These security breaches not only revealed the severe consequences that these attacks can have, but also alerted businesses to tighten up their security measures and take a more aggressive approach to security.
In the month of March 2017, The FBI indicted a group of 4 people responsible for the ‘spear-phishing email’ that was sent to a Yahoo employee. The hackers used social engineering techniques to access a high-ranking Yahoo employee to break into the systems. The breach allegedly affected around 3 billion accounts.
A recent victim of a data scraping breach in June of 2021, LinkedIn denied losing any private data of LinkedIn users, but later disclosed that 700 million LinkedIn profiles’ public information was exposed. The data mainly included phone numbers, locations, and social media details.
User data of millions, including phone numbers, Facebook IDs, account names were compromised in August 2019. The hackers got into Facebook systems by exploiting a feature that allowed users to be found using phone numbers. The consequences were so severe that CEO, Mark Zuckerberg, had to answer to Federal Investigators and pay a hefty penalty for compromising the privacy of the users.
In July 2021, US tech provider Kaseya was attacked by the REvil ransomware gang which resulted in affecting Kaseya’s supply chain. Around 800-1500 businesses worldwide were threatened as the attack hit roughly 50 managed servicer providers. The authorities and Kaseya officials managed to limit the damage and even apprehended the attackers.
Taiwan based computer manufacturer, Acer had received a ransom of USD 50 million from the ransomware gang, REvil. Consequently, the ransomware gang had uploaded confidential information such as financial records onto their website in the dark web. Though Acer reported it to the authorities, it is yet unclear if Acer paid the ransom to the attackers.
Colonial Pipeline Company
One of the largest fuel pipelines in the world had its fuel supply disrupted due to a ransomware attack. The ransomware had infected IT systems and forced the CPC to temporarily shut down. Through further hearings, it was revealed that CPC paid USD 4.4 Million to the attackers so that they could go back online as soon as possible.
The messenger app Telegram was hacked in September 2020, and the attackers gained access to email data of cryptocurrency businesses using Signaling System 7(SS7), which is primarily used to hacking mobile networks across the connected world. With previously compromised credentials, the attackers were able to use them and the 2FA codes to log in to the accounts of victims.
Even the social media platform and tech giant, Twitter, got attacked by Cyber-criminals, where they had hacked high profile Twitter accounts and composed fraudulent tweets seeking Bitcoin. They hacked into high-profile celebrities and public figures twitter accounts and sent out tweets requesting bitcoin. These tweets were quickly taken down, but they generated over USD 100,000 in a short span of time.
A cyber-criminal had gained access to the water distribution system of a city, Oldsmar, in Florida, and tried to increase the amount of sodium hydroxide (lye) in its water treatment system. Thankfully, a worker in the treatment plant noticed the abnormality and reversed what could have been a highly dangerous incident.
Many regulatory government bodies have been created to protect the interests of the people and the businesses from cyber security attacks. The European Union Agency for Cybersecurity (ENISA) contributes to EU cyber policy, enhances the trustworthiness of ICT products, services, and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow. This organization aims at achieving a high common level of cybersecurity everywhere.
Businesses need a dedicated and experienced team of certified security experts to keep up with the security challenges. Cyber criminals are quickly developing and improving their methods – and there’s no way for organizations to single-handedly stay on top of this rate of growth and pace of destructive innovation.
If you wish further information, or security consulting specific to your organization’s needs and goals – do not hesitate to reach out to Opsio.
#cybersecurity #cloudsecurity #cybercrime #cloud #secops