World Health Organization
Industry: Consumer Services/Non-Profit
What are believed to be elite hackers leaked login credentials of staff at the World Health Organization (WHO) around March and April of this year. The data leak was believed to be part of a larger attempt to target groups trying to combat the coronavirus – nearly 25,000 private email addresses and passwords were unlawfully released from organizations including the WHO, the National Institutes of Health (NIH), the Center for Disease Control and Prevention (CDC), the Gates Foundation and more. The WHO confirmed a phishing campaign had been deployed directed at its staff. WHO’s Chief Information Officer, Bernardo Mariano stated, “Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic. We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together.” It is still unclear if the attack had any major effect. According to WHO, the leaked information did impacted an older extranet system, causing them to move to a more secure infrastructure.
Twitter saw one of the most brazen online attacks to date when on July 15, 2020, hackers verified Twitter accounts of many high-profile figures and celebrities, everyone from Kim Kardashian and Kanye West to Barack Obama, Elon Musk, and Bill Gates. The successful attack targeted a small number of employees though a phone spear phishing campaign, granting hackers access to Twitter’s internal support system which then enabled them to target additional employees. According Twitter, using the acquired credentials, 130 Twitter accounts were targeted, with the hackers Tweeting from 45, accessing the direct messaging inbox of 36 and downloading the Twitter Data of 7. Twitter Support released a statement saying, “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.” The true outcome of this enormous hack has yet to be seen, but the incident has led to major distrust with Twitter and its security measures, and will most likely live on as one of the worst cybersecurity disaster to a social media platform.
The pandemic caused organizations across the global to enact work from home policies and the popularity of video conferencing solutions skyrocketed. Zoom quickly became the big name, the go-to for virtual meeting – and the most popular for cybercriminals. The application has been relentlessly targeted by various cyberattacks and in April 2020 did in fact experience a data breach. More than 500,000 Zoom passwords were stolen and available for sale or even being given away for free across dark web forums. This impacted everything from personal accounts to financial and educational organizations. Victims’ login credentials, personal meeting URLs and HostKeys were released. Because many people tend to reuse passwords, it is believed that attackers were able to used old stolen credentials, some from 2013, and employed a credential stuffing attack that used multiple bots to avoid the same IP address being used for multiple Zoom accounts and to prevent being detected as a denial of service (DoS) attack. Following the half a million user credentials being compromised, Zoom responded, saying, “We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”
Healthcare giant Magellan Health suffered a ransomware attack and data breach in April 2020 that left 365,000 patients impacted across eight Magellan Health affiliates and healthcare providers. The sophisticated attack began with hackers first exfiltrated data by installing malware before launching a ransomware attack five days later. Using a social engineering phishing scheme impersonating a client, hackers were able to get into Magellan’s system, installing malware to steal employee login credentials. The attack, contained to a single corporate server, granted the cyber criminals access to personal employee information and ID numbers as well as sensitive patient details such as W-2 information, Social Security numbers, or Taxpayer ID numbers. The data breach is one of the biggest we’ve seen this year within healthcare, and the second notable phishing scheme to hit Magellan, following an incident in 2019. There is currently a class-action lawsuit pending against Magellan, filed by three former employees over the most recent attack.
A major security breach earlier this year with leading hotel chain, Marriott, led to the data of more than 5.2 million guests being compromised. According to the Marriott, hackers might have obtained login credentials of two employees either by credential stuffing or phishing, and then were able to acquire access to information for customers in the company’s loyalty application. Although Marriott disclosed the security breach on March 31, 2020, it was believed that the data had been obtained approximately a month before and involved personal information including names, birthdates, and telephone numbers, travel information, and loyalty program information. This was not the first time that the hotel giant announced a major data breach – in late 2018, they suffered an enormous attack leaving 500 million guests impacted.
Although it began in 2019, the data breach suffered by major hospitality group, MGM Resorts, continues in 2020. And it may be much bigger than initially reported – now believed to have impacted more than 142 million hotel guests (14 times the 10.6 million reported in February). This has come to light through an ad published on the dark web marketplace offering to sell the data of 142,479,937 MGM guests for just over $2,900. According to the seller, MGM Grand Hotels data was also compromised. Hijacked information is believed to include name, home address, phone numbers, email addresses, and birth date of guests, including those of Justin Bieber, Twitter CEO Jack Dorsey, and major government officials. A MGM Resort spokesperson confirmed that impacted guests were notified about the data breach and added “We are confident that no financial, payment card or password data was involved in this matter.” Although this is considered “phone book” information, a fear is that the personal data being sold opens up opportunities for spear phishing campaigns.
What Can We Learn from These Cyber Attacks?
Businesses need to be diligent. Cyber security always needs to be front of mind and system and setups need to be routinely assessed. Any organization can become the victim of phishing schemes, ransomware, DDoS, malware, and other attacks leading to data breaches. Stress to your customers that taking all necessary precautions is the best chance they have at staying secure. Along with detection and response tools, authentication protocols and ongoing employee security awareness training can make the biggest difference.