2020’s Major Data Breaches

Ever since organizations have shifted their business to remote operations due to the COVID-19 pandemic, there has been a dramatic rise in the number of data breaches. In the first half itself, cases of data breaches have been reported in 81 global companies from 81 countries!Besides, a security research firm recently revealed the impact on the data breach landscape due to COVID-19 where 80% of data breaches have occurred either because of stolen credentials or brute-force attacks!

Currently, cybercriminals are exploiting the situation of the pandemic to launch highly sophisticated cyberattacks on every industry possible. In the first six months of 2020, various Fortune 500 companies became the target of massive data breaches where hackers sold account credentials, sensitive data, confidential and financial information of these organizations’ cybercriminal forums.

Till now, nearly 16 billion records have been exposed this year. Moreover, according to researchers, 8.4  billion records have been exposed in the Q1 of 2020 alone! This number is a 273% increase in comparison with the first half of 2019 during which 4.1 billion records were exposed! (Source: Security Boulevard)

The 15 biggest data breaches of the 21st century | CSO Online

Let us take you through the biggest cyberattacks of 2020 till now.

Top 5 Data Breaches in 2020 So Far:

Twitter Hack 

Twitter Confirms it was Hacked in an Unprecedented Cryptocurrency Scam |  Threatpost

Twitter took the whole internet by storm when it was hit by one of the most brazen online attacks in history! The social media platform suffered a breach where the hackers verified Twitter accounts of high-profile US personalities like Barack Obama, Elon Musk, Joseph R. Biden Jr., Bill Gates, and many more.

Out of 130 targeted accounts, hackers were able to reset 45 user accounts’ passwords. Hackers posted fake tweets from these accounts, offering to send $2000 for $1000 sent to an unknown Bitcoin address. Reportedly, the Twitter breach well-coordinated scam made attackers swindle $121,000 in Bitcoin through nearly 300 transactions.

According to Twitter Support, “the attack on July 15, 2020, targeted a small number of employees through a phone spear-phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.


Marriott Data Breach

Second Marriott Data Breach Affects 5.2M Guests | Hotel Business

On March 31st, 2020, the hotel chain Marriott disclosed a security breach that impacted the data of more than 5.2 million hotel guests who used their company’s loyalty application.

Hackers obtained login credentials of two accounts of Marriott employees who had access to customer information regarding the loyalty scheme of the hotel chain. They used the information to siphon off the data approximately a month before the breach was discovered.

The data accessed in the breach involved personal details such as names, birthdates, and telephone numbers, travel information, and loyalty program information.

According to the Marriot, hackers might have obtained the credentials of their employees either by credential stuffing or phishing. Previously, the hotel giant announced a data breach in late 2018 in which up to 500 million guests were impacted!


MGM Data Dump

142 Million Guests: Hackers Attempt to Sell MGM Grand Data Dump for  Cryptocurrency – Bitcoin News

Last year in 2019, MGM Resorts suffered a massive data breach. The news of the breach incident started to circulate in February 2020 when hackers leaked the personal details of 10.6 million hotel guests for free download. But in the later findings, the number increased by 14 times (nearly 142 million) than the number recorded in February 2020.

The personal information published on the hacking forum included the name, home address, phone numbers, email address, and DOB of guests. The leaked files of guests included Justin Bieber, Twitter CEO Jack Dorsey, and many major government agency officials.

However, a spokesperson from MGM Resorts confirmed that impacted guests were notified about the data breach. In addition, it said, “We are confident that no financial, payment card or password data was involved in this matter.

Zoom Credentials Up for Sale!

Hundreds of thousands of stolen Zoom accounts for sale on hacker forums for  next to nothing | BetaNews

Due to the COVID-19 pandemic, various organizations across the globe adopted work from home policy. In view of the situation, the Zoom video conferencing app became the most used application for virtual meeting and got popular among cybercriminals too.

Within a short span of time, the application became vulnerable to various security threats and eventually became a victim of the data breach. In the first week of April 2020, the news of “500,000 stolen Zoom passwords available for sale in dark web crime forums” shook the application users.

It was reported that more than half a million Zoom account login credentials were up for sale and some of the accounts’ credentials were given away for free. In fact, some of the login credentials were sold for less than a US cent each!

Along with account login credentials, victims’ personal meeting URLs and HostKeys were available too. The leaked accounts’ details belonged to financial institutions, banks, colleges, and various organizations.


