Top Cyberattacks of 2020 How to Avoid Them in 2021
By: Kayla Matthews on February 23, 2021
Some of the events of 2020, like a global pandemic and the SolarWinds’ attack, have highlighted for many the growing concerns about cyberattacks and their potential to do even more harm than they have in the past. Our changing network infrastructure and virtually constant connectivity create even more opportunities for hackers to gain an inroad. Further, when it comes to ransomware attacks, many of them have been doing their homework. They’re attacking networks as a prepared enemy while many aren’t preparing their networks.
This is where it gets dangerous for companies handling significant and sensitive data and not investing in the physical or logical security required to keep that data safe. In addition to those traditional security infrastructure defenses, we also need to be focusing on one of the other great vulnerabilities and that’s human error or negligence. Hackers have, unfortunately, learned that one of the greatest weaknesses in our defense systems is the human component and mitigating that should be part of a comprehensive data security strategy.
Why Are Cyberattacks Becoming More Common and Dangerous?
Perhaps the most obvious reason as to why attacks are becoming more common is, as mentioned above, opportunity. It’s no secret to anyone in 2021 that the Coronavirus in 2020 impacted us all and perhaps one of the most fundamental ways is the amount of time we spend online. Nearly every aspect of our lives, from work and school to socializing and shopping, shifted online. In fact, cybersecurity experts estimate that, since the start of the pandemic, there are now approximately 4,000 attacks per day.
Certainly, a remote workforce created opportunities for network access as more people logged in from home. In fact, 20% of businesses reported a breach or attack as a result of a work from home situation. The vulnerabilities include more unauthorized devices connecting to the systems as well as access through vulnerable networks. The shift caught many businesses off guard, but not hackers; they were ready.
Not only have we created more opportunities, but hackers have just gotten better at what they do. They’ve grown more sophisticated, learned to target bigger businesses, and developed new strategies for accessing information as well as how to leverage the data and their access to reap a larger return. This is specifically true with ransomware attacks.
Despite this threat, online consumers and internet users have not gotten more careful about what data they share online. Further as more of our lives shift online, as the IoT becomes pervasive, even more of our data will be out there, even more pathways to systems and networks will exist, and with that, the potential for even more dangerous attacks grows.
While data exposure has long been considered one of the most dangerous aspects of hacking, recent cyber attacks on the U.S. have brought larger concerns into the spotlight. More specifically, the Solarwinds attack may have exposed national security secrets and certainly exposed government offices and major businesses to data leaks. Of further worry is the likelihood that the attack itself was funded by the Russian government raising very serious concerns about the potential growth and danger of state sponsored cyberattacks.
But it’s not just big government or businesses that should be worried. In fact, there are other very real dangers to whole industries, communities and individual people. With the ability to hack into municipal structures, transportation controls, the oil and gas industry, or electrical grids and critical infrastructure, hackers could create mass havoc and major fatalities. In fact, we saw this potential in Oldsmar, FL recently when someone hacked into a water treatment facility in an attempt to manipulate water treatment additives which would have been poisonous to many and possibly deadly.
Because the risk of a data breach is costly, we should look to recent major cyberattacks as they suggest there is much to learn.
Top 6 Cyberattacks of 2020 And What We Can Learn From Them
While every business, regardless of size, is a potential victim of a cyberattack, certainly the news is often dominated by the attacks that expose the most data, are the most dangerous, cost the most in terms of financial or reputational impact, or have the potential to impact the most people. For that reason, readers may be familiar with some of these attacks, but there is a valuable lesson to be learned from all of them.
Hackers responsible for what will likely go down as one of the largest cyberattacks ever, utilized malware, placed in a software update, to spread the trojan horse across whole systems and industries. Each time users of SolarWinds’ Orion tool installed an update, the malware spread.
The attack was fairly sophisticated in that it was clearly a long game and required the use of multiple domains and existing plug-ins and utilities to mask itself while blocking anti-virus, malware detection, and security through obfuscated blocklists. With the ability to forge security tokens, hackers were able to bypass multi-factor authentication tools and access files and accounts they wanted.
As a result, nearly 18,000 organizations, including the U.S. The Department of the Treasury, the Commerce Department and Department of Energy were impacted as well as businesses supplying and managing critical infrastructure. It is still unclear to the public what data hackers had access to and what risks and dangers that creates.
What do we learn? The Solarwinds attack, among the largest cyberattacks in history, was a supply chain attack. Essentially, this means the malware came in through a third-party solution. The primary defense, therefore, is doing due diligence on your providers whether that be software, hardware, or firmware. Further, including a robust security solution and building strong relationships with suppliers should be part of your preventative tactics. Using the most up-to-date and robust security software available is crucial.
In March of 2020, Marriot revealed that it, again, was the victim of a recent major cyber attack. The data breach, enabled through the login credentials of two employees, exposed the personal information of over 5 million Marriott guests. While the company has not been particularly forthcoming regarding how hackers got access to the login credentials, it does impart an important lesson to all businesses.
What do we learn? What’s notable here is what has long been known in security circles, human negligence or error or lax protocols regarding login and password security present a clear and present danger to any organization. Ensuring that your business is following industry recommendations that address password protocols and best practices such as multi-factor authentication can help prevent this kind of front door access to your system.
