Tag Archive for: patchtuesday

Hackers a difficult people to understand, they don’t discriminate, they’re looking for any open door, every opportunity, to steal data, make money whether small or large amounts, cause disruption in business and ultimately chaos!

Enterprise businesses to SMB can fall prey, and at Excelien, we work our clients to ensure they’re aware of the latest technology, with access to our security consultants and security assessments. We’ve all seen headlines with companies who you would expect to have a concrete fortress become victims. The pandemic seems to have accelerated some of the most significant breaches that have taken place in 2020. Here’s a reminder of some of the headline-grabbing attacks, and the stark reality and severity of these cyber attacks.

WHO – World Health Organisation

WHO has been giving guidance through this pandemic but in the midst of was part of a massive data leak of 25,000 email addresses and passwords unlawfully accessed. It was common belief to be part of a broader attempt to disrupt the battle against Coronavirus, with organisations such WHO, National Institutes of Health (NIH), and Centre for Disease Control and Prevention (CDC), Gates Foundation and more being hit by these team of elite hackers.

WHO confirmed a phishing campaign was used and targeted at its employees. WHO’s CIO, Bernardo Mariano stated, “Ensuring the security of health information for the Member States and privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic, We are grateful for the alerts we receive from the Member States and the private sector. We are all in this fight together.” It is still not clear if this cyber attack had any significant effect. According to WHO, the leaked information did impact an older extranet system, causing them to migrate to a more secure infrastructure.

Twitter

The Twitter breach was probably the most visible and famous attacks to date, with celebrities from all walks of life such reality star Kim Kardashian to tech guru Elon Musk to the ex-president Barack Obama. Though this was an attack which took place over a few hours, the exposure was huge.

The attack targeted a small group of Twitter’s employees through a phone spearphishing campaign, enabling hackers to gain access to Twitter’s internal support system, which then allowed them to target further employees. According to Twitter, using the acquired credentials, around 130 Twitter accounts had been hit, Tweeting from 45 of those, accessing the direct messaging feature of 36 and downloading the Twitter Data of 7. Twitter Support released a statement explaining, “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.” The actual outcome of this elaborate hack isn’t clear, the incident has led to significant distrust with Twitter and its security protocols, and will most likely live on as one of the largest in cybersecurity disasters to a social media platform.

Zoom

The use of Zoom has skyrocketed through the pandemic to enable the working from home to be the new normal. Zoom overnight became the big name, the go-to for a virtual meeting – the cybercriminals saw this, and soon became a target.

Cyberattacks have relentlessly targeted Zoom in the past and in April 2020 did in fact experience a data breach. Over 500,000 Zoom passwords were stolen and available for sale or even being given away for free across dark web forums. The attack impacted everything from personal accounts to financial and educational organisations. Victims’ login credentials, private meeting URLs and HostKeys were released. It’s believed that attackers used old stolen credentials, some from 2013. They used a credential stuffing attack which used multiple bots to avoid the same IP address for numerous Zoom accounts and to prevent detection as a denial of service (DoS) attack.

Zoom responded, “We have already hired multiple intelligence firms to find these password dumps, and the tools used to create them, As well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials.” Zoom will continue to examine the breach, are shutting accounts which they have found to be compromised, prompting users to change their passwords to something more secure, and investing into more technology solutions to bolster Zooms efforts.

Marriott International

A very public and large-scale security breach at the beginning of this year with a leading hotel group, Marriott, led to the data of more than 5.2 million guests data having their data compromised. Marriott believes hackers might have gained login credentials of two employees either by credential stuffing or phishing and subsequently able to gain access to information for customers part of the Marriott loyalty scheme.

Even though Marriott disclosed the security breach on March 31, 2020, it’s concluded that the data had been taken around a month before and included personal information including names, birthdates, and telephone numbers, travel news, and loyalty program information. It isn’t the first time that the hotel has announced a significant data breach – in 2018, they encountered a cyber-attack leaving 500 million guests affected.

MGM Resorts

Although it started in 2019, the data breach experienced by major hospitality group, MGM Resorts, continues in 2020. And it may be much larger than initially reported – now understood to have affected more than 142 million hotel guests (14 times the 10.6 million reported in February).

The attack came to light in an ad published on the dark web marketplace offering to sell the data of 142,479,937 MGM guests for just over $2,900. According to the seller, MGM Grand Hotels data as part of this. Hijacked information is assumed to include name, phone numbers, home address, email addresses, and birth date of guests, including those of Twitter CEO Jack Dorsey, Justin Bieber and prominent government officials.

An MGM Resort spokesperson confirmed that impacted guests were notified about the data breach and added: “We are confident that no financial, payment card or password data was involved in this matter.” Although this is considered “phone book” information, a fear is that the personal data will continue to be sold, which opens up opportunities for spearphishing campaigns.

Garmin

Garmin known for its smartwatch and wearables had shut several of its services in July to deal with a ransomware attack, that encrypted its internal network and some production systems.

The company is still planning to have some severe downtime following this attack as they prepare for a multi-day maintenance window to deal with the aftermath, this includes the website going offline, Garmin Connect and Garmin Aviation services, and even manufacturing lines within Asia.

Garmin said the outage had also impacted its call centres, putting the company in a situation of being unable to answer emails, calls, and online chats.

The attack didn’t pass quietly and caused headaches for the company’s customers, who rely on the Garmin Connect service to sync data about bike rides and runs to Garmin’s servers, all of which also went down on.

It wasn’t just consumer wearables effected, flyGarmin was also down which supports the company’s line of aviation equipment. Another blow, following this outage, updates weren’t available for this software an FAA requirement to run an up-to-date version of this database.

The extent of the breach continues unknown to third-party observers. Besides consumer sportswear, wearables and smartwatches, Garmin also delivers mapping, tracking solutions and equipment for the maritime and automotive industry. The actual impact of the ransomware attack on these services remains unclear.

What Can We Learn from These Cyber Attacks?


Businesses need to be diligent. Cybersecurity always needs to be in front of mind and system as well as routinely assessed. Companies from small to the enterprise can easily fall prey of phishing schemes, ransomware, DDoS, malware, and other attacks leading to data breaches.

Excelien works with you to take the necessary precautions is the best chance they have at staying secure. Along with detection and response tools, authentication protocols, and ongoing employee security awareness training can make the most significant difference.