Top Cyber Attacks of 2020 and The Lessons We've Learned
Every year during Cybersecurity Awareness Month, we take a look back at the cyber attacks of 2020 and highlight lessons learned, evaluating where organizations could have plugged holes or taken steps to mitigate these security risks. While unfortunately there were too many cyber attacks in 2020 to cover each one, we picked 4 of the top cyber attacks of 2020 and shared some lessons learned.
Marriott: January - March 2020
In January 2020, Marriott hotel chain suffered a security breach affecting 5.2 million guests who take advantage of the Marriott loyalty program. Marriott became aware of the breach in late February, and included personal information including names, birthdays, phone numbers, and other data stored in the loyalty program. Luckily, no financial information, like banking information or credit card numbers were compromised, though the hotel chain's reputation has sufferred, considering there was a larger security breach with a Marriott-owned chain in 2018.
Lesson learned: While there are financial implications for any and every cybersecurity incident, the cost of damage to a company's reputation is simply immeasurable. Having a layered approach to cybersecurity, thinking outside the box, and staying up-to-date with all security best practices, tools and technologies is critical for any organization.
Zoom Credentials: April 2020
In April 2020, it was announced that over 500,000 Zoom usernames and passwords were available on the dark web for sale. While there's no good time for a company to have their data exposed, the middle of a global pandemic, where virtual meeting technology usage was up significantly, may be the worst possible time. Though it was Zoom credentials that were targeted, it wasn't Zoom that was actually breached. The attackers gathered information from the dark web, which hosted a large collection of usernames and passwords from various hacks over the last several years. Unfortunately, many people tend to reuse passwords through the years, which can dramatically reduce the security of that particular password.
Lesson learned: Organizations should maintain an air-tight security posture, including industry best-practices in terms of password maintenance and monitoring. This is where a Written Information Security Plan and a tool like Dark Web Monitoring could have prevented this, not for Zoom itself, but for all the organizations that had their employees' credentials hacked. Additionally users need to change their passwords often and use complex passwords.
Twitter: July 2020
In July of 2020, there was a targeted spear-phishing attack toward Twitter employees, where hackers obtained access to the internal network and some employee credentials. The hackers were advanced, and used employee credentials to access internal systems at Twitter and familiarize themselves with information on their processes. Though a small number of Twitter accounts were targeted, they were high profile personalities like Barack Obama, Kanye West, Bill Gates, Joe Biden, Elon Musk, and more. The hackers broke into these accounts and tweeted a Bitcoin scam, allowing them to obtain over $120,000.
Lesson learned: There's a saying that an organization is only as secure as its weakest link. This was a prime example of hackers taking advantage of human vulnerabilities and weaknesses of Twitter employees. Developing and maintaining strong employee phishing training and exercises can combat and mitigate these instances. Simulated phishing attacks and yearly employee training are critical to ensuring the whole organization has a security-first mindset, from the top down.
Universal Health Systems: September 2020
In September 2020, Universal Health Systems, a major healthcare provider with over 400 locations throughout the US, was affected by a large-scale cyber attack. The cyber attack brought the entire network offline, hindering doctors, nurses and other practitioners from doing their job. Some hospitals reverted to recording patient data via pen and paper. Once again, hackers accessed administrative credentials, enabling them to install the ransomware. No sensitive patient or employee data was accessed or compromised, but it did take Universal Health Systems considerable time to get their systems and applications up and running again.
Lesson learned: Another common saying in the cybersecurity world is that it's not if, but when a cyber incident will occur. That said, all organizations should have a Cybersecurity Incident Response Plan to quickly and efficiently get operations up and running again in case of a cyber incident.