Woz U

The Top 3 Most Notable Cyber Attacks in the Last Decade

There have been numerous cyber-attacks in the last decade, but some have been outstanding. They include: 

1. Old Colonial Pipeline Attack

In May 2021, the Colonial Pipeline was the target of a ransomware assault. It infected the pipeline’s digital systems, causing it to go offline for several days. 

Consumers and airlines on the East Coast were affected by the shutdown. Because the pipeline transports oil from refineries to industrial markets, the government considered the intrusion a national security threat. 

The attack began when DarkSide, a hacker group, gained access to the Colonial Pipeline network. Within two hours, the attackers took 100 gigabytes of data. Following the data theft, the attackers compromised the Colonial Pipeline IT network with ransomware, compromising several computer systems, including billing and accounting. 

Colonial Pipeline paid DarkSide hackers for the decryption key, allowing the company’s IT personnel to regain control of its systems. 

What Was the Root Cause of the Attack?

An exposed password for a VPN account allowed attackers to access the Colonial Pipeline network. Many businesses use a virtual private network (VPN) to enable secure, encrypted, remote access to their network. According to investigations by Mandiant (a security investigation firm), a Colonial Pipeline employee — who remained anonymous during the hearing — presumably used the same VPN password at another site. That password was somehow breached in a different data breach. 

Password reuse has become a widespread issue, with many people using the same password many times. Reusing passwords is problematic because once a malevolent player has your credentials, they can effortlessly gain access to your accounts. 

How Could This Have Been Prevented?

Using a single password across platforms puts you at risk of identity theft and fraud. Hackers deploy various techniques, including social engineering, to obtain your login information; therefore, diversify your passwords as much as possible to spread your risks. 

Organizations should give security protection to employee accounts to decrease the risk of password reuse. Corporations should also extend similar measures to their employees’ families to secure their larger internet networks. 

2. 2017 WannaCry Ransomware Cyber Attacks

In 2017, one of the largest ransomware attacks occurred, affecting over 200,000 systems in over 150 countries. This outbreak had a massive impact across several industries and cost the world almost 7.4 billion dollars! 

How Did It Happen?

The ransomware encrypted all of the files on the infected computer, after which the hackers demanded $300 to regain control. WannaCry capitalized on a vulnerability in the Microsoft Windows operating system. The attack’s software tools were revealed in April among a trove of NSA spy tools that had been either leaked or stolen. 

Microsoft had released a security patch to address the flaws, but many organizations had not automatically upgraded their systems since Windows updates could conflict with legacy software. Also, since some customers with older PCs disabled automatic updates, they did not receive Microsoft’s automated security patch, putting them at risk. 

How Could WannaCry Have Been Solved?

Most of us are all guilty of disregarding software update notifications. Make sure that all of your computer software is up to date. It’s also the case that keeping track of all the different updates on your computer might be perplexing at times. However, you can work with a managed IT service provider who offers a critical update service with automation to safeguard your systems from the latest documented cyber-attacks. 

3. The 2020 Twitter Attack

In 2020, three individuals obtained access to Twitter’s internal systems, hijacked dozens of high-profile accounts, and used them to tweet out bitcoin scams that netted them more than $100,000. Then an arraignment occurred for the three individuals two weeks later. 

How Did It Happen?

By collecting credentials from Twitter’s private staff Slack channel, the hackers behind the attack were able to infiltrate the platform’s backend infrastructure. The hackers were then able to hijack at least 103 accounts and obtain the personal data of at least 8 accounts once inside Twitter’s systems. 

How Could It Have Been Prevented?

Cyber-attacks and account takeovers, such as the Twitter hack, can easily be avoided. To guarantee that only the correct users have access to the appropriate systems at all times, organizations must deploy biometric multi-factor authentication.  

Biometric multi-factor authentication can help safeguard corporate networks by eliminating human error. Biometrics, unlike passwords, cannot be readily stolen, faked, or phished. Biometrics also cannot be shared between multiple users, written down and published on the internet, or forgotten. 

Biometric multi-factor authentication solutions enable smooth and secure authentication with minimal impact on workflow and user experience. As a result, biometric MFA can establish strict access controls, ensuring that only the appropriate persons have access to the relevant systems at the right times. 

After gaining access to Twitter’s networks, the hackers navigated through the platform until they found a means to steal the accounts of popular users. 

Biometric MFA checks at every access point in Twitter’s system would have barred the intruders from moving laterally over the network, preventing them from compromising multiple systems. 

Stay Ahead of Cyber Attacks With Cybersecurity Training

Staying ahead of current trends in the cyber security industry is key to safeguarding your data and internet-facing systems. There is so much to learn, from increasing cybersecurity awareness to ensuring your employees don’t succumb to social engineering attempts to deploying multi-factor authentication and promptly updating your software. Reach out to us to continue keeping up with trends in cyberspace. 

Also, if you wish to understand everything Tech, Woz U can help you begin. With numerous training options to choose from, you can jumpstart your career in tech now. Get started today.