Published: May 12, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
In a world still grappling with coronavirus, 2020 was a banner year for cybercriminals. With hacking events at historic levels, it was arguably the worst year for individuals, enterprise, and their data security. Always ready to exploit a crisis situation, hackers did what they do best. Cybersecurity Ventures estimates the U.S. lost $6 trillion to these hacks in 2020, doubling the cost of cybercrime just five years ago. Last year’s three biggest targets for cybercrime were Zoom, Twitter, and the Russian-backed SolarWinds hack.
Zoom hackers stole the passwords of 500,000 users, exposing a security failure by the Facebook-owned company to check usernames and passwords against breached account credentials. Hackers put the stolen data for sale on the dark web and also used them for credential stuffing attacks.
Twitter claims its hack that led to 300 million users having their accounts compromised in a Bitcoin scam, was the result of an inside job. It’s believed the attackers used an internal Twitter security tool to bypass security, including for account holders who used 2FA (two-factor authentication) and strong passwords.
Customers of U.S.-owned SolarWinds’ Orion network monitoring platform downloaded a system update as they had done before. Believed to be Russian-facilitated, the U.S. government found the software update was fake and laced with malware. By the time the hack was discovered, the bogus SolarWinds update had been used against several government agencies and thousands of U.S. companies. The most recent assessment found the hack was launched from inside the U.S., and 9 federal agencies and 100 private sector companies were attacked.
What We Learned
Use 2FA or MFA (multi-factor authentication) to protect against socially engineered phishing attacks, including spear phishing and credential stuffing hacks.
Be aware of email phishing red flags. Those flags include emails from unknown senders, especially those with links and attachments. Also, emails with misspellings and bad grammar and those that elicit an immediate response or require a funds transfer. Don’t hesitate to verify the sender is legitimate before acting.
Ensure that access to sensitive data, including financial, be limited to only those who need it to do their job. IBM’s 2020 Cost of a Data Breach report found the breaches were not only expensive, but many used compromised employee credentials as the root cause behind the attacks.
Don’t assume that a widely known app or platform has the proper security in place for their users. As we saw with Zoom, proper vetting is required for user safety.
There’s no replacement for cybersmart employees. Since they are often the first line of defense against hacking, regular and ongoing cybersecurity training for staff can help prevent an attack before it happens.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org