Magellan Health (Ransomware Attack and Data Breach)

Healthcare Giant Magellan Struck with Ransomware, Data Breach | Threatpost

One of the Fortune 500 companies, Magellan Health was struck by a ransomware attack and data breach in April 2020. The healthcare giant confirmed by stating that about 365,000 patients were affected by the sophisticated cyberattack.

According to the investigation, the attack was launched with a fully planned process where hackers first installed malware to steal employee login credentials. Then they leveraged a phishing scheme to gain access to systems of Magellan after sending out a phishing email and impersonating their client before deploying a ransomware attack.

The data thieves were able to steal login credentials of employees, personal information, employee ID numbers, sensitive patient details such as W-2 information, Social Security numbers, or Taxpayer ID numbers.

Is Your Organization Secured From Data Thieves?

The global shift to a remote working culture has leveraged cybercriminals to launch highly sophisticated cyberattacks. Moreover, ransomware, phishing, DDoS, BEC attacks, etc. are amongst the most common types of data breaches that we have witnessed this year, till now.

Clearly, the first half of 2020 was quite challenging for organizations in terms of cybersecurity along with the adoption of new normal changes. Besides, we are still unsure of what cybercriminals have in store for the next six months of 2020.

Although, by learning lessons from the recent data breaches, we can secure our organizations from emerging cyber threats. Here are some of the “must follow” security measures for your organization to stay secured in these unsecured times:

  1. Educate your employees with security awareness training to help them recognize and combat emerging cyber threats.
  2. Incorporate phishing incident response tool to instantly report suspicious-looking and unsolicited emails.
  3. Secure your email domains against email spoofing attacks by implementing email authentication protocols such as DMARC, SPF, and DKIM.
  4. Keep all your software and applications updated with the latest security patches from time to time.
  5. Use a VPN connection for a protected network to keep hackers and other threat actors at bay while working remotely.

Ultimate guide to prevent Email Spoofing

With technology making revolutionary advancements, the rate of cybercrime has subsequently increased in the last decade. With hackers coming up with new ways and means to trick company employees, to find a digital route into the company assets, basic knowledge on spoofing is not enough anymore.Base-level education on email spoofing includes impersonation of an organization or executive by cyber attackers to get employees to disclose their confidential information like corporate ID or password. This information thus provided enables hackers to gain easy access into the company’s databases and accounts, draining their finances, and leaking valuable data.

What is email spoofing?

As per a survey conducted by Forbes magazine on email spoofing statistics, cybercriminals send out around 1.3 Billion spoofing emails every single day. Cybersecurity analysts conducted detailed studies worldwide to disclose chilling statistics on email spoofing:

  1. 22% of all data breaches in 2019 were due to email spoofing.
  2. 88% of all organizations from 2019-2020 experienced phishing attacks due to spoofed email domains.
  3. 96% of all phishing attacks are carried out via email spoofing. 
  4. 56% of all hackers rely more on stolen corporate credentials from employees tricked via spoofed email domains, than malware attacks.

Hackers are moderating methods to trick users, which goes beyond just impersonating the company’s executive email domain. Sometimes, employees may even receive an email from their own email address as cybercriminals try imitating the victim itself.

This has increased the chances of falling prey to phishing attacks, dispersing confidential information, and hampering security at your workplace.

How does Email Spoofing Take Place? 

Email Spoofing: What is Email Spoofing and Phishing

Hackers and cyber attackers take a corporate email ID and create a forged email address using that ID, to give the impression that the email has been sent the exact same email domain. Cybercriminals generally make use of weak links and vulnerabilities such as poor email domain authentication protocols in the company to forge emails.

Statistics disclose that around 40% of all leading organizations lack proper email domain authentication.  Email domains generally operate via SMTP, which is the Simple Mail Transfer Protocol, a communication protocol that enables the transfer of mail via digital platforms.

However, SMTP is not programmed with an automated email authentication mechanism. Cybercriminals exploit this vulnerability in order to create spoofed emails by making minor changes in the IP addresses that are very difficult to track by inexperienced people.

Scanning the operating system for viruses and malware and changing the password for your email address is a temporary solution and not an effective preventive measure.

Therefore, it becomes imperative to implement certain programs and mechanisms to ensure a well-rounded protocol for email domain authentication and nullify the chances of falling prey to a phishing attack.

Solutions for Protection Against Email Spoofing

SPF ( Sender Policy Framework)

SPF or sender policy framework is a coherent system for email authentication. SPF functions by confirming and checking the sender addresses before the email is redirected into the receiver’s inbox.

