In 2020, the way we work and live changed beyond recognition – everything and everyone went online. Almost everything is different now – the way we do shopping, or conduct relationships, or work. And the same changes happened in the Cybersecurity field.
This new normality created numerous challenges for most organizations, requiring them to react rapidly and make changes instantly to adapt.
Here’s what happened in 2020…
Zoom security incidents
Since Zoom application in a fraction of a second became one of the top tools for video conferences worldwide, cybercriminals targeted its users many times throughout last year. In April, New York City public schools moved to ban Zoom meetings, and other school systems did the same, although New York lifted the Zoom ban in May. Here are a few reasons for such measures:
Threatpost reported, that scammers are trying to steal Zoom users’ usernames and passwords via phishing emails and text messages.
Zoom rolled out the real End-to-end encryption feature only in late October while experiencing a lot of cybersecurity issues before bringing it to life earlier in 2020.
Zoom meeting recordings could be easily found online. It’s not Zoom’s fault to be honest, because it’s up to the host to decide whether to record a conference and where it would be stored then. Also, Zoom can’t make hosts change the meeting filename before saving it.
So, conference recordings could be found online mostly because hosts didn’t change their filenames, leaving the standard Zoom’s names.
Cybercriminals created thousands of Zoom-related domains to steal users’ credentials, according to the Check Point.
This list could go on, still, Zoom remains one of the most used tools for online communications today.
Avon (the cosmetics company) faced a ransomware attack
The world-known cosmetics brand suffered from an alleged ransomware attack ‘after inadvertently leaving a Microsoft Azure server exposed to the public internet without password protection or encryption.’
That vulnerability meant that anybody who possessed the server’s IP address could have accessed an open database of information.
Belgian student hacked Tesla with Raspberry Pi
Ph.D. student Lennert Wouters of the University of Leuven’s Computer Security and Industrial Cryptography research group, identified a serious vulnerability in the Model X keyless entry system.
Lennert Wouters bypassed this process using a self-made device built from a Raspberry Pi, a modified key fob and engine control unit from a salvaged Model X, and other components.
Tesla rapidly reacted and rolled out an over-the-air patch for its Model X vehicles after this incident.
Misconfigured AWS buckets implicated in multiple data leaks
Noah Rotem and Ran Locar, researchers at vpnMentor, uncovered information such as passport scans, tax documents, background checks, job applications, expense claims, contracts, emails, and salary details relating to thousands of consultants working in the UK.
That happened because of the misconfigured Amazon Simple Storage Service (S3) bucket storage. Amazon S3 buckets are private by default, and apparently, this was misconfigured.
The biggest digital privacy class-action lawsuit ever filed against Oracle and Salesforce
The privacy campaigner and data protection specialist Rebecca Rumbul, who filed the suit, ‘is seeking damages that have been estimated in excess of £10bn, which could conceivably lead to awards of £500 for every internet user in the UK.’
Slack webhook phishing with Slack apps
According to AT&T’s Alien Labs, a vulnerability in cloud-native messaging service Slack could leave meetings open to disruption by malicious actors.
Slack Incoming Webhooks allow users to post messages from their applications to Slack. By specifying a unique URL, your message body, and a destination channel, you can send a message to any webhook that you know the URL for in any workspace, regardless of membership.
Alien Labs discovered the process of Slack webhook phishing with Slack apps, outlined the attack variants, and suggested the mitigation tactics.
Qualcomm chip vulnerability put millions of smartphones at risk of compromise by cybercriminals
Check Point uncovered vulnerabilities for smartphone devices from the likes of Google, LG, OnePlus, Samsung, and Xiaomi: 400 vulnerable code sections were uncovered on Qualcomm’s Snapdragon digital signal processor chip, which runs on over 40% of the global Android estate.
Check Point said, ‘said that to exploit the vulnerabilities, a malicious actor would merely need to convince their target to install a simple, benign application with no permissions at all.’
2020 cyber-attacks trends
According to the Check Point report, there were 4 trends in cyber attacks in 2020:
Ransomware actors have adopted a new strategy; in addition to making the victim’s files inaccessible, they now exfiltrate large quantities of data prior to its encryption in the final stage of the attack. Victims who refuse payment demands find their most sensitive data publicly displayed on dedicated websites.
Nation-state cyber activity has seen a surge in intensity and escalation in severity. In times when traditional tactics to gather intelligence and knowledge are no longer feasible due to social distancing, the use of offensive cyber weapons to support national missions appears to have expanded. The goal may be a better understanding of the Coronavirus or securing intelligence operations, and countries and industries are the targets.
Threat actors have been seeking new infection vectors in the mobile world, changing and improving their techniques to avoid detection in places such as the official application stores. In one innovative attack, threat actors used a large international corporation’s Mobile Device Management (MDM) system to distribute malware to more than 75% of its managed mobile devices.
Industries were required to make rapid infrastructure adjustments to secure their production when working remotely. In many cases, this would not have been possible without cloud technologies. However, it also exposed more misconfigured or simply unprotected assets to the internet. Also, for the first time, alarming vulnerabilities were revealed in Microsoft Azure infrastructure that could enable invaders to escape VM infrastructure and compromise other customers.