Blog

5 Massive Cyber Attacks and How to Avoid the Same Fate for Your Company

Systems crash.
Utter chaos.
A big PR nightmare.
Customers start complaining.
Your stock price plunges.

That’s how events unfold when you’re hit with a cyber-attack.

Ransomware attacks, data leaks, and its negative effects aren’t exclusive to big companies. If you have sensitive data, you could be a victim.

According to IBM’s 2020 Cost of Data Breach study, the global average total cost of a data breach was $3.86 million last year, with healthcare being the most expensive at $7.13 million.

While the long-term damages to a company’s profitability isn’t always obvious, research shows the market isn’t quick to forgive data leaks.

A study of 34 publicly traded companies by Paul Bischoff of Comparitech showed that share prices fell down an average of 3.5% 110 days after a breach of data incident.

And the market effects don’t stop there: their share prices fell 8.6% on average after a year, and 15.6% after three years.

With that in mind, I’ve only got 3 things for you today: a rant on hackers, a lesson in security training, and a quick request.

5 Big Cyber Attacks that Rocked Companies in 2020s

1. Hackers Capitalizing on COVID-19 Targeted WHO

Last April, around 450 emails and passwords from employees of the World Health Organization were leaked online, plus thousands of account information from other healthcare professionals working on the COVID-19 virus.

While the attack didn’t put WHO’s system at risk, it affected an older extranet system.

The attack started last March 13 when hackers setup a site that mimicked WHO’s internal email platform to steal account information, according to Alexander Urbelis, a cybersecurity expert from Blackstone Law Group.

Scammers using fake WHO emails are also targeting the public to get donations for a fake COVID-19 fund.

Meanwhile, researchers from Kaspersky found that the same setup has been used to target other healthcare agencies, possibly for the same donation scam or to get sensitive information on the virus’ research.

Health and government organizations around the world are busy fighting the virus, while cyber-criminals are capitalizing on it.

Businesses are closing, people are losing jobs, and thousands of people are dying.

Off all the things they could’ve targeted, this is the lowest of the low.

2. Carnival Corporation Data Breach

Carnival cruise line, along with subsidiaries Holland America Line and Seabourn cruise was a victim of a ransomware attack last August 2020.

The unnamed hackers got the confidential information of both employees and customers, though Carnival claims the information wasn’t misused, at the time of the report.

Security Affairs reports that their 10-Q form filed with the SEC also confirmed that they engaged a cybersecurity firm to investigate the attack.

“While the investigation is ongoing, early indications are that the unauthorized third-party gained access to certain personal information relating to some guests, employees, and crew for some of our operations. There is currently no indication of any misuse of this information.

The filing didn’t name the ransomware used, but researchers from Bad Packets speculate that hackers exploited Carnival’s vulnerable Citrix devices.

 

 

The CVE-2019-19781 vulnerability allows hackers to access a company’s internal network, while the 2020-2021 vulnerability lets unauthorized users to bypass authentication.

So far, Carnival Corporation has declined further requests for information on this attack, citing only that they’re working quickly to identify the affected guests and personnel.

 

 

 


IBM’s Cost of Data Breach study shows the average cost of compromising a customer’s personal information is $175 per record. Only time will tell on how much Carnival will have to pay in this attack.


 

Seatrade Cruise News reports that Carnival aims to complete the investigation and notify affected individuals in 30-60 days.3. Software AG’s Double Ransomware Attack

Size isn’t always evidence of strength, especially in the tech world. Some might say the bigger the company, the more exploitable opportunities they have. After all, the bigger the company, the more sensitive information they must protect.

That was certainly the case for German software company Software AG, which is also the 7th largest software company in Europe.

They were forced to shut down internal systems, including their helpdesk and internal communications, after a Clop ransomware attack took their system hostage last October 3.

Attackers demanded a $20 million payment, but the company refused to pay and that’s when things got uglier.

The Clop operators published details of their employees online, including passport and ID scans, emails, and financial documents.

 

Screenshot from Zdnet

We’ve reached out to Software AG regarding this attack but have received no remarks on how they’ve dealt with this matter.

4. Twitter Melt Down Caused by Unexpected Culprit

This is the story of how an unexpected culprit brought down Twitter, and why employees’ security training is important, even if you’re in a tech company.

July 15, 2020, started out as a typical day for Twitter employees, until the phone calls started coming in.

Someone was calling their tech and consumer service lines asking for a password reset—an obvious phishing scam.

While many employees passed the message to the security team, some were too friendly/gullible for their own good.

Wired reports that maybe 4 to 8 employees gave in. Just a few minutes later, several highly coveted accounts like @drug and @xx got compromised. While these are priority accounts, the incident isn’t too big yet to reach Twitter CTO Parag Agrawal.

A few hours later, cryptocurrency exchange Binance sent a Tweet saying that they’re giving away $52 million worth of bitcoin. The Tweet includes a link to a suspicious site.

An hour later, @elonmusk tweeted a similar Bitcoin scam, followed by @Billgates and @barackObama.

 

 

Many cybersecurity professionals were surprised at how easy it was for Hackers to access Twitter’s internal tools.

Zero Trust Environment

To contain the hack, they decided to log-out everyone from the internal VPN, one data center at a time.

