Recent Hacks and their effects have been amplified by a drastic shift to a work-from-home strategy that expanded an already dynamic and fragile cyber threat landscape. Forced lockdowns and other control measures required organizations to uptake new technologies and operations to facilitate the adoption of remote working frameworks. For example, cloud services’ adoption rate skyrocketed since it gave an impetus for embracing new remote working methodologies.
As a result, the remote working culture saw a significant rise in cyber-attacks, such as phishing and ransomware attacks against health institutions. An expanded cyber threat environment caused the cybersecurity approaches of most enterprises to cave in, such that there was an accelerated rate of more breaches and hacks. According to a risk-based security report, more than 36 billion files and records were exposed in different cyber incidents in 2020.
Now that the COVID-19 vaccine spells hope amid an eventful 2020, we need to understand the top breaches and hacks that made headlines in the past year, including the lessons learned to strengthen cybersecurity processes and policies, controls, and practices.
Recent Hacks and Data Breaches
Recent Hack: Twitter Hack
The Twitter hack makes it to the top of the list of most notable breaches in recent months, not because it exposed numerous user accounts, but due to the prominent individuals whose accounts were hacked. A hacking incident in July 2020 left the micro-blogging platform fighting for its reputation since it compromised almost 130 user accounts.
One of the reasons why the breach made headlines the world over is the number of global superstars and celebrities whose handles were hacked. The Twitter accounts of prominent individuals breached in the attack included stars and corporate magnets like Jeff Bezos (Amazon CEO), Kanye West (rapper), Kim Kardashian (a global TV personality), Barack Obama (US ex-president), and Bill Gates (co-founder at Microsoft).
Fortunately, the FBI tracked three people believed to have masterminded the largest Twitter breach and pressed felony charges on various counts, including conspiracy to commit wire fraud, money laundering crimes, and unauthorized computer intrusion.
Recent Hack: Data Breach at MGM Resorts
In February 2020, MGM Resorts, one of the largest hotels and casinos in the US, reported a massive data breach that compromised almost 10.6 million guests. Upon discovering the incident, the entity sought the assistance of two cybersecurity companies to investigate the hack. It also enhanced its cyber defenses to prevent similar breaches in the future.
Despite the efforts, it was later discovered that a hacker was selling the details of 142,479,937 guests on the dark web. The guests had stayed at the hotel in past years. An investigation showed that the information being sold resulted from a data breach incident that impacted the company in 2019. It also showed that the breach could have been much larger than the company expected. The offer price for the information being sold on the dark web was $2,939.76 only.
Although MGM Resorts suffered a large data breach, it was fortunate that the breach data did not involve financial information or personal details, such as passports and personal identification documents like the license or social security numbers. All the same, MGM Resorts was quick to advise all its guests, whether affected by the breach or not, to reset their passwords and monitor their accounts for unusual activities.
Recent Hack: Marriott International Breach
Marriot International was the unlucky victim of a cyber incident that compromised the integrity, confidentiality, and availability of personal information belonging to approximately 5.2 million guests. When announcing the breach in March 2020, the hospitality group stated that there was evidence the attack began in mid-January 2020, and it was not discovered till February the same year. At that point, it was too late.
According to the hotel’s official statement, the cyberattack compromised the guests’ sensitive personal information, such as birth dates, gender, loyalty account numbers, room numbers that specific guests preferred, employer names, email addresses, and names. Nevertheless, Marriot International reported that passwords, payment details, and passport information were not compromised during the hack.
An investigation of the data hack revealed that an unknown third-party had used the login credentials of employees working at a group hotel under the Marriot’s operations, franchise, and brand to access the sensitive information. In response, Marriot International reported the incident to the investigating authorities and notified everyone affected during the data breach incidence. The hotel took a further step by setting up a website whose purpose was to assist the impacted guests.
Recent Hacks: Zoom Login Credentials Exposed in a Data Breach
Zoom, a video calling and conference platform, became a global sensation after countries began enforcing lockdown and work from home measures. In April 2020, news broke that hackers had stolen and put up at least 500,000 Zoom usernames and passwords for sale. The attackers uploaded the stolen credentials to the dark web, where they gave some freely while the hackers sold others as little as a penny each.
