Your Top Five Cyber Risks in Five Clicks with the Free Cyber Risk Analysis

FREE RISK ANALYSIS
Request Demo

Top 5 Cyber Events 2023

down-arrow

2020 brought a lot of unforeseen circumstances with it. A lot has happened between the rampant risk in cyber attacks across the digital landscape to the COVID-19 pandemic affecting every aspect of life. We have compiled a list of what we believe are the top cyber events of 2020 in emerging risk areas.

The need for organizations to gain visibility into their cyber posture has become more critical than ever. As workforces globally have shifted towards virtualization of the workplace, management, and other challenges, cyber threats have multiplied across industries. Organizations have a greater responsibility than ever before to protect citizens, industries, and themselves from cyber threats.

Top Cyber Attacks of 2023

Twitter | July | Social Engineering

Bad Actors used a phone spear-phishing attack to invade an organization’s internal network and employee credentials to access internal support tools. With these tools, hackers targeted 130 Twitter accounts and were able to post tweets, intercept DMs in private inboxes, and download sensitive data. The accounts included Apple, Uber, Bill Gates, Jeff Bezos, Warren Buffet, Kanye West, and many others. Fortunately, the perpetrators were caught, but not at the expense of reputational and financial damage.

We can conclude that using digital risk management to govern social media can help mitigate the potential risks associated with a hack. While it may sound rudimentary, taking simple steps like enabling two-factor authentication and enacting policies that prevent employees from using work computers for personal business can go a long way toward protecting an organization. Saving organizations face and retain confidence with clients, and the public should a data breach occur with their social media channels.

Marriott | January-February | Phishing

Bad actors were able to hack into an application that hotels operated and franchised under Mariott’s brand. They were able to compromise two employees' login credentials, and it is suspected these hackers gained access to names, birthdates, telephone numbers, language preferences, and loyalty account numbers.

By securing these hotels’ networks and applications, mitigating this risk should have been possible. Keeping strong, complex passwords and establishing organizational rules for using applications over the network could have almost entirely prevented this security breach.

Zoom | April | Password Stuffing & Zoombombing

Over 500,000 Zoom account credentials were deposited onto dark web forums, many of which were given away for free or as low as a penny each. Since the pandemic, Zoom has exploded as teams have transitioned to working at home. This has given rise to the trolling activity of Zoombombing and has made Zoom a ripe target for bad actors looking to cause trouble. Often these activities go online in the hope of becoming a viral sensation. At best, they function to draw time and resources away from organizations. At their worst, they can be used to take sensitive data and information on organizations and their employees.

Zoom has been rolling out security updates to counter these security incidents and offers the ability to password-protect calls that may be easily accessible using a link. Organizations can help mitigate these kinds of risks by keeping their software up to date and using passwords to protect their conferences and waiting rooms to authenticate visitors joining their Zoom calls.

Magellan Health | April | Ransomware

Magellan Health was reportedly the victim of a cyber attack in which hackers exfiltrated data before deploying a ransomware payload. This attack resulted in over 365,00 being impacted.

This attack was an elaborate social engineering phishing scheme where actors impersonated a Magellan client and gained access to the system five days before initiating a ransomware attack. The malware attack could steal employees’ credentials and patient data, including health insurance account data and treatment information.

This attack could have been mitigated if Magellan had taken better steps toward authenticating and verifying the client being impersonated. Unfortunately, user error and lack of training remain among the most common catalysts for cybersecurity incidents.

Finastra | March | Ransomware (Ryuk)

In March, the world’s third-largest fintech software provider, Finastra, found itself the victim of Ryuk Ransomware. It's suspected they were using an unpatched Pulse Secure VPN, which is vulnerable to CVE-2019-11510. This vulnerability was found to have severe security issues that allow hackers to write arbitrary files to the host. Although it is not known if Finastra was breached through this vulnerability, they did not pay the ransom.

If Finastra had been breached using CVE-2019-11510, simply using an up-to-date VPN could have mitigated this cyber risk. Additionally, organizations have found success in detecting Ryuk using machine learning in tandem with their vulnerability scanning practices.

Utilizing an integrated risk management solution can help provide organization-wide visibility and guidance to reduce risks like many of these organizations have fallen victim to in 2020. If you would like to learn more, be sure to watch one of our webinars, Top Cyber Events of 2020 with Principal Solutions Architect Steve Torino, as he discusses in depth the consequences of these events, how they could have been prevented, and how organizations can adjust to prevent themselves from repeating the same mistakes.

You may also like

How to Streamline Your ...
on December 24, 2024

Many industry regulations require or promote cybersecurity risk assessments to bolster incident response, but what is a cybersecurity risk assessment? For example, cyber risk ...

Alison Furneaux
CISO Reporting Structure ...
on December 23, 2024

The Changing Landscape of CISO Reporting The Chief Information Security Officer (CISO) role has evolved dramatically in recent years. Traditionally reporting to the Chief ...

How to Leverage the FAIR Model ...
on December 19, 2024

In light of the Colonial Pipeline cyberattack, measuring risk is on everyone’s minds. However, quantifying risk is often not easy. So many factors go into determining and ...

Kyndall Elliott
How to Effectively Communicate Top ...
on December 9, 2024

Effective cybersecurity reporting is more important than ever for CISOs, CIOs, and other security leaders in today's complex threat landscape. Reporting isn’t just about sharing ...

November Product Update
on November 27, 2024

The CyberSaint team has been working hard to deliver the latest updates to streamline and improve our customers’ user experience and address their top-of-mind challenges. We’re ...

Putting the “R” back in GRC - ...
on December 5, 2024

Cyber GRC (Governance, Risk, and Compliance) tools help organizations manage and streamline their cybersecurity, risk management, and compliance processes. These tools integrate ...