Even companies that are supposed to provide IT security may be subject to data breaches. Here is the list of Top 5 data breaches of cybersecurity companies in 2020.
The number of cyberattacks is increasing every year, and over the past year it has grown several times compared to previous years. In 2020, many companies have suffered from hacker attacks, including those that are actually engaged in protecting against hacks.
Not long ago the Swiss-based cybersecurity company ImmuniWeb warned the world about the danger of cyberattacks on cyber security companies in their research State of Cybersecurity Industry Exposure at Dark Web. According to this study, 97% of specialized companies are not sufficiently protected from the encroachments of intruders. This is such a modern paradox: from now on business owners should be more careful and selective when choosing a vendor to protect the enterprise IT system.
#1. The Big SolarWinds Attack
In mid-December 2020, it became known that the American authorities were the victim of a large-scale attack by government hackers. Journalists wrote that as a result of the incident, at least the US Treasury Department and the National Informatics and Telecommunications Administration under the US Department of Commerce were compromised. Hackers attacked SolarWinds and infected its Orion platform with malware.
Many call this incident the largest attack of the year, including one of the most high-profile cybersecurity company data breaches in 2020. The victims include such giants as Microsoft, Cisco, FireEye, as well as government agencies in the United States, including the State Department and the National Nuclear Security Administration. However, the lists of victims the list keeps updating, and experts share more and more details of what happened.
As it turned out, unknown attackers have long compromised the IT company SolarWinds, which develops software for enterprises to help manage their networks, systems and infrastructure. Having infiltrated the SolarWinds network, hackers compromised Orion’s centralized monitoring and control platform. The cybercriminals provided the platform with the malicious SUNBURST malware update, also known as Solorigate. Detailed reports on this threat have already been released by Microsoft, FireEye and the Department of Homeland Security Cyber and Infrastructure Protection Agency (DHS CISA).
As a result, many SolarWinds customers installed an infected version of the platform and, without knowing it, let the hackers into their networks. Typically, Orion is used in large networks to track all IT resources such as servers, workstations, mobile phones and IoT devices. Until December 13, it was not known how hackers gained access to the FireEye network. Vinoth Kumar claimed that the credentials from the SolarWinds update server back in 2018 were freely available in the company’s official GitHub repository. According to Kumar, he noticed this leak in November, and the password from the server was elementary: solarwinds123.
#2. A Phishing Attack on the Sans Institute
The SANS Institute, one of the world’s largest information security training organizations, has itself been hit by a cyberattack. The attackers hacked just one email account of an employee of the SANS Institute and brought out a significant amount of data about the employees of this institution. SANS has thrown its entire toolkit to investigate. Attackers were able to leak data from SANS after one of its staff members fell for a phishing attack.
SANS posted on its website that a successful attack allowed attackers to gain access to the employee’s mailbox. According to company representatives, they were able to detect a single phishing email as an attack vector. As a result, the mailbox of an individual worker was damaged. In addition, according to staff, no other accounts or systems in SANS have been compromised.
The attacker, however, configured the redirection of all correspondence received on the attacked mailbox to some other address and installed a malicious add-on for Office 365. In total, 513 messages containing personal data of people associated with SANS were leaked to the side. In total, 28 thousand entries have leaked in this way.
The SANS report indicates that the entire arsenal of cyber criminological tools at the institute has been thrown into the investigation of the incident. In addition, representatives of the organization promise to hold an open online seminar on what happened and the conclusions drawn from the investigation. SANS says there were no passwords or billing information on these records. But there were full names, phone numbers, physical addresses, positions, names of employing companies and email addresses.
However, all this data can be easily used to carry out spear-phishing attacks. Such data is valued less than payment information, but for targeted attacks on people and legal entities, it turns out to be extremely useful. And the extent to which phishing attacks remain effective can be seen from this situation with SANS, because it would seem that an employee of such an organization is hardly to fool around so easy, but nevertheless, the attack was successful, which then can be expected from employees of non-specialized companies.
#3. Sophos Customer Data Leak
Sophos, a cybersecurity company, has been attacked and this caused a confidential customer data leak. The compromised information included details of first name, last name, email address and telephone number. Sophos said it learned about the misconfiguration from a researcher and fixed the problem.
The incident was the second major digital security incident that Sophos faced in 2020. Cybercriminals exploited a zero-day vulnerability in the Sophos XG Firewall and thus gained access to tampering. The attackers used the Asnarok Trojan, but they failed when they tried to deploy the ransomware because a compromising bug was posted.
#4. FireEye Hack
FireEye company was hacked in the first decade of December, followed by the hacking of the systems of the US Treasury and the National Telecommunications and Information Administration (NTIA) and other government agencies, so it became one of the most sensational cybersecurity company data breach of the year. The same government-backed hacker group is behind all these incidents, according to FireEye officials. Moreover, the hackers used the same vulnerability to hack, and their campaign began in the spring of 2020 and affected both public and private organizations around the world.
Earlier, some media outlets claimed that APT29, also known as Cozy Bear, which is associated with the Russian intelligence services, is behind the series of hacker attacks, but FireEye has not yet named those responsible for the large-scale hacking campaign, giving the criminals the codename UNC2452. According to the FireEye report, in order to carry out such a large-scale attack, the hackers initially hacked into the American software manufacturer SolarWinds and implemented a malicious update into Orion, which is used by organizations around the world to centrally monitor and manage IT resources. SolarWinds, in turn, launched an investigation into this cyber incident, during which cybercriminals managed to use its software products in attacks on US government and private organizations.
#5. Night Lion Revenge Hacker Attacks
An unknown attacker hacked into poorly protected Elasticsearch servers and tried to deface them or erase all of their content. The first attacks were spotted at the end of March 2020 and appear to be automated. For some reason, the attack script did not work in all cases, but the nightlionsecurity.com index was present even in those databases where the content was ultimately left untouched.
Due to the volatile nature of the data stored on Elasticsearch servers, experts found it difficult to determine the exact number of affected systems. At the same time, the attacker tried to put the blame for what he has done on the American information security company Night Lion Security. Night Lion Security founder Vinny Troia has denied that his company has anything to do with what is happening.
At the same time, Night Lion itself was hacked by a vengeful hacker, which led to the theft of about 8,200 databases. Of course, when you are fired from work, it can provoke stress. And if a former employee does not have any alternative source of income, because of which his whole life can go downhill, then this can pretty soon provoke certain unfriendly actions on his part.
Often, employees who were simply kicked out of the company where they worked faithfully, there is a desire to take revenge. And the result can be much more dangerous than even in the case of a real hacker attack. According to analysts from Digital Research Inc., almost 60% of leakage and corruption of confidential data is the work of disgruntled employees, thus venturing anger at their management. At the same time, the lion’s share of sabotage falls on former employees, whose access passwords were not deactivated in a timely manner.
Conclusion
The results of this year, which saw more cybersecurity company data breaches than ever before, are quite disappointing for the owners of companies and the management of different organizations. Even the special services and police at the international level are not immunized against cyber threats, as evidenced by the recent BlueLeaks, which according to National Fusion Center Association (NFCA) affected more than 200 police departments. So be careful in the new year and take all the measures to avoid breaches.
