The rapid digital transformation of business has increased the risk of cyberattacks manifold. Due to the COVID-19 pandemic and companies moving to WFH and omnichannel, there was a tremendous increase in cybersecurity violations rising to more than 445 million in 2020.
It is reported that in the first half of 2020, attacks on IoT devices increased by three times compared to previous years. 94 per cent of malware are sent through emails, and more than 80 per cent of accounts reported cyber-attacks through phishing resulting in the loss of $17,700 every minute.
Let’s look at some of the attacks that shook IT, giants, during the pandemic.
World Health Organisation (WHO)
One of the most shocking cyberattacks of 2020 was faced by WHO when it was focussed on fighting COVID-19. On April 9th, 2020, around 25,000 email addresses and passwords of WHO staff members were leaked online. It is reported that the victims included frontline health workers devoted to fighting and containing the pandemic, the National Institute of Health (NIH), the US Center for Disease Control & Prevention (CDC) and the Gates Foundation. Later the WHO confirmed the data leak and announced that the leak was not recent and thus, it did not impact the organisation.
Also Read: Inside Google Deepmind
Zoom became one of the most popular video conferencing applications. However, the app also gained negative publicity because of security concerns. In April, Zoom video calling software became the victim of Zoom bombing. A phenomenon where a hacker could easily join private meetings, read personal messages and even share offensive images on the screen. The company later upgraded its application on iOS to stop sharing user information to Facebook and eventually improved security for meetings.
Tech giant Microsoft announced a data breach in its customer database in January 2020. Over 250 million records and logs of conversations between Microsoft support agents and customers between 2005 to December 2019 were leaked. Consumer-based website, Comparitech, informed the organisation about the data leak and added that the same data was accessible on five Elasticsearch servers.
Microsoft did not disclose how significant the data breach was and what type of data was leaked but assured to send an email notification to users whose data was compromised.
Japanese camera giant Canon suffered a Maze Ransomware Attack in August 2020. The company confirmed the cyber attack had resulted in the theft of 10 Terrabytes of company data and disrupted multiple applications.
Later after the investigation, the company announced no image leak but, the video and images saved prior to June were lost. Canon’s IT centre informed its employees about widespread system issues affecting multiple applications, but they did not mention the reason for the glitch.
Also Read: The AI Trends for 2021
The University of Utah
In August 2020, The University of Utah paid almost half a million dollars to an unknown entity that hacked its computer servers. The servers were reported to have stored information of students, staff and faculty of the College of Social and Behavioral Science. Police informed that no tuition fee, grants or donation were used to pay the ransom. The ransom attackers involved that hack and steal data and had already encrypted 0.02 per cent of data before the US Information Security Office detected it.
The hotel chain across the globe experienced a data breach in March 2020, which impacted around 5.2 million hotel guests. According to the hotel chain, the hackers might have accessed the guest information via two Marriott employees. The stolen data includes guests’ personal details such as telephones, date of birth, loyalty account number, and more. The hotel chain launched a program to track the details of the customers whose data must have been stolen and contacted guests whose details might have been exposed.
Whisper launched its secret-sharing app for its users to share photos and videos anonymously. However, the app was a fail in maintaining the secrets of its users. In March 2020, millions of users’ data were exposed that included nicknames, stated age, ethnicity, and membership. Considering the app was designed to share secrets, the data also had personal confessions and desires. It is reported that around 1.3 million users listed their age as 15. When questioned why the information was not protected with passwords, Whisper claimed that it was not designed to be queried directly. The information was intended for only the users of the platform.
In December 2020 a data breach notification was sent to the Defense Information Systems Agency employees. It confirmed the data leak of employee’s details such as social security numbers and asked them to report if they doubted identity theft. The DISA employs around 8,000 employees, including military and civilians and offered free credit monitoring to all the impacted. The Department of Defense (DOD) did not disclose any details of the data breach; however, they also added no evidence of data misuse.
The University of California confirmed a criminal cyber-attack in June 2020. The cybercriminal was able to access the data using malware that encrypted multiple servers. A ransom amount of $3 million was demanded by hackers. However, the amount was negotiated, and the university paid $1.14 million. The university later announced that no data was misused.