The different types of data breaches that featured during 2020 were outlined by Verizon in their annual Data Breach Investigations Report. Commenting on the main findings from the report, Ralitsa Miteva, Business Solutions Manager, Fraud Detection and Prevention at OneSpan,told Digital Journal: “As identified in the report, attacks continue to become more sophisticated and we are seeing a huge increase in organised crime targeting larger organisations. We are seeing these organised crime groups seek skilled professionals and technology to ensure faster monetisation of the stolen data via phishing attacks.”
In terms of the detail, Miteva added: “Phishing remains the most preferred method for attackers when it comes to stealing credentials.”
To illustrate the types of cybersecurity incidents and to see what 2021 has in store, Digital Journal looks back at three major cyber-issues from the last quarter of 2020.
Hospitals and schools
In the U.S. hospitals and schools were a major target in 2020. As an example, in December 2020, Baltimore County Schools was closed due to a ransomware attack. Online classes for 115,000 students were disrupted as a result of what school officials called a “catastrophic attack on our technology system.”
According to Paul Keely, general manager of the Born in the Cloud business unit at Open Systems, the preeminent networking and cybersecurity provider for the enterprise cloud: “The Baltimore County Schools events highlight that you must expect – and prepare for – cyberattacks. One safeguard is through Managed detection and response providers who monitor the environment, using all relevant data to accurately identify threats.”
Online platforms
As an example of an online platform being hit, in November 2020 it was reported by ZDnet that a hacker leaked the user data of event management app Peatix. in all more than 4.2 million user accounts were made available for download online. The data was made available through ads posted via Instagram stories.
Commenting on this story for Digital Jouenal was Robert Prigge, CEO of Jumio. Prigge said: “The data leak containing millions of Peatix usernames, emails, and hashed passwords, puts these victims around the world at risk for fraud and account takeover. Threat actors can decipher hashed passwords and leverage bots and credential stuffing to try these login credentials across thousands of websites (including banking portals, social media accounts, healthcare sites and more) in search of an opening. Peatix’s response to reset passwords is simply not enough to keep their 4.2 million user accounts protected.”
Video gaming
Capcom, a Japanese videogame maker, confirmed a data breach following a recent ransomware attack during October 2020. The breach resulted in stolen information from approximately 350,000 customers. Additionally, the hackers stole current and former employee data such as names, addresses, dates of birth, and photos, as well as confidential corporate documents which held information on business partners, sales, and development. The ransomware group behind the attack posted the stolen information on their website, with a message stating that Capcom did not pay the requested ransom price.
Commenting on this incident for Digital Journal was Rene Paap, Senior Product Marketing Manager at Pulse Secure. Paap notes: “Hackers obtained illegal access to Capcom’s internal network and retrieved private data like addresses, photos, phone numbers, and birth dates of customers and employees. Additionally, confidential corporate documents on business partners and company sales were also exposed.”
As a safeguard, Paap recommends that: “Organizations must adapt to the evolving threat landscape with a more vigilant security approach to stay ahead of the attack curve. Network Access Control (NAC) solutions give organizations complete control over which network access privileges are assigned to each user or role. NAC enables Zero Trust access controls to limit an organization’s risk when endpoints are compromised, in addition to essential features such as endpoint and user visibility and automated threat mitigation.”
Outlook for 2021
The outlook for 2021 is a little bleak, according to Rich Waldron, CEO and co-founder of low-code automation company Tray.io. This is due to the continued coronavirus pandemic. This means more personal data being available on-line: “Due to coronavirus testing, quarantine programs, and contact tracing efforts, organizations are actively collecting more personal health data than ever before. What’s more, organizations might not have the appropriate infrastructure and processes to support that data, and ensure it remains private and in compliance with regulations.”
Despite the issue, Waldron predicts that: “CIOs will feel growing pressure to adopt technology that allows organizations to not only take full control of mission-critical data, but also enables that data to flow freely and securely while protecting employee and hiring candidate privacy.”
