What can we learn from 3 of the biggest data breaches of 2020?

• Cybercrime was estimated to have cost the world US$6 trillion last year
• IBM revealed the most expensive data breaches of the past year were the result of compromised employee credentials

Cybercriminals are always looking for their next opportunity to strike, and the pandemic provided them with one too many possibilities.

Given that many businesses were forced out of their offices, cybersecurity measures were unintentionally sidelined as networks hastily moved with employees home – where many are still based. With workers left to their own security devices, millions of employees were left unequipped to deal with bad actors looking for gaps. While very hard and expensive lessons were learned, many are still working without adequate cyber protections.

2020 was a landmark year in terms of cyberattacks. Estimates indicate that more data records had been breached in the first six months of 2020 alone than any other year on record. 

Cybersecurity Ventures estimated that cybercrime cost the world US$6 trillion annually last year, up from US$3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.

Twitter, Zoom, and the US elections cyberattacks

In July last year, the Twitter accounts of some of the most well-known public figures were compromised as part of an apparent bitcoin scam. Combined, the number of followers of the breached accounts reached nearly 330 million people. 

The scammers received over 400 payments in bitcoin, with a total value of US$121,000, according to an analysis of the Bitcoin blockchain performed by Elliptic, a cryptocurrency compliance firm. Elliptic co-founder Tom Robinson said it’s a low sum for what appears to be a historic hack that Twitter said involved an insider.

Presumably, many of these accounts are protected by two-factor authentication and strong passwords but the fact that they were all posting the scam suggested that the attackers had access to some kind of internal Twitter tool to bypass that security. Fair enough, Twitter confirmed that was the case later that evening. Twitter said it has strengthened its internal security and invested in new tools and training for employees and contractors.

As for the company that was unprepared to become the world’s default meeting host in a global pandemic, Zoom had several cybersecurity troubles to wrap up its unprecedented year.

In April 2020, half a million Zoom passwords were found being sold on the dark web. Hackers collected these passwords through credential stuffing and then packaged the successfully compromised accounts into a new database.

The size of this collection doesn’t speak well of Zoom’s security as CPO Magazine reported, “the sheer number of Zoom accounts that were compromised in this way indicates that the video conferencing service has not been checking registered usernames and passwords against lists of known breached account credentials.”

In the case of the credential stuffing attacks, hackers used sophisticated bots to get around Zoom’s brute force protections, testing stolen credentials until they found matches.

Above all, with the biggest voter turnout on record and the States’ most controversial President attacking the integrity of the US democratic system, cybercriminals took advantage of society’s concerns at an unprecedented time. Federal authorities revealed that active Russian cyberattacks were targeting a wide swath of American government networks, including those involved with the ongoing election.

Lessons for businesses

IBM’s 2020 Cost of a Data Breach Report found that the most expensive data breaches of the past year were the result of compromised employee credentials. Hence, a critical yet basic security control would be to ensure that access to your sensitive data is restricted to only the necessary individuals. 

In terms of protection against sophisticated social engineering attacks like spear-phishing, a multi-factor authentication (MFA) is vital alongside ongoing training and testing for employees on how to guard against attacks.

As for attacks like Zoom’s, the University of Toronto’s Citizen Lab issued a report warning that complacency could lead to serious fallout. “The rapid uptake of teleconference platforms such as Zoom, without proper vetting, potentially puts trade secrets, state secrets, and human rights defenders at risk. Companies and individuals might erroneously assume that because a company is publicly listed or is a major household name, that this means the app is designed using security best practices”.

Meanwhile, experts suggested that regularly patching your software would help to protect against the latest versions of ransomware.