In one of the most famous cyber attacks of 2020, Twitter was the victim. Using two hacking strategies, social-engineering and spear phishing, a 17-year old Florida resident was able to provide access to Twitter’s network, enabling two other men to take over celebrity and verified accounts. In short, likely due to the combination of a software outage and lax remote work security protocols, he was able to fool a Twitter employee into providing login credentials to a Twitter administration tool. Then, once the hackers were able to send tweets from hacked accounts, they requested transfers of $1,000 to a bitcoin account in exchange for $2,000.
What do we learn? Sensing a theme yet? Again, the breach here is the result of human error or negligence and a failure to follow security best practices or protocols. At this point, it should be clear that one of the primary takeaways from all of top cyber crimes is that we need to be doing better in terms of our focus on security procedures and protocols. Further, we need to strictly enforce those policies and include security structure that provides oversight and training for staff and employees, especially when normal business is interrupted due to uncontrollable circumstances.
As mentioned above, the rush to work from home setups and with nearly 33% of the American workforce remaining at home, software and applications that facilitated communication and collaboration boomed. Anytime a business sees explosive growth as Zoom did, it becomes a likely target for hackers. Using a credential stuffing attack, hackers using passwords accessed in a previous data breach were able to sell 500,000 account credentials including some from Chase, Citibank, and major educational institutions. With these credentials, hackers can engage in other credential stuffing attacks, Zoombombing, and, potentially, other malicious activities.
What do we learn? As with some of the other biggest hacks in history, this was preventable. While the data breaches of the past are of concern here, so is the need to address password protocols and security standards. Another lesson many companies can and should take from this is to have their security teams monitoring the dark web for company or customer information. While it doesn’t stop the potential consequences, it is a proactive measure that can mitigate the costs.
5. Magellan Health
In what might have been the largest healthcare breach of 2020, a social-engineering phishing attack enabled through malware, exposed over 350,000 patients and eight Magellan facilities to a data breach, exposing health records and other personal information. Their eight facilities were also subjected to a ransomware attack impacting their ability to provide services. While the attack was contained to a single server, the data exposed was significant.
What do we learn? This attack, in particular, exposes the security risk to healthcare, as the industry houses and stores some of the most sensitive personal data available. However, much like the other companies, data security governance standards should be among the primary responses. Most of the biggest cyber attacks in history could have been prevented with more stringent security protocols and more diligent enforcement.
Another big target for hackers is the financial sector and in 2020, Finastra learned this firsthand. A software supplier to 90% of the top 100 banks in the world, they were required to take their services offline due to a ransomware attack. While they report that minimal data was leaked and the primary impact was the loss of services, it’s a second hit on a reputation already recognized for vulnerabilities. In fact, their history of subpar security practices related to server security may have made them a target. Analysis by the company suggests that hackers capitalized on the Covid-19 shift to remote work, though not much more was revealed about its causes.
What do we learn? First, we are reminded that if you’re not paying attention to your security practices, someone else is and they likely don’t have your best interests in mind. We also learn that if you’re a part of certain industries, like healthcare and finance, there’s an added incentive for hackers due to the value of the data.
However, one of the best lessons we take from the Finastra situation is that fast action is key. While lax security enabled the attack, unusual activity on servers alerted Finastra’s team to a big problem. From there, they were able to monitor the servers, determine which ones needed to be isolated, and do so quickly. This likely prevented an even more catastrophic service outage. Again, strict security practices and protocols are the best prevention, but fast action is the best response.
How to Prevent Famous Network Attacks Like These From Happening in Your Business
By this point, hopefully, it’s clear that one of the primary goals of any business should be to create and maintain a data security governance plan overseen by a data security governance team. This team should be responsible for assessing, planning, and responding to any security risks that exist within your industry, your business, and your system itself. In the case of Finastra, had they listened to security recommendations made by IT staff, the breach could have been avoided.
As we’ve seen here, a large majority of data breaches are the fault of human error, negligence, or lax security protocols. One of the best mechanisms for preventing these issues is ensuring that your entire team, not just your IT department, is educated and trained on cybersecurity, risks, security practices and protocols, and updated as threats change. By creating this culture of security, you instill data security as a value within your organization and empower your employees to prevent attacks, breaches, and other threats.
Further, you should ensure your entire network including hardware, software, firmware, and connections are protected by the most up-to-date security applications and technologies. Similarly, when partnering with a data center, your initial analysis and ongoing relationship with them should ensure they are also complying with any industry regulations as well as adhering to their own strict physical and logical security standards.
If you’re hoping to avoid becoming victim to one of the top cybercrimes, then it’s likely time to review and reassess your security infrastructure. If you’re looking for a data center and colocation partner who takes a zero trust approach to cybersecurity, then look no further than vXchnge.
Get in touch with our team today to learn more about how our multiple layers of physical security, strict authentication protocols, and full infrastructure redundancy, are designed with your risk mitigation in mind.
About Kayla Matthews
Kayla Matthews writes about data centers and big data for several industry publications, including The Data Center Journal, Data Center Frontier and insideBIGDATA. To read more posts from Kayla, you can follower her personal tech blog at ProductivityBytes.com.