Best of the Worst: 2020’s Top Data Br …
It just feels pretty safe to say that 2020 wasn’t a great year for anyone. That is, of course, unless you’re a wiley hacker who is now rolling in piles of ransom cash you pulled from an unsuspecting company or organization. Apart from the global pandemic and the presidential election, the frequency of data breaches and hacks seemed to peak.
The US Government
One of the biggest “yikes” moments for the cybersecurity community and the entire nation was the recently uncovered attack on critical government infrastructure.
Frankly, it’s all pretty fresh; CISA just announced the breach on Dec. 17… just a few short weeks before this nightmare year comes to a close. And the reality is that this is far greater than just a “yikes” moment — the breadth and nature of the breach makes it uncomfortably close to an act of war. And based on CISA’s own admission, the agency doesn’t feel overly comfortable with their ability to remove the threat actor from the internal systems it has breached.
This post isn’t here to retell the entire tale, but it’s worth reading CISA’s statement directly, rather than digging into outside media sources who have already begun spinning this into a political move rather than a national security threat. It’s worthy of noting that neither SolarWinds (whose software was responsible for the breach) nor CISA can actually confirm who is responsible for the breach, but there is a high level of suspicion that it’s a nation state actor, based on the sophistication of the attack.
The org cites the SolarWinds Orion platform as the source of the breach — something confirmed by the company itself in a recent Security Advisory. Long story short, if you’re using SolarWinds Orion platform, it’s definitely time for a software update. Like, several days ago.
The FireEye breach seems a bit more like a subheading to the US Government breach. Their early December announcement about an attack that had hit them opened up the massive Pandora’s box that was the SolarWinds hack. Had it not been for FireEye’s keen catch, we’d likely be living in a world where a nation-state actor rolled right into 2021, quietly digging into government information.
Unfortunately, the corrupted SolarWinds software had been pushed out in March 2020. So, there’s been an open backdoor to anyone using the Orion platform… This could include any of SolarWinds roughly 300,000 customers worldwide (though, their customer list on the website lands on a clever 404 error).
This midsummer hack apparently involved a teenager from Tampa acting as some sort of “mastermind” while posting Bitcoin scams from Elon Musk’s Twitter feed. As the CTO and his team began investigating, they were alarmed to find that major accounts — Jeff Bezos, Kanye West, Apple, Uber and up to 120 others were compromised.
The initial fear was that this was an attempt to subvert the upcoming US election, but Twitter came out with an update to their public statement, making it clear that only one elected official was a victim of the hack — Geert Wilders of the Netherlands.
This is a weird one for most of us, when you consider how much access the hackers got and could have had, yet how little they did with it. The immediate move by the social media giant brought joy to all the “regular people” on the platform — they stopped all verified accounts (“blue check marks”) from Tweeting until the issue was under control.
But the hacker had ample time to pull down direct messages and make statements on behalf of some of the most critical figures in our country… but maybe those Bitcoin donation scams are more lucrative than they seem.
According to a report from Wired magazine, team Twitter then went on to implement a zero-trust environment, requiring all employees (from @Jack to everyone below) to connect with their supervisors on a video call and change their passwords and log-ins as their bosses looked on. The attack was alleged to have been sourced via a phishing scheme via a phone call to someone in the customer service department, per the Wired article.
In our team’s unscientific study, we determined that one of the most commonly typed phrases of this year was “can we jump on a Zoom?” So much so, that the company’s stock opened in 2020 at roughly $68 a share, and will close somewhere in the $350 range (after peaking at close to $600 in October). But with great power comes great vulnerability, as the company began to learn with its massive rise in pandemic popularity.
By April 1, there were hundreds of verified Zoom accounts and requisite login information up for grabs on the dark web. Let’s not forget the near-nightly stories about another virtual fourth grade class getting “Zoom-Bombed” — which is perhaps a bit more fun than its violent name implies. Fortunately, the company did the best thing it could do at a time like this: they admitted they messed up. And, even better, took steps to add end-to-end encryption on their software.
That said, security-savvy users always knew how to password protect their meetings, as well as to keep them locked to prevent unwanted guests. And the best of us likely saved the juicy stuff for the privacy of a phone call, anyway.
What did we miss?
Unfortunately, even as the sun sets on 2020 one last time, we’re still all wide open for security breaches as we continue to live our lives online. What major breaches are we leaving out? And what can we learn from the experiences of others? Let us know in the comments.
Recent news posts
Holiday Weekend Leaves Many Vulnerable to Cyber Attacks
Costa Rica Ransomware Attack Continues to Plague Citizens
What the Crypto Crash Means for Cyber Crime
Scaling, Improving and Automating Your GRC Strategy
CISA Issues Emergency Directive 22-03, Encourages VMware Updates
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.