If anyone has benefitted from the pandemic, it has been cyber attackers. As businesses expanded their investment in cloud resources and other IT resources in response to the pandemic, cyberattacks also dramatically increased. Businesses reported 445 million cyberattack incidents in 2020, double the rate for 2019.
It didn’t have to be this way. With stronger threat intelligence solutions in place, many of the security incidents of 2020 could likely have been averted.
To prove the point, here’s a look at some of the most significant cybersecurity breaches of 2020, and how security teams could have prevented or mitigated them.
SolarWinds supply-chain attack
The SolarWinds attack that was reported in 2020 may well prove to be not just the biggest breach of 2020, but of the entire decade. That’s due both to the sophistication of the attack, which involved planting malware deep inside an enterprise software platform, and its scope, which extended to thousands of companies that use the affected software.
Although threat intelligence alone may not have been enough to prevent a complex attack like this one, which was probably carried out by nation-state actors, stronger awareness of what was happening on the dark web may have provided earlier warnings about the threat. In turn, organizations could have acted faster to protect their assets and minimize their exposure to the breach.
Marriott International data breach
2020 was a bad year for the hospitality industry in general, but it was especially rough for Marriott International, the hotel enterprise. In February, the company suffered a breach that exposed the records of 5.2 million guests. This came on the heels of a similar incident at the organization that was reported the previous year.
In the 2020 breach, attackers used the credentials of two employees from one of the hotel chain’s franchises to access customer data from hotels across the chain. This was a case of a minor security compromise — one involving just a couple of user accounts — turning into a massive breach.
Had the chain had stronger cybersecurity threat intelligence in place, it likely could have detected the vulnerability of the employees’ access credentials. It might also have been able to implement a stronger security posture to ensure that just two users’ credentials couldn’t be used to access data for millions of customers.
World Health Organization targeted
Early in the pandemic, the World Health Organization became the target of attackers, who exposed passwords and possibly gained access to other sensitive data.
Although no massive breaches are known to have resulted from the WHO attacks, the incident is a reminder of how important it is to combine threat intelligence across domains with business context, as well as educate users in security best practices. With better threat intelligence, even the minor password leaks from the WHO could have been prevented.
Zoom password leak
Attackers stole 500,000 Zoom passwords in April, just as millions of users were becoming dependent on the platform to work amid the pandemic. The breach was made possible by users who reused passwords from other services when they signed up for Zoom.
Here, cybersecurity threat intelligence could have helped organizations detect instances where employees reuse passwords across multiple platforms, which is never a best practice. It would also have helped companies respond to the Zoom breach by making sure their Zoom accounts’ passwords were updated, and optionally enabling multi-factor authentication (MFA) to add another layer of authentication security.
Twitter account breach
The compromise of several high-profile Twitter accounts in July 2020 is a reminder of how important it is for businesses to integrate threat intelligence into their social media strategies.
The accounts appear to have been compromised via social engineering attacks rather than technical vulnerabilities. Threat intelligence can help businesses identify attempts to execute social engineering attacks within their networks, while also building stronger defenses — such as enforcing the principle of least privilege within social accounts — to help mitigate the potential fallout of a compromised social media account password.
A large-scale phishing attack on Facebook that began in 2020 serves as another reminder of the importance of securing social media accounts.
The attack used a complex set of websites, starting with a link in a YouTube video, to present users with what looked like a Facebook login screen, but was actually a phishing site. When users logged into the fake site with their Facebook credentials, their accounts were compromised.
Here again, user education and the assessments of risks associated with business’s social accounts are part of the solution. So are authentication-hardening techniques like MFA, which would have prevented account credentials from being captured via a single website in this case.
Cybersecurity Threat intelligence must keep pace with IT investment
But we’ll stop here because we think you get the point: as businesses’ IT estates continue to expand, their cybersecurity threat intelligence solutions need to grow with them.
Cyberint’s Argos™ can help. By identifying risks and opportunities for building a stronger security posture with pin-pointed and targeted intelligence, Argos™ helps businesses stay one step ahead of their adversaries, no matter how sophisticated they become.
Contact us to learn more about how threat intelligence can protect your business.