Security researchers at IntSights, a threat intelligence provider, investigated the incident and found the cyber actors behind the breach utilized a credential stuffing technique to gain access to the passwords. According to the investigation results, IntSights researchers found that the hackers used a four-phased approach to execute the data breach.
The first step was collecting databases from various dark web supermarkets and online crime platforms and forums containing passwords and usernames exposed in past attacks, with some dating from 2013. While they may seem outdated, individuals with unhygienic cybersecurity practices tend to reuse usernames and passwords across different platforms. The credentials were not used in past Zoom attacks but consisted of a vast collection of recycled, stolen credentials. Perhaps that explains why the prices were low while some were given away free of charge.
Secondly, the attackers needed to write a configuration file to be used as a testing tool for application stress. The hackers required the configuration file to point the stress tool to the application. In the third step, the hackers employed the credential stuffing attack technique, where they used numerous bots to hide the same IP address used to check multiple Zoom user accounts. The hackers took an extra step to hide their tracks by introducing lags in between credential stuffing attempts in a bid to retain a semblance of normal Zoom account usage. Introducing lags protected the hack from being identified as a denial of service (DoS) attack.
During the final phase of the attack, the involved hackers looked for credentials that indicate a successful login attempt. The process returned some additional information, such as meeting URLs and names. The hackers then collected all valid user details, collated them, and bundled them as a sale database.
Most of the impacted accounts belonged to colleges, including the University of Colorado, University of Florida, University of Vermont, Lafayette, Dartmouth, and renowned companies like Citibank and Chase. The compromised credentials comprised personal meeting URLs, passwords, email addresses, and host keys which permitted the malicious cyber actors to join meetings and execute Zoomboming attacks.
Recent Hacks: Wishbone Data Breach
An unidentified group of hackers was selling a wishbone.io database on the dark web. The database housed at least 40 million records and personal details of various Wishbone users. Wishbone provides users with a platform to compare their social with other users through a voting poll. Cyber adversaries advertised the data across different hacking forums, and the asking price was 0.85 bitcoin ($8,000).
The attackers claimed the data consisted of personal details, including phone numbers, emails, usernames, hashed passwords, and city/country/code. Also, the data comprised Wishbone users’ profile pictures. The attackers published a sample of the data to back up their claims. One particular example showed loaded images of minors, a trendy age category in the Wishbone App.
However, it remained unclear whether the hacker who posted the ads was the actual hacker. Security researchers refer to the individuals who create the ads as data brokers, a cybercrime technique specializing in buying or reselling hacked databases in different hacker forums. The threat actor was also selling databases obtained from other hacked organizations, which totaled more than 1.5 billion records. Some of the databases were from entities that reported data breaches in past years.
Recent Hacks: Unacademy Data Breach
Cyble, a cybersecurity intelligence firm, revealed that Unacademy, an Indian-based online learning platform, had been hacked, compromising the details of more than 22 million users. According to Cyble researchers, an unknown hacker group had put up 21,909,707 account and user records for sale for $2,000 on various dark web forums. The breached information comprises hashed passwords, last login date, first and last account holder’s names, usernames, date of joining, and other user profile or account details.
A small survey of affected users showed that the data on sale was accurate and contained authentic information. The last account to be created in the database is dated January 26, 2020. This information indicates that the cyber actors breached the Unacademy network after the creation of the last account.
Cyble also noted that multiple accounts created using corporate email addresses were stored in the database at the time of the hack. The emails consisted of accounts from Infosys, Facebook, Cognizant, Wipro, and Google. If the users used the same passwords to secure their corporate networks, it could have enabled the malicious actors to penetrate and gain access to the networks.
Attackers behind the attack also claimed that they had exfiltrated additional data other than just the user database. The cyber adversaries alleged to Cyble’s cybersecurity researchers that they had breached the entire database, but they were only user records for sale. Holding back other data indicated that it might have a higher value than the user records.
Recent Hacks: EasyJet Data Breach
EasyJet reported a data breach on May 19, 2020, which it believes was executed by highly sophisticated cyber adversaries. The low-cost, British-based airline group first learned of the breach incidence in January 2020. The company stated that the data breach affected at least 9 million customers and compromised sensitive information, such as travel details and email addresses.
