On the one hand, the increase in teleworking or home study, which has displaced millions of users from perimeter networks that are usually well protected to the most insecure home ones by default, has been a challenge, unnerved security managers, and has forced them to implement new policies.
On the other hand, as is often the case with large media issues, cybercriminals have used COVID-19 to carry out a large cyber pandemic campaign, to carry out all kinds of attacks including the typical collection of fake news and disinformation. There have also been direct attacks against companies responsible for vaccines.
Another point of interest has remained the data, pure gold in the current technological age. There has been no lack of information breaches and leaks in large and small companies, caused both by external cyberattacks and by undesirable practices of the same.
Regarding the types of attack, everything related to phishing continues to rise, although this year Ransomware has finished rising as the biggest cybersecurity threat in 2020.
10 worst cybersecurity incidents in 2020
We leave you with some of these events as a summary of the year. It is only a selection because these twelve months have gone a long way, confirming the long way we have to advance in terms of computer security.
SolarWinds, FireEye, and others [1]
We start with the last major event in 2020 because it ended up being one of the worst incidents of the year. At the beginning of December, FireEye, one of the largest cybersecurity companies on the planet, confirmed that it was the victim of an attack where internal tools used to perform penetration tests on other companies were stolen.
The US Cybersecurity and Infrastructure Agency published a newsletter advising security specialists to catch up on the incident as FireEye has clients around the world, including businesses and government agencies. It was suspected that behind the attack was the group of hackers known as APT29 or Cozy Bear, which is related to the Russian intelligence service.
Shortly thereafter, an even more serious incident was known connected to that of FireEye, which involved the technology company SolarWinds, which has as clients the majority of large companies on the Fortune 500 list, the top 10 telecommunications providers in the United States, the five branches of the United States military, the Department of State, the NSA and even the Office of the President of the United States.
It is believed that the attack was connected to the previous one and was carried out by the same group. The attackers would have infiltrated the agencies' systems undetected, altering the updates of the monitoring and control software "Orion" published by SolarWinds, in what is known as a "supply chain attack", hiding malicious code in updates legitimate software provided to targets by third parties.
Shortly after it became known that Microsoft, Cisco, Intel, and NVIDIA were other large companies that used compromised SolarWinds software. The case is extremely serious and is still under investigation.
Vaccines against COVID-19, a great goal [2]
Vaccine research and development has been the target of sustained cyberattacks since the beginning of the year, practically since the pandemic began in China. In June, IBM disclosed details of a similar phishing campaign targeting a German entity related to the procurement of personal protective equipment in China-based purchasing and supply chains.
In July, the United States National Security Agency, the Canadian cybersecurity authority, and the United Kingdom's Center for National Cybersecurity, alerted of cyberattacks against British scientists to quickly obtain the secrets of COVID-19 vaccines.
Western security agencies named the attackers and those responsible. APT29, a group of high-level hackers, well known in the field of cybersecurity with nicknames like "The Dukes" or "Cozy Bear" and linked to Russian intelligence, which according to the NSA would be behind the hacks.
In November, Microsoft said it detected cyberattacks by three nation-groups related to Russia (Fancy Bear) and North Korea (Hidden Cobra and Cerium) targeting pharmaceutical companies located in Canada, France, India, South Korea, and the US. Involved in vaccines at various stages of clinical trials.
More recently, a move by North Korean crackers was identified with attacks on the UK-based global pharmaceutical giant AstraZeneca, one of the most advanced. Vaccines against COVID-19 must end the global health (and economic) emergency and are obviously of enormous value.
Ransomware: the great threat in cybersecurity [3]
Ransomware was the main computer threat in 2020. And it's not that we weren't alerted. These types of cyberattacks are becoming more and more numerous, sophisticated, dangerous, and massive. And it is moving from the consumer segment to the business segment.
All reports suggest that cybercriminals are targeting companies, organizations, and governments. Since in 2017 we suffered WanaCryptor, a perfectly planned and structured attack whose objective was to achieve a massive infection worldwide by putting a good number of large companies in dozens of countries (some as important Spanish as Telefónica) on the ropes the list of victims has not stopped increasing.
This year we have had evidence (there may have been many more that we do not know) of some famous attacks. Perhaps most media was the Garmin. The company's global service outage pointed to this and we finally had official confirmation of the cause: a cyberattack by Ransomware brought down the Kansas company. The cause of the crisis was a targeted attack with the WastedLocker ransomware as the protagonist. Everything indicates (not proven) that the cybercriminal group Evil Corp, known for being responsible for the Dridex malware and for using this technique as part of their attacks, is behind the case and they have asked for a 10 million dollar "ransom" for release encryption. It seems that Garmin ended up paying.
Capcom, the famous Japanese video game developer and distributor, acknowledged another Ransomware attack in November that allowed attackers to steal confidential corporate documents, as well as confidential customer and employee information. During the attack, conducted with Ragnar Locker, the hackers gained access to the names, addresses, gender, phone numbers, email addresses, dates of birth, names of investors, number of shares and photos of clients, and another lot of the employees themselves.
