a breach where the hackers verified Twitter accounts of high profile US personalities like Barack Obama, Elon Musk, Joseph R. Biden Jr., Bill Gates, and many more. Out of 130 targeted accounts, hackers were able to reset 45 user accounts’ passwords. Hackers posted fake tweets from these accounts, offering to send $2000 for $1000 sent to an unknown Bitcoin address. Reportedly, the Twitter breach well-coordinated scam made attackers swindle $121,000 in Bitcoin through nearly 300 transactions. According to the Twitter Support, “the attack on July 15, 2020, targeted a small number of employees through a phone spear-phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.” Marriott Data Breach On March 31st, 2020, the hotel chain Marriott disclosed a security breach that impacted the data of more than 5.2 million hotel guests who used their company’s loyalty application. Hackers obtained login credentials of two accounts of Marriott employees who had access to customer information regarding the loyalty scheme of the hotel chain. They used the information to siphon off the data approximately a month before the breach was discovered. The personal information published on the hacking forum included name, home address, phone numbers, email address, and DOB of guests. The leaked files of guests included Justin Bieber, Twitter CEO Jack Dorsey, and many major government agency officials. However, a spokesperson from MGM Resorts confirmed that impacted guests were notified about the data breach. In addition, it said, “We are confident that no financial, payment card or password data was involved in this matter.” Zoom Due to the COVID-19 pandemic, various organizations across the globe adopted work from home policy. In view of the situation, the Zoom video conferencing app became the most used application for the virtual meeting and got popular among cybercriminals too. Magellan Health (Ransomware Attack and Data Breach) One of Fortune 500 companies, Magellan Health was struck by a ransomware attack and data breach in April 2020. The healthcare giant confirmed by stating that about 365,000 patients were affected in the sophisticated cyberattack. According to the investigation, the attack was launched with a fully planned process where hackers first installed malware to steal employee login credentials. Then they leveraged a phishing scheme to gain access to systems of Magellan after sending out a phishing email and impersonating as their client before deploying ransomware attack. The data thieves were able to steal login credentials of employees, personal information, employee ID numbers, sensitive patient details such as W-2 information, Social Security numbers, or Taxpayer ID numbers.
By: Pallavi Duita