This way the authenticity of the email is confirmed by checking whether the domain that the email is being delivered from has a valid IP address.

How does it work?

The IP address is matched with the DNS records of all the email domains that the organization uses for transferring mails to their respective employees.

The DNS record contains a detailed list of all the valid IP addresses for a specific email domain used by the company for the exchange of official information and communication. While the SPF record enlists all the functional email domains used by the same. If the sent email fails to match the data present in the SPF record, it is automatically classified as a forged or spoofed email.

DKIM (Domain Key Identified Mail)

Domain Key Identified Mail is a unique authentication mechanism used to check email authenticity and reduce the chances of receiving spoofed emails. DKIM functions by using a cryptographic or signature-based tool to implement efficient email domain authorization.

This, in turn, ensures that during the entire route taken by the email, from the sender to the receiver, the features of the particular email have remained unaltered. It helps the recipient confirm whether the email has been sent from the valid source or has it been impersonating the mentioned source to conduct a phishing attack. This guarantees that the data is authentic, and it comes from an authorized source.

How does it work?

DKIM has access to the DNS TXT records of the email domains of the company. When an email enters the system it is assigned a unique identification key by this mechanism, which is verified against the public key in the DNS TXT records, after which a DKIM signature is included in the email header.

The records are updated from time to time on the basis of new senders, and an unlimited amount of data can be stored. When this email enters the receiver’s server, instantly, the DKIM signature is drawn out from the email header.

The header of the mail now contains the domain name as well as a selector that incorporates the signature ( public key) of that particular email in the DNS TXT record. The public key will then be used to validate whether the data in the email has remained unaltered, and hence check for authentication.

DMARC (Domain Message Authentication Reporting and Conformance) 

What are the benefits of DMARC? | Check DMARC - DMARC360

One of the most advanced methods implemented for email authentication is DMARC, which allows the receiver to know whether the received email is verified against the SPF and DKIM records. DMARC is a 21st-century tool which enables employees at organizations to detect spoofed emails going from their domain, independently.

DMARC is a comprehensive email authentication protocol, which keeps email domains secured by a step by step procedure for running a thorough scan on every aspect of the sender ID before the email lands in the receiver’s inbox.

How does it work?

After the email leaves the sender’s server, the SPF is verified via detailed checks run on the DNS records to match the sender’s email domain against all valid sources that the company can legally send emails via.

Furthermore, the assigned DKIM signature is also verified against the DNS records. Finally, the fate of the email depends upon the DMARC policy which can be set to “none”, “quarantine” and “ reject”.

In case of a none policy, the spoofed email lands in the inbox of the employee, in case of a quarantine policy the same is lodged into the spam box. If the DMARC policy is set to “reject”, the spoofed email is redirected into the trash bin.

A spoofed email is much more dangerous and harder to detect than a phished email since the email address in the former looks identical to the original email address. It is not possible for an employee to understand whether the received email is authentic or forged.

Therefore to gain protection from email spoofing and tackle phishing attacks, a well-rounded email authentication tool should be a part of your organization’s workplace security policy, to prevent emails from forged addresses from entering into your employees’ inboxes.


Benefits of Cloud Infrastructure Security

How is Cloud Infrastructure Security Important for an Organization?

Embracing new technologies lead to qualitative growth but simultaneously holds high chances of quantitative data breaches. While adopting cloud technology, it is important to see the security of cloud infrastructure as one of the crucial responsibilities. There are various organizations out there that are still unsure of the security of their data present in the cloud environment.

Importance of Cloud Computing for Large Scale IoT Solutions

In 2019, Collection #1, a massive data breach held responsible for compromising data set of over 770 million unique email addresses and 21 million unique passwords. The collection of data files was stored on a cloud storage service and MEGA. Similarly, information of over 108 million bets’ records was leaked by an online casino group. The leaked data included details of customers’ personal information along with deposits and withdrawals. 

Following in the same year, a famous food delivery service providing firm was breached, compromising the data of 4.9 million users which included consumers as well as delivery employees. According to SC Media, 2019 has been the year of the highest number of data breaches and this amount of growth rate has never been witnessed before. 

These infamous data breaches are proof that storage service providers like Cloud requires consistent security management. When we talk about the security of cloud infrastructure, many enterprises wrongly assume that their data is well guarded and is far away from the radar of cyber criminals. The truth is, these cyber criminals are experts at scraping up the exposed vulnerable data by using unethical ways to look for unsecured databases.

