As the world transitioned to everything virtual in 2020 — work, classes, and get-togethers — cybercriminals wasted no time figuring out how to exploit the dramatic increase in online presence. Cyberattacks quickly evolved and escalated, and organizations scrambled to protect themselves against a slew of ransomware, phishing, and supply chain attacks and prevent catastrophic data leaks and breaches.
Unfortunately, many unprepared and unknowing users and businesses succumbed to these attacks and suffered significant losses. Let us walk you through three of the most notorious cyberattacks of 2020.
SolarWinds
Major IT firm SolarWinds was the subject of a massive cyberattack that went undetected for months and led to a series of data breaches. The initial attack allowed foreign hackers to access and spread malware to the firm’s clients, which include private companies and government agencies such as Microsoft and multiple parts of the US federal government.
What’s unusual about this attack is that it spread when SolarWinds unwittingly rolled out software updates that contained a malicious code planted by hackers. Around 18,000 of their customers installed the tainted update onto their IT systems, which then allowed the hackers to install even more malware that helped them spy on companies and organizations.
Lesson: The key takeaway from this attack is if you work with third parties that have weaknesses in their systems, then it won’t matter how robust your own cybersecurity is. Especially as systems become more interconnected, it’s crucial that you don’t take your partners’ or vendors’ security for granted. Instead, conduct third party security assessments as well as regular, rigorous security audits of your own systems to spot and address weaknesses early on and keep attackers at bay.
In mid-July, hackers obtained access to the internal network of social media platform Twitter through targeted phishing attacks. They called up consumer service and tech support personnel and tricked the latter into giving up their usernames and passwords as well as multifactor authentication codes. This allowed attackers to hijack 45 accounts — including global Twitter handles like Barack Obama, Kanye West, Bill Gates, Joe Biden, and Elon Musk — and used them to promote a Bitcoin scam.
Although the tweets were taken down immediately, they managed to generate 400 Bitcoin payments amounting to more than $110,000. By the end of July, three suspects were arrested and charged, but the unsuspecting victims who sent the payments received nothing in return.
Lesson: This attack is a prime example of hackers capitalizing on human vulnerabilities. Remaining vigilant and ignoring random requests for personal information or account credentials can mitigate these instances. Likewise, developing a strong security awareness program and conducting phishing simulations help protect your organization against increasingly sophisticated social engineering threats.
Marriott International
Marriott International suffered a data breach at the beginning of the year that affected around 5.2 million guests. According to the global lodging company, hackers may have obtained the login credentials of employees either by credential stuffing or phishing. They then used these to access customer information on Marriott Bonvoy, the company’s loyalty app. This exposed information such as guests’ names, addresses, phone numbers, birth dates, and more.
It was believed that the information was hacked in mid-January, but the company only became aware of the breach in late February. Fortunately, no banking details or credit card numbers were compromised, but Marriott’s reputation has certainly suffered, considering it also experienced an enormous breach in late 2018 that impacted 500 million guests.
Lesson: More often than not, breaches not only cause financial loss, but affected companies also suffer reputational damage that keep them from maintaining and attracting customers. It’s therefore crucial to implement multilayered cybersecurity strategies and keep abreast of cybersecurity best practices and technologies to protect your organization from all sorts of online threats.
Significantly reduce the risk of cyberattacks by working with one of the most trusted managed IT services providers in Las Vegas — Kortek Solutions. We offer comprehensive security solutions, from automated backups to email/spam protection. See what else we can do for your business here, or call us today for more information.