Hoping for a miracle: the worst cybersecurity tactic ever
2020 was a year of many challenges — and a rise in security breaches was one of them. After all, criminals are usually the ones to exploit the vulnerabilities of others. Both huge companies and individual users have suffered from devastating cyberattacks.
The main trend of the year is ransomware. Every week the companies reported being blackmailed by hackers after their files and systems had been encrypted, paralyzed or stolen. The organizations that fell prey to the 11 biggest ransomware attacks have spent $144.2 million on the investigation, system repair, ransom and implementing new protective solutions.
The amount of compromised accounts is striking. Only one hacker group called Shiny Hunters have published hundreds of millions of breached accounts for open access. And every one of them can become a gateway to more attacks.
On a positive note
But winter holidays are meant to be celebrated with smiles, so today we’ve gathered some funny stories involving hackers!
A tech entrepreneur and billionaire Sean Parker was caught by the FBI when he was trying to hack into the network of a Fortune 500 company at the age of 16. This happened because he couldn’t log out after his father had confiscated his computer keyboard which led to IP address exposure.
Two Americans won a lawsuit and kept half a million dollars after exploiting a vulnerability of an online poker website. The defense lawyer claimed they didn’t break any law by merely pressing a sequence of keys, and got their charges dropped.
An American hacker that was sentenced to five years’ incarceration, signed up for IT courses in jail which resulted in him hacking the mainframe of the prison.
Pranksters hacked the San Francisco electronic traffic signs and put the warning “Godzilla Attack – Turn Back”. Hopefully, there were no accidents connected with the Godzilla-related panic among drivers that day.
Interestingly enough, hackers had existed even before computers were invented. Telegraph is sometimes called “The Victorian Internet”. People used it to communicate, meet each other, send spam and even commit fraud. In 1903, the inventor Guglielmo Marconi wanted to demonstrate to the public his new wireless system that can send messages securely over a long distance. However, his long-time rival and business competitor Nevil Maskelyne hacked the signal and made the device spell an insulting limerick.
Time of wonders
Also, Christmas is the time of good deeds. Fortunately, there are white-hat hackers that help companies discover their vulnerabilities, and earn great sums of money for that! For example, Cosmin Iordache has set a record on the vulnerability coordination and bug bounty program HackerOne by earning a $2,000,000 in bounty award.
Since the launch of this platform, white-hat hackers have found about 170,000 security bugs and earned more than $100,000,000 in rewards.
Not all records are good
Unfortunately, the vulnerabilities don’t always get eliminated on time. And even digital market leaders repeat the same mistakes, over and over again, which puts not only their assets in danger but also negatively impacts their customers.
In December, an American software company SolarWinds suffered a breach that some experts call the biggest incident of the year. The hackers have infiltrated their network monitoring software called Orion to access the networks of their clients. The victims include government, military, intelligence, consulting, technological, communication and mining organization in North America, Asia and Middle East. The list of the compromised organizations includes the US Department of State, Department of Homeland Security, The Pentagon, The Treasury Department, National Institutes of Health and such companies as Microsoft and FireEye.
Orion is usually used for monitoring large networks including servers, workstations, mobile phones and IoT devices. Microsoft, FireEye and Cybersecurity Division of the US Department of Homeland Security have already issued indicators of compromise and guidelines on managing the infected networks.
About 33 000 out of 300 000 of SolarWinds clients around the world have been using Orion. According to the company, around 18 000 clients have been running the compromised version of the software.
Security advisor Ian Thornton-Trump told the media that he has warned the company management about such vulnerabilities 3 years ago and offered a plan to patch them, but his advice was ignored. He also recommended them to appoint a security director and insisted that “the survival of the company depends on an internal commitment to security.” He soon chose to terminate his work for the company, because he believed that a major breach was inevitable, according to Bloomberg.
2020 was challenging in many ways. One thing can’t be more clear — a careless approach to security can bring serious harm to organizations and individual users. There are no shortcuts or narrow escapes. The only way to protect oneself is to use high-quality and regularly updated solutions. Breach Report is always ready to help you with this.
We wish you a wonderful and safe year ahead!