For starters, the term cloud computing infrastructure security refers to the entire infrastructure of cloud computing which involves a wide set of policies, applications, technologies. It also includes controls that are used to protect virtualized IP, services, applications and data.

Scaling enterprise IoT solutions using edge computing and the cloud | Deloitte Insights

With companies migrating their large amount of data and infrastructure to the cloud, the importance of cloud infrastructure security becomes paramount. Cloud security offers multiple levels of control to provide continuity and protection in a network infrastructure. It is a highly essential element in creating a resilient environment that works for companies all over the world.

Enjoy the benefits of infrastructure security in the cloud by partnering with leading technology-based private cloud computing security service providers in order to keep the security of the company smooth running.

Here are the five major benefits of cloud infrastructure security solutions:

  • Data Security

9 Data Security Best Practices For 2021

Nowadays, cloud computing servers are becoming gullible to data breaches. Cloud infrastructure security solutions help in ensuring that data like sensitive information and transaction is protected. This also helps in preventing the third party from tampering with the data being transmitted.

  • DDoS Protection 

DDoS Detection & Mitigation: Thunder TPS | A10 Networks

Distributed denial of service aka DDoS attacks are infamously rising and are deployed to flood the computer system with requests. As a result, the website slows down to load to a level where it starts crashing when the number of requests exceeds the limit of handling. To reduce the attempts of DDoS attacks, cloud computing security provides solutions that focus on the measures to stop bulk traffic that targets the company’s cloud servers.

  • Constant Support 

Teamwork puzzle clipart free clipart images 2 - Clipartix

When it comes to the best practices of cloud infrastructure security solutions, it offers consistent support and high availability to support the company’s assets. Users get to enjoy the benefit of 27/7 live monitoring all year-round. This live monitoring and constant support offer to secure data effortlessly.

  • Threat Detection

Threat Detection and Response: How to Stay Ahead of Advanced Threats.

Infrastructure security in the cloud offers advanced threat detection strategies such as endpoint scanning techniques for threats at the device level. The endpoint scanning enhances the security of devices that are accessing your network.

  • Supervision of Compliance

Compliance Supervision - FinTech Legal Center

In order to protect data, the entire infrastructure requires to be working under complaint regulations. Complaint secured cloud computing infrastructure helps in maintaining and managing the safety features of the cloud storage.

The above-mentioned points are clear enough to state how beneficial and vital is cloud infrastructure security for an organization. There are very many high-profile cases that have been witnessed in past years relating to data breaches.

To overcome the loopholes present in the infrastructure security in the cloud, it is extremely important to keep the security of cloud storage services as a high priority. Engage with the top-class cloud computing security tools to get better results and have the data secured.

Rising Web Application Attacks in India: A Concern

Web application attacks rise to account for almost half of all data breaches | The Daily Swig

Accelerating rate of cyber-attacks is no more an unfamiliar situation for us. Web application based cyber attacks are the most common. Akamai Technologies , a content delivery network, released a report in 2017 for quarter 3 which mentioned India at 7th position in the list of top 10 targeted nations for web application attack.

As per recent figures, i.e. for the data from 8th Nov 2018 to 15th Nov, 2018, India still continues to be among top 10 marked nations for web application based attacks.

Countries Attacks
Russia Federation 18,754,282
United States 15,512,265
Ukraine 5,176,643
Netherlands 3,606,021
India 2,724,440
Canada 2,101,396
Sweden 1,896,300
Germany 1,845,175
Bulgaria 1,538,136
United Kingdom 1,455,023

Source: Akamai Technologies State of the Internet Report

As per World Bank, the number of secured servers in India is 10,350 which, when put against 500 million internet users, is a clear indication of the need for better and secure infrastructure to be able to support the data surge.

The State of Web Application Vulnerabilities in 2017 | Imperva

Even at the earliest attempt, it will take a few years to remedy this problem. And still, it won’t guarantee an organizations’ safety. According to recent research, 75% of cyber attacks are web application based. Improper coding can stem serious concerns in web applications security. Such vulnerabilities allow attackers to gain direct access to servers to extract sensitive data from the database. In a framework where hackers have access to such sensitive data; with a bout of creativity and some human error, any web application can be susceptible to web attacks.

Preventing Web/Application Attack by Security Audit | Gsecurelabs

A web application can be secured by performing a vulnerability assessment and penetrating testing.  , Anteelo is an end-to-end cyber security firm provides a complete suite of manual and automated VAPT services.


error: Content is protected !!