However, the company was quick to point out that of the 9 million customers impacted by the breach incident, it exposed the credit card details of only 2,200 customers. EasyJet further noted that there was no evidence showing that the hackers misused the information for malicious reasons. The company urged all its customers to reset their passwords, monitor their bank accounts to identify suspicious activities and be on the outlook for social engineering emails.
While the company did not disclose the incident through an official notice, it shared with BBC that it informed customers whose credit cards were compromised in early April. However, it was aware of the breach in January. EasyJet did not reveal how the cyber actors compromised its security but noted that the attackers were after its intellectual property. Stealing the customer data could have been a secondary objective.
Recent Hacks: Nintendo Recent Data Breach
Nintendo, Japanese gaming and consumer electronics giant, initially reported a data breach that compromised more than 150,000 gamers’ accounts. However, after conducting an internal investigation, the company revised the number upwards as it confirmed an additional 140,000 accounts had been breached, taking the total number to 300,000.
Nintendo uses a unique Nintendo Network ID (NNID) to identify all users with gaming accounts. The unique NNID is a user ID, and users can link it to other accounts for login purposes. During the attack, the involved hackers exploited vulnerabilities in the NNID login system and gained unauthorized access to linked Nintendo accounts. The attackers made away with users’ sensitive data, including email addresses, countries, nicknames, dates of birth, and other personally identifiable information linked to the compromised NNID accounts.
The company stated that it contacted customers affected by the data breach incidence and rest the passwords of compromised accounts. Also, it reiterated that the breach impacted less than 1% of the user accounts.
News of a possible breach began circulating as early as March 2020 after Nintendo users complained that there were unusual activities in their accounts after being charged for various digital items without their consent. In response, the company sent out a tweet urging all Nintendo users to enable the multi-factor authentication option without providing a reason. Two weeks later, the company admitted that there had been instances of unauthorized access in some accounts.
However, Nintendo did not provide any details of how attackers could have gained unprivileged access to the accounts other than claiming that the hackers used means other than the company’s service to obtain legitimate login credentials. In that case, the implication is that the affected users could have been observing poor password practices such that it was easy to crack the passwords, or they might have reused passwords exposed in previous data breaches.
Recent Hacks: The SolarWinds Hack
The SolarWinds 2020 hack closes our list of the most notable data breaches and hacks in recent months. According to a White House statement, a Russian state-sponsored hacker group known as APT 29 or Cozy Bear executed multiple targeted attacks on various US government agencies by exploiting vulnerabilities and security flaws in the SolarWinds Orion IT management software.
The SolarWinds hack was highly impactful since the attack targeted government agencies holding critical information and responsibilities. In its SEC filing, SolarWinds revealed that the hack had impacted almost 18,000 customers using the SolarWinds management software and stated that it notified all affected customers.
However, the company did not disclose the affected customers’ names and took down its client list before revealing the attack. Nevertheless, the data regulators’ and government’s data breach disclosure policies and procedures require hacked entities to disclose the incidence. As a result, multiple companies and government agencies have come forward to reveal the SolarWinds hack.
Key Takeaways – Recent Hacks and Data Breaches
Today, data breaches are frequently happening and are more severe. The recent cyber incidents discussed above have taught us several lessons to keep in mind and to inspire our cybersecurity strategies:
- Many organizations, including small and large enterprises, are vulnerable to cyberattacks. Hackers are continually exploiting existing and emerging vulnerabilities to compromise all companies regardless of their size. Do not be complacent; limit internet access points and surfaces that hackers leverage to exploit.
- Even with relevant security controls, back up sensitive data. After patching software and installing appropriate cybersecurity tools, storing crucial information in a separate location from the company’s network is essential.
- Tighten up cybersecurity protocols with remote workers. It is misguided to assume all recent hacks come from outside the organizations. In most cases, companies overemphasize external attacks and overlook insider risks. Recent breaches remind us to start by learning how vulnerable our internal controls are, especially as we embrace work-from-home strategies. Enterprises should educate employees always to be vigilant and aware of potential threats.
- Avoid ignoring third parties and supply chain attacks. SolarWinds incident is a reminder that an organization’s cybersecurity is as strong as the weakest link. You can secure your network, but it could all be for nothing if you ignore third-party risks.
- Patch systems and stay current. Cybercriminals only need to discover one small opening to exploit and wreak havoc. Keep operating systems and software updated to eliminate vulnerabilities.