What We’ve Learned from The Biggest Cyber Attacks of 2019
Cyberattacks are certainly not a new phenomenon, but in 2019 there was a large upswing in attacks, representing an increase of 300%. This has come about due to a variety of factors, chief among them the advancing age of IT structures and firmware, as well as the increasing prevalence of IoT. The increase in the number of attacks is of concern, but even more so is the number of attacks on systems that have been considered impossible to breach, such as Apple’s iOS.
By far, the most enticing targets are those organizations and businesses that are especially dependent on large volumes of data, such as those in the healthcare and financial sectors, as well as insurance companies, retail businesses, and the government.
Phishing scams remain the most common type of cyberattack. These scams take the form of emails and websites designed to entice victims to provide information. Efforts have been made to educate users about this type of scam, warning against clicking on unfamiliar links and suspicious emails, but the danger remains and continues to grow.
With the ever-growing threat of cyberattack, let’s look at some of the biggest ones of 2019 in order to see what we can learn about how to protect ourselves.
The American Medical Collection Agency
From the beginning of August 2018 until the end of March 2019, the AMCA, which serves as the billing service vendor for the healthcare industry, found itself exposed to hackers. Approximately a dozen of their B2B customers revealed that their data had been exposed. It is unclear exactly how many people were affected by this breach, but it is in the range of 25 million.
Being part of the medical industry, the information that was compromised included personal data, medical information, Social Security numbers, and financial information. As a result, the parent company of AMCA filed bankruptcy with several others under investigation and facing lawsuits.
Citrix Systems Inc.
Like AMCA, the exact number of those affected in the Citrix data breach is not known, although this multinational software company provides services to approximately 400,000 companies. They also serve several global organizations. As such, the potential number of victims is quite high.
Discovered in March 2019, the breach had left them exposed for roughly six months, beginning mid-October 2018. The ensuing investigation revealed that the compromised data may have included names, Social Security numbers, and extensive financial information relating to employees, beneficiaries, and dependents.
It is believed that the hackers gained access through “password spraying,” which is a tactic that involves scanning systems and breaking in using common passwords. The lesson learned from this is to protect oneself by using unique, strong passwords.
In July 2019, Capital One was hacked by a former Amazon employee, resulting in one of the largest-ever hacks of a financial institution, resulting in the theft of Social Security numbers, credit scores, account transactions, and more. Fortunately, credit card numbers were not included in the stolen data.
The alleged hacker, Paige Thompson, not only made little attempt to obfuscate her activities, she seemed to actively publicize them. If convicted, she may face up to 25 years in prison.
Facebook has been having a rough time.
After a significant scandal in 2018 from which they were still recovering, Facebook announced in April of 2019 that more than 540 million records had been posted publicly on Amazon’s cloud computing services. These records, posted in plain text, were left in plain sight for all to see.
Facebook moved to ensure that new security measures were put into place, but despite this, 419 million records were discovered as being completely unprotected by even so much as a password. This data included unique Facebook IDs and phone numbers. This raises the possibility of increased spam calls, as well as SIM-swapping attacks on user smartphones, which is a method used to trick cell carriers to transfer phone numbers directly to hackers.
May 2019 marks when the second-largest data breach in history may have occurred, as First American was hacked. The real estate title insurance company had nearly 900 million of their records compromised. Only the 2013 hack of Yahoo!, affecting 3 billion accounts, was larger.
The First American breach involved mortgage data reaching as far back as 2003, as well as personal information, driver’s licenses, Social Security numbers, bank account numbers, and other information. Interestingly, this leak was discovered by accident rather than through the efforts of security experts, when a real estate developer named Ben Shoval discovered he could access sensitive information by changing a single digit in the URL.
Unfortunately, when Shoval first made this discovery, he reported it to First American, which ignored the danger. He then brought the information to an investigative reporter named Brian Krebs, who specialized in cybercrime.
As cyberattacks grow more frequent and more damaging, the need for proper protective measures becomes increasingly obvious. It is urgent that employees be properly trained in recognizing threats such as ransomware attacks and phishing scams. Simple awareness and the implementation of security best practices go a long way toward reducing the risks to your business.
For the ultimate protection, contact Safe Harbour.