Recent Cyber Attacks
Top Cybersecurity Breaches That Happened in 2020
In August 2020, credit reporting agency Experian suffered a breach that affected 24 million consumers in South Africa and more than 793,000 businesses. The incident occurred when an individual who claimed to be a client requested services that prompted the data’s release. The stolen data was eventually secured and deleted, while Experian revealed it had not been used fraudulently and that its customer database, infrastructure, and systems had not been compromised.
The data of more than 10.6 million customers of MGM Resorts hotels was leaked to a hacking forum in February 2020. The data included addresses, dates of birth, email addresses, names, and phone numbers belonging to celebrities, business executives, government employees, and tourists.
However, the hack did not breach users’ credit card details. The incident began in mid-2019 when MGM discovered unauthorized access to its server. Another data breach followed in February 2020, which saw user data published on an open, accessible forum.
The University of California, based in San Francisco, suffered a ransomware attack that led to hackers demanding a payment of $3 million on June 1, 2020. The university’s system was targeted by malware that could encrypt various servers and steal and encrypt critical data. The university negotiated and paid a ransom fee of $1.14 million but later revealed no data had been compromised.
Cognizant Technology Solutions Corp.
Technology and consulting firm Cognizant was affected by the Maze ransomware attack on April 18, 2020. The attackers stole data and threatened to publish it online unless Cognizant paid a ransom fee. Cognizant later revealed it paid a ransom fee of between $50 million and $70 million to restore its services.
Tillamook County’s IT systems were infected by encryption malware on January 22, 2020. The attack shut down its computer and phone systems and took down the website that hosts its various departments. Tillamook County’s computer systems were down for at least two weeks, and attackers demanded a $300,000 ransom fee, which would double after two weeks, to restore the data. The county tried to avoid paying the ransom but could not restore the data and eventually settled.
As the COVID-19 pandemic broke, an attack targeting the World Health Organization (WHO) resulted in the breach of 25,000 email addresses and passwords. The data was leaked online on April 19, 2020, along with information belonging to other groups fighting the pandemic, including the Gates Foundation, the National Institutes of Health (NIH), and the U.S. Centers for Disease Control and Prevention (CDC).
Zoom Conferencing Service
Videoconferencing service Zoom saw a massive increase in activity throughout 2020 with people working from home and speaking to friends and family through the application. However, in April 2020, a cyberattack known as Zoombombing enabled cyber criminals to join private meetings, access conversations, and share offensive images, videos, and screens. Zoom updated its application to enhance security levels.
A Mitsubishi Electric systems data breach resulted in around 200 MB of files being stolen. The breach, which was first detected in June 2019 but was reported in January 2020, contained employee and applicant information, data about retired employees from affiliate companies, and sales and technical material. The attack was caused by a vulnerability in the organization’s antivirus solution, which Chinese hackers exploited.
A Hacker Leaded Data of 18 Companies
One of the most significant cyber attacks that occurred in 2020 was through a hacker known as ShinyHunters. The hacker stole around 386 million user records from 18 different companies between the start of the year and July. The attacker posted links to these companies’ databases, made them freely available to download, and sold data online.
Biggest Data Breaches
Cyber-attacks pose a significant threat to businesses of all sizes, government agencies, and individual internet users. Recent cyber-attacks have come from hacktivist groups, lone wolf hackers, and nation-states.
The first cyber-attack on record was The Morris Worm in 1988. Robert Tappan Morris, a graduate student at Cornell University, developed a worm program that would crawl the web to count how many computers were connected to the internet. However, the worm installed itself on one in seven computers and forced them to crash, which saw it inadvertently become the first distributed denial-of-service (DDoS) attack. The Morris Worm damaged around 6,000 computers, which then comprised 10% of the entire internet.
In 2002, the first internet attack as we now know it saw a DDoS attack target the 13 Domain Name System (DNS) root servers. The attack could have brought the internet down if allowed to continue and was then the most sophisticated and widescale cyber-attack ever launched.
Recent cyber-attacks have advanced and can affect vast numbers of people. Single attacks now regularly steal the data of hundreds of millions of people.
Below is an overview of some of the most significant cyber-attacks recorded in history.
In October 2013, software company Adobe suffered a cyber-attack in which hackers stole credit card data from nearly 3 million customers. The attack also saw login credential data, including usernames and hashed passwords, of up to 150 million users stolen. Further research into the attack discovered that the hackers had also stolen customer names, identification data, passwords, and more debit and credit card data.
In August 2015, Adobe was ordered to pay legal fees of $1.1 million. It also paid around $1 million to customers in further settlements because of unfair business practices and violating the Customer Records Act.