The last of the big known attacks was Canon. On August 5, Canon USA sent a company-wide notification informing employees of "issues" in multiple applications, including computers and email that were not available. It was not until November that Canon publicly confirmed the ransomware attack (with Maze) and the security breach, at least 10 Tbytes of stolen private databases and data, which included the names of the employees, the social security number, the date of birth, driver's license number, government-issued identification, bank account number for Canon direct deposit, and your electronic signature.
No one escapes from this scourge and as we see, since its inception in consumption, Ransomware attacks are spreading to large companies and governments. In addition, if until now Ransomware used to have exclusively economic motivations producing high profits for attackers, lately it is expanding its objectives as a preferred method of introducing malware, as we saw with the NotPetya ransomware.
Passwords are still a big problem [4]
One more year, and more of the same. The insecurity of passwords is a never-ending story. We continue to breach all the basic rules for their creation and maintenance and despite repeated attempts to raise awareness, we make the same mistakes year after year.
The specialist NordPass published its annual report on the state of password security. It was made after analyzing more than 275 million passwords leaked in attacks in the last year. No week goes by without knowing a massive data breach and with it, millions of passwords are exposed.
The list of the worst is regrettable and is repeated year after year with old women known as "123456" (first place), "111111" (sixth), or "password" (fourth place). Of course, they are the ones to avoid at all costs since a hacker can obtain them in less than a second simply with a command that tests the most used.
Or using brute force attacks, words, number combinations, and other simple tests to achieve in a short time. This group includes others as insecure as "superman" (position 88) or "pokemon" (position 51). There is everything and in all fields, names like "Daniel" (77) or "Charlie" (96); "Myspace1" (80) or "computer" (116); "Soccer" (60) or "football" (73); "Chocolate" (114) or "cookie" (position 126).
Amazing? Well, no. We continue the same. And the problem is that passwords are the preferred authentication method for accessing Internet services or logging into operating systems, applications, games, and all kinds of machines until biometric systems are fully extended.
Phishing: we are still biting [5]
The phishing attacks are with those who employ Ransomware which has grown in recent times and lead any list of cybersecurity incidents in 2020. simple malware campaigns are performing, increasingly sophisticated and highly effective, since only it requires that a portion of the users fall for its "bait" and "bite" to obtain profitability.
Phishing attacks do not understand the platform, whether desktop or mobile, or target segment, consumer or business, and although it may seem incredible, we are still falling into the trap of these deceptions that use identity theft to steal information, money, install malware or take control of the attacked systems.
The rise in teleworking as a result of lockdowns to curb the COVID-19 pandemic has pulled millions of employees out of (generally better protected) business networks, and we've already seen previous reports showing a large increase in business mobile phishing.
Sophos Iberia has carried out a curious investigation in the framework of the celebration of the 8th Cybersecurity Month of the European Union that takes place during the month of October 2020 to find out which are the most effective baits. To do this, it has used the Sophos Phish Threat tool with which a company can install a simulator of automated phishing attacks to sensitize and educate its employees.
The Twitter hack was a trending topic [6]
The Twitter hack last summer was also heard. The origin was in an employee of the social network who would have received financial compensation for allowing the attackers to use certain administration tools that are only accessible to company personnel. And it would be in this way, through them, that the attackers would have managed to access all the accounts that were involved.
And there were hundreds of accounts compromised from both companies and very relevant personalities (from Barack Obama or Joe Biden to Jeff Bezos, Elon Musk and Bill Gates, through Apple and Uber, to give just a few examples) published a tweet in which they stated that All the money (in bitcoins) that they received in a certain digital wallet would be returned, but multiplied by two, to the people who had contributed. Yeah, that's right, if you sent Elon Musk one bitcoin, he would send you two.
Although there were no official figures (and I may never know them, because many victims will surely hide it out of shame), there is talk that they could have reached the $ 120,000 scammed by the authors of the Twitter hack. Nor has the list of all the affected accounts been made public and, although the social network is reporting on the event in the thread I mentioned before, the truth is that it is significantly limiting the conversation about it.
Regarding the measures adopted, in the face of the Twitter hack, those responsible chose, in the first instance, to block access to the compromised accounts, as well as to eliminate malicious tweets. They later extended the limitation of sending messages to all verified accounts, as well as other high-risk accounts. With regard to the scam itself, it was an excellent time to remind yourself of two things: that blind trust is a bad idea, and that no one sells four pesetas hard.
The leaked Windows XP source code was real [7]
The news of the supposed filtering of the source code of Windows XP and that of Windows Server 2003, was covered in half the world before the consequences that it could have in terms of computer security. Microsoft took several days to respond and did so with a cryptic message that did not clarify the situation.
A week later it was confirmed that the leak was real. Analysis of the leaked file revealed that the code was authentic in both cases and could be compiled. In the absence of an official response from Microsoft that will probably never arrive for obvious reasons, the leaked file has been downloaded by "bad guys" and "good guys" to try to verify its authenticity, along with a second package that has been shared at a good pace on the torrent networks and claiming to include MS-DOS, Windows 2000, CE, Embedded or NT source code.
