From the Twitter hack to the recent allegedly Russian-led attack on US government agencies, 2020 was filled with ransomware attacks and privacy breaches. In fact, ransomware attacks increased in both severity and cost last year compared to 2019, and is now the biggest cyber threat facing organizations, though one expert notes that 2020 was unique in other ways when it comes to cyber incidents.
“In some respects, it’s been the year of no mega breaches, and more a year of constant mid-sized ones,” said Eduard Goodman (pictured), global privacy officer at Cyberscout.
Find out more: Learn everything you need to know about Cyberscout here.
Nonetheless, in a round-up of major cyber events from the past year, a few key incidents rise to the top, including the aforementioned Twitter breach, which brings with it important ‘lessons learned’ for businesses as well as the broader cybersecurity landscape.
In July, a dozen celebrities had their Twitter accounts hijacked in an event that highlighted the potential for a hacked tweet from a senior business executive’s account to damage a company’s share price. While the attack was relatively short-lived, and individuals recovered their accounts quickly, the event was still significant because of Twitter’s role as an information dissemination and communication tool.
“It was less about the harm it could do and more about the potential, and recognizing that a social media platform of that stature and nature on a global basis being implicated in the exposure of user credentials is huge,” explained Goodman. “It would be the equivalent of someone being able to hijack the media contact for a major corporation.”
Another notable incident, especially given the fact that the coronavirus pandemic placed many employees around the world into home offices, was the Zoom incident. In April, news broke that 500,000 stolen Zoom passwords were up for sale on dark crime web forums. This event was interesting, not because of the loss of tons of personal information, like SINs and dates of birth, but because the tool has become a primary means of communication during the pandemic.
“Having that open to interlopers, and individuals being able to get on because of access credentials from commercial users is a big deal,” said Goodman.
The Zoom incident also shone light on a growing cybersecurity problem, which is the fact that experts believe the popular teleconference application is not as secure as it bills itself to be. Researchers with Citizen Lab, an information laboratory with the Munk School of Global Affairs at the University of Toronto, determined that the San Francisco-based Zoom not only utilizes an easy-to-decrypt format while hosting conferences, but also sends the encryption keys to China.
Zoom claimed that its app uses “AES-256” encryption for meetings where possible, but the university researchers found that in each Zoom meeting, a single AES-128 key is used in Electronic Code Book (ECB) mode by all participants to encrypt and decrypt audio and video. ECB mode is not recommended by security experts since patterns in the plaintext are preserved when encrypted, making it easier for malicious actors that have the corresponding keys to decrypt the data.
Citizen Lab also noted that these AES-128 keys, which can be used to easily decrypt Zoom data packets, appear to be generated – and in some cases, even delivered - to Zoom users through servers in China. The researchers suggested that the keys are being sent to China because Zoom has subsidiary offices in the country.
The teleconference platform’s lack of security in turn prompted the US Federal Bureau of Investigation to issue a warning to the public about the vulnerability.
“That exposure was huge, because it did shake people’s faith in the provider,” said Goodman. “We’ve seen a lot of organizations purposely pull back from Zoom … though I think that Zoom at this stage is probably the safest to use out of similar types of solutions. Part of the reason is they’ve had to step things up because literally the world is using it, and also because of the Federal Trade Commission’s enforcement action, which has a lot more teeth, and other enforcement mechanisms around data privacy and data security.”
The two incidents involving Twitter and Zoom are reflective of a broader trend that the pandemic’s likely long-term impacts on global society will haunt the cybersecurity world from here on out.
“The pandemic has expedited a change in the way we work, the way we think about work, and the way we think of interacting with co-workers. We now rely on tools like Zoom and other communication tools day-to-day,” explained Goodman. “I think it’s really important when those come into question to recognize that everybody’s having an existential moment on, ‘how do we do this securely?’”