In May 2019, the graphic design website Canva suffered an attack that exposed email addresses, names, cities of residence, passwords, and usernames of 137 million users. Hackers were also able to view but not steal files that included partial payment and credit card data.
The attackers, known as GnosticPlayers, contacted the technology news website ZDNet to boast about the attack. They claimed to have obtained users’ open authorization (OAuth) login tokens, which are used for logging in via Google.
Canva confirmed the attack, notified its users, and prompted them to update their passwords and reset their OAuth tokens. But a list of 4 million Canva accounts and stolen passwords was later shared online, which resulted in Canva having to invalidate any passwords that remained unchanged.
More than 162 million users’ data—email addresses, hashed passwords, dates of birth, and usernames—was stolen from the video messaging service Dubsmash in December 2018. A year later, the data was made available for sale on dark web site Dream Market as part of a dump of data that also included information from attacks on Armor Games, Coffee Meets Bagel, MyHeritage, MyFitnessPal, and ShareThis.
Dubsmash acknowledged that its systems had been breached and the stolen data put up for sale, and advised users to change their passwords. However, it has not reported how attackers gained access to the data or confirmed the attack scale.
A cyber attack in May 2014 exposed the account list of eBay’s 145 million users. The attack, which exposed user addresses, dates of birth, names, and encrypted passwords, occurred as hackers obtained three eBay employees’ credentials. Attackers gained complete access to the entire eBay network for 229 days.
eBay asked customers to update their passwords, for which it received criticism over its poor communication and password-renewal process implementation. The auction site also advised that financial details, such as credit card information, were stored in a separate location and had not been compromised.
The business social network LinkedIn is a common target for cyber criminals launching social engineering attacks. It has also suffered major cyber attacks that leaked its users’ data.
The first came in 2012, when 6.5 million hashed passwords were stolen then posted on a Russian hacker forum. The attack’s true size was revealed four years later when a hacker was discovered selling 165 million LinkedIn users’ email addresses and passwords for 5 bitcoins, which were then worth around $2,000. LinkedIn acknowledged the breach and reset passwords on all accounts that had been affected.
Collaboration platform Slack was affected in 2015 when hackers gained unauthorized access to the service’s infrastructure. This included a database storing user profile data, such as usernames and hashed passwords. The attackers also injected code that enabled them to steal plaintext passwords when users entered them.
Slack revealed the attack affected around 1% of its users, estimated to be around 65,000 users. It immediately reset their passwords and advised all users to reset their passwords and implement security measures like two-factor authentication (2FA).
Four years later, a Slack bug bounty program revealed a potential compromise of Slack credentials, which it suspected was due to malware or users recycling passwords across online services. It subsequently realized that most of the credentials affected were from accounts that accessed the service during the 2015 incident.
Cyber attacks targeting the internet provider Yahoo are widely acknowledged as the most significant data breaches in history. The state-sponsored attacks, which began in 2013, affected all of Yahoo’s 3 billion users.
In September 2016, Yahoo revealed a 2014 attack that compromised 500 million users’ names, email addresses, telephone numbers, and birth dates. Three months later, the company revealed a breach from 2013, which was carried out by another attacker and compromised its users' names, email addresses, passwords, dates of birth, and security questions and answers. Yahoo initially estimated that the 2013 attack affected 1 billion users but later changed that to its entire user base of 3 billion people.
Games developer Zynga, which created various popular games that users accessed via Facebook, suffered a massive cyber attack in September 2019. The attack by Pakistani hacker group GnosticPlayers, who also claimed the Canva attack, accessed the database of Zynga games Draw Something and Words With Friends. It compromised the email addresses, hashed passwords, phone numbers, and Facebook and Zynga user IDs of 218 million people.
How Fortinet Can Help?
Fortinet helps organizations prevent cyber attacks and keep their data, networks, systems, and users safe from hackers. The FortiGate next-generation firewalls (NGFWs) protect businesses from the latest attack vectors and keep them safe from increasingly sophisticated techniques. Fortinet NGFWs filter network traffic to help organizations identify attacks and offer features like packet filtering, network monitoring, and IP mapping.
They also include capabilities such as deep content inspection that identify and block threats, application control, advanced visibility, and intrusion prevention. The NGFWs block malware and offer future updates that enable them to evolve with the cyber threat landscape and protect businesses from the latest threats as they arise.
Additionally, organizations must ensure they keep all software up to date and use processes like encryption, passwordless authentication, and multi-factor authentication (MFA) to secure data and services and provide secure wireless networks.