Although some components such as winlogon.exe are missing, as well as drivers and help files, the Windows XP source code is authentic and can be compiled. As for the Windows Server 2003 code, it is even more complete than that of XP and some technicians have managed to create a viable installation of Windows Server by replacing some files such as the mentioned Winlogon.
Exposure of the source code is a potential security risk as the operating system is still in use in enterprises and some of that code is used in systems like Windows 7 and even other active systems like Windows 10 to support legacy components and other operations. internal to all Microsoft systems.
Email: 7 out of 10 threats arrive in this way [8]
Email is still the king of professional communications and, in view of the forecasts made by analysts, this will not change in the immediate future, we still have an email for a few years. This, of course, is also good news for cybercriminals, who have undoubtedly learned to get a lot out of it. So much so that, as we can see in the cyber threat report from the security company Check Point, today it is the main channel for disseminating threats.
Specifically, as we can see in the report, in the comparison between the web and email as dissemination vectors, email is made with a remarkable 68%, that is, almost seven out of ten threats arrive in this way, compared to 32% that originate from malicious web pages (or legitimate but have been successfully attacked and therefore include malicious elements). Seven out of ten, a fact to take into account.
There are several reasons for this: the first is that it is much easier to send a pathogen to thousands of email accounts than to create a legitimate-looking website, and then find a way to attract users to it. And let's not even talk about the work necessary to compromise the security of a legitimate website. Guided by the law of least effort, mass distribution of malware by email is probably the best choice.
The second, and also an important reason, is that there is still a lack of safety culture among users. It seems incredible but, in the middle of 2020, there are still many people who believe that a Slavic model who they do not know at all is going to send them risque photographs. Or that they will be able to buy an iPhone for one euro or ... well, the list is endless. The desire to believe that something is true is a common element exploited by cybercriminals. And if they continue to use it after many years, it is clear that it will be because it still works.
Unprotected devices and teleworking: 37 out of 100 [9]
There are numbers that are scary, and without a doubt, the volume of devices that companies have put in the hands of their workers so that they can work from home is among them, among those that are very, very scary. And it is that according to a study carried out by ManageEngine, the number of them rises up to 37%, that is, of every 100 devices with which workers are carrying out their professional tasks from home, 37 do not have the elements necessary to be able to connect to corporate resources in a secure way, or to protect the information that is managed in them.
To conduct this study, the company conducted a series of surveys of nearly 1,500 workers during the coronavirus pandemic. The choice of time, of course, is not accidental, we have been warning for a long time about the consequences of the hasty deployment of telework as a result of the coronavirus pandemic. A deployment that was essential, of course, but still to this day, has not been assured at the levels that would be necessary.
Among the numbers that we can see in the study, we read that 63% of respondents say that their organization has provided them with a device to use while working remotely. In other words, 37% of the devices that are accessing corporate services and infrastructures are not managed by IT managers and, therefore, completely escape their security policies. Here we undoubtedly have a security hole that must be remedied immediately.
On the other hand, we have the 37% already mentioned above, of devices delivered by companies but which, for whatever reason, have no security restrictions. It is probably due to the haste with which it has had to proceed at first. However, it is surprising that after a few weeks, or even a few months, this situation has not been remedied.
Hacked Coffee Makers: Has the IoT Got Out of Hand? [10]
Avast security researchers verified that the first models of the smart coffee maker from the British brand Smarter had multiple security problems, to the point that it is possible to remotely take control of it and start activating its functions, disable security filters, and so on. A threat that, in agreement, is not one of the most serious that we can face on a daily basis, but that can undoubtedly be unbearable and that extends to other devices of the Internet of Things.
The problem, according to the researchers, is that the connectivity of this coffee machine is quite insecure. When not connected to a wireless network, it creates its own, non-secure access point so that the owner can connect to it via smartphone and thus perform various configuration settings, such as connecting to a network or update your firmware. The access point, as you may have already imagined, is the Achilles heel of this coffee maker.
With the tests carried out, the researchers confirmed that this lack of security, added to how easy it was to create a malicious version of the firmware, allows you to hijack the device and ask for a ransom for releasing it (if you have spent more than 200 euros on a coffee maker, you are likely to agree to pay a ransom of, I don't know, let's say 25 euros) to put him to mine any cryptocurrency. It will not be very efficient for this purpose, given its low computing power, but it is possible.
For many years we have been talking about IoT and, unfortunately, its lack of security. Mozi is a great example, responsible for around 90% of malicious network traffic from IoT devices detected by X-Force (IBM's cybersecurity unit) between October 2019 and June 2020.
It is urgent, really urgent, that both the manufacturers of IoT devices and those responsible for the deployment of infrastructures based on them stop treating security as a secondary aspect and, instead, place it at the epicenter of such activities. Otherwise, if botnets like Mozi can continue to grow at this rate, we will reach a point where the Internet of Things will be so, so insecure, that ultimately no one will want to use it.
We stopped here the selection because we could put a few dozen more incidents from this year. Also, take care of virtual viruses and if you are interested in this world, be sure to visit our blog.
0 Comments