Every employee was required to log back in in a “Zero Trust” environment. CEO Jack Dorsey logged back in first, followed top to bottom by everyone in the organizational chart.

It was a time-consuming process, as everyone was required to go on a video conference and manually change their passwords while chatting with their supervisor. Everyone had to confirm who they were.

Attack Not Successfully Monetized

Although the hacker/s had skill, cybersecurity experts theorize that they’re new to the game because they burned through a valuable loophole but only earned a small amount for their efforts.

Investigations revealed that Graham Ivan Clark, 17-year-old teen from Florida, orchestrated the attack.

Yes, a 17-year-old teenager took down Twitter.

CNBC reports that he received about 400 bitcoin payments with an estimated value of $121,000.

It’s a small amount for such a historic attack, but $121,000 is still a lot of money considering that it was a teenager who did it and it only took about a day’s work.

Twitter learned their lesson though. According to Wired magazine, Twitter rolled out employee trainings on phishing and privacy, along with several security plans to combat possible attacks.

They also required employees to use two-factor authentication, and a traceable security fob to authenticate their log-ins.

Truthfully, Twitter was lucky that the attack was carried out by a Bitcoin-minded teenager. If it was someone else, they could’ve used the private messages, device location, and other sensitive account information of the hacked users.

Just imagine the chaos that would ensue if @BarackObama and @Billgates personal information was leaked!

Ransomware Attack on Las Vegas Clark County School District

The pandemic forced many schools to adapt to distance and online learning, with not much resources or preparation.

A ransomware attack compromised the servers of Clark County School District (CCSD) last August 27, 2020.

Hackers warned Clark County to pay up last September 14, 2020, according to Emsisoft, the cybersecurity firm tracking the incident.

When CCSD refused to pay the ransom, leaked files from student records were published in an underground forum later in September, according to a report from Business Insider. Brett Callow, an analyst from Emsisoft, says the data includes social security numbers, addresses, student names, and other sensitive information.

CCSD serves about 320,000 students and it’s not clear how many of these students were affected in the leak.

Emsisoft’s research says more than 60 school districts and have been attacked by ransomware last year.

While CNN reported that a 16-year-old student has been charged for orchestrating eight attacks, it’s still unclear whether the student worked alone. IP addresses as far as China, Russia, Iraq, and Ukraine were used, though there’s no confirmation whether the hackers were physically in those locations.

Work at Home and Continue Business as Usual, but Stay Secure

Asking your employees to stay-at-home keeps everyone safe but the unprecedented access to home Wi-Fi networks and personal devices puts your company’s data at risk.

So here’s my request for you: establish security protocols to prevent unwanted data leaks before they happen.

Here are several strategies on preventing data breach:

  1. Conduct tests to detect exploitable vulnerabilities in your company’s IT infrastructure.
  2. Back-up confidential and sensitive data regularly and store it separately from other often-accessed information.
  3. Regularly update your software, applications, and systems with the vendor’s latest security patches.
  4. Run cyber-attack simulations to train your employees and IT personnel how to respond in case of an attack.
  5. Implement two-factor authentication and invest in cyber security tools such as a network monitoring tool and penetration testing tools.

Below are tools that can help you in preventing a data breach

Nagios

A tool that monitors systems, hosts, and networks, and delivers real-time alerts. It’s a comprehensive network monitoring tool that checks HTTP, NNTP, POP3, SMTP, and a host of other network services.

OSSEC

OSSEC is an open-sourced customizable and scalable data breach prevention tool that will alert you to network intrusions. Features include rootkit and malware detection, file integrity monitoring, log-based intrusion detection, and more. The new version, OSSEC+, comes with a machine learning element, real-time community threat sharing, and other features.

Malwarebytes

A SaaS that offers both home and business protection services against suspicious sites, malware, and ransomware. For businesses, it can be used as a centrally managed network monitoring tool or a standalone security solution.

The PCman Website Virus Test

It’s a free service that plants a fake virus on your computer to gauge its defenses. It’s a good way to know if your antivirus is setup properly.

Nessus Professional

This is the solution for unexpected problems like when your employees incorrectly set-up your network’s security or software patches. It detects and repairs vulnerabilities in your system, including bugs, missing patches, wrong OS configurations, and so much more.

It checks if your software version numbers match with the updates and confirms if your programs are running as they’re supposed to.

Snort

An open-source enterprise level intrusion detection system that uses a series of (flexible) rules to identify malicious network activity. It can be used as a packet sniffer, packet logger, or as a total network intrusion detection system.

Heimdal

Another enterprise level product, Heimdal, protects companies from data leaks, browser hijacking, ransomware, and other cyber-attacks. Its machine-learning capability allows the software to detect hidden threats, while the advanced firewall prevents incoming attacks and allows users to isolate affected devices.

Metasploit

Metasploit Rapid7 help users scan their systems and networks for more than 1500 possible exploits.

Of course, these tools will go a long way in protecting your business from cyber-attacks, but they can’t fully replace the services a cybersecurity firm provides. Your network’s security is only as effective as its administrators.

While these cyber security tools can help you detect attacks, they can’t help you create a customizable response to get your systems back running in case of a data breach.