In 2019, first time in history more than half of the global population is using the internet. This consists of about 3.9 billion people who are using online services worldwide. This means an exponential increase in personal, business and government data flowing across the internet and between devices. As exposure of data is increasing, this leads to revelation of ever-widening range of cyber threats. Not long ago, a breach that compromised the data of a few thousand people would have been big news. Now, breaches that affect hundreds of millions or even billions of people are common. This increase in volume of incidents makes governments and organizations take cyber security too serious than ever before.
Incident is a security event that compromises the integrity, confidentiality and / or availability of an information asset whereas breach is an incident that results in confirmed disclosure of data to an unauthorized party
Cyber threat can be classified as:-
Fig: – Cyber threat classification
In this report, we will review some of the cybersecurity facts and major cyber security incidents occurred in 2019 which has a greater significance on overall cybersecurity domain.
Thought-provoking cybersecurity facts in 2019
• Almost half of American small businesses were subjected to a cyber-attack in 2019 and most of them fail to response after an attack.
• Over 85% of the total global emails were spam in the month of July 2019.
• The most common malicious attachments which includes ransomware, spyware and other viruses in email are Microsoft Office files. Also, one in ten URLs shared online are malicious.
• Phishing has been the most common cybersecurity attack type all over the year.
• Network vulnerabilities are far more common than application vulnerabilities i.e. 81%.
Major Cybersecurity Incidents and Breaches in 2019
Hackers breached Bulgaria’s tax agency
Date June 2019 Impact 4 million citizen
Bulgaria suffered the biggest data leak where more than 4 million citizen’s data was compromised. The stolen data was emailed to local media by the hackers. They claim that 57 out of 110 database were compromised. It’s difficult to assess what’s inside the leaked databases, but local media says the files date back to 2007. According to hackers, Bulgarian government is mentally retarded and their state of cyber-security is a parody.
Outdated systems and a lack of preventative measures in place by the Bulgarian government are suspected as vulnerabilities leading to the citizen records database becoming exposed.
Severe Vulnerability in Apple FaceTime
Date January 2019 Impact iPhone and Mac users
Apple described the flaw as a logic issue in handling of Group FaceTime calls. This vulnerability allowed a hacker to spy on FaceTime user by calling the targeted victim and adding the attacker’s own number to group chat. While hacker could listen and possibly even see the victim, on victim’s side it appeared as if the call still hadn’t been answered.
They disabled the Group FaceTime feature after learning of the flaw’s existence. After that they implemented a server-side fix and now it has released updates for both IOS and macOS Mojave to fully address the issue. Later, Apple introduced Group FaceTime in late October with IOS 12.1. The Group FaceTime service has now been restored. But, the FaceTime bug has raised a lot of serious concern on security of Apple devices.
Australian Graphic design tool Canva Breached
Date May 2019 Impact 137 million user accounts
Graphic design tool website Canva faced an attack that exposed email addresses, usernames, names, cities of residence and encrypted password of 137 million users. According to canva, the hackers managed to view, but not steal files with partial card and payment information. Suspected attackers known as Gnosticplayers said Canva had detected their attack and closed their compromised server. They also claimed to have gained OAuth login tokens for users who signed in via Google.
Canva representatives confirmed the incident and later notified users to change passwords and reset OAuth tokens. There was a list of approximately 4 million Canva accounts containing stolen user passwords that was later decrypted and shared online. Company had to invalidate unchanged passwords and prompt users to change password as soon as possible.
Capital One’s Data Breach
Date March 2019 Impact 106 million bank customers and applicants
Capital One is one of the largest bank in US. There was a data breach which led to compromise the personal data of nearly 106 million of bank’s customer and applicants. In this attack, hacker also gained access to personal information related to credit card application form from 2005 to early 2019. Along with this, he gained access to 140,000 social security number, 1 million social insurance numbers and 80,000 bank account numbers.
Paige Thompson was revealed as hacker who used to work for Amazon Web Services as software engineer which was the cloud hosting company that Capital One was using. The issue was immediately fixed and customers whose confidential information was affected, were offered ‘free credit monitoring and identity protection’. It was estimated that the bank could face $100million-$500million in US fines for the breach.
Smart Phones Infected with Backdoor Trojan
Date June 2019 Impact 20,000 users infected
German cyber-security agency warns against buying or using four low-end smartphone models. The German Federal Office for Information Security found backdoor malware found embedded in the firmware of smartphones. The smartphones firmware had a backdoor trojan named Andr/Xgen2-CY. According to Sophos, Andr/Xgen2-CY could import data such as device’s phone number, Location Information, including longitude, latitude, and a street address, IMEI identifier and Android ID, Screen resolution, Manufacturer, Model, Brand, OS version, CPU information, Network type, MAC address, RAM and ROM size, SD Card size, Language and Country, and Mobile phone service provider.
If profile of an infected phone was registered on the attacker’s server, they could use the backdoor Trojan to Download and install apps, Uninstall apps, and Execute shell commands and can Open URL in browser. Manual removal of the backdoor is not possible due to its anchoring in the internal area of the smartphones firmware. The backdoor Trojan can be removed just via a firmware update issued by the phone makers.
Four Major Dating Apps Expose Precise Locations of Users
Date May 2019 Impact 10 million users
Dating apps are popular among millions of youths. Four popular mobile applications offering dating services have security flaws which allow for the precise tracking of users. Security researchers said, Grindr, Romeo, and Recon have all been leaking the precise location of users. They also stated that it was possible to develop a tool to collate the leaked GPS coordinates.
According to researchers, 3Fun a mobile application for arranging threesomes and dates, had worst security of any dating application. It was found that 3Fun was not only leaking the locations of users but also information including their dates of birth, sexual preferences, pictures, and chat data. Bringing together all dating apps the research team were able to create maps of user locations across the world by using GPS spoofing and trilateration — the use of algorithms based on longitude, latitude, and altitude to create a three-point map of a user’s location. Researches at Pen Test Partners recommends that users should be given real, transparent options in how their location data is used so risk factors are known and understood.
Ransomware Attack on City of Del Rio, Texas
Date January 2019 Impact Authority and citizen of Del Rio
Officials at City of Del Rio, in Texas, were forced to leave electronic services and switch back to pen and paper after a ransomware attack closed down City Hall critical servers. This attack led to all servers being disabled. This was done to prevent further spread. Officials attempted to isolate the malware by turning off all internet connections for other city departments. This stopped all members of staff from logging into government systems.
Further, it is unknown if any personal data of employees and customers were compromised. The city has not revealed too much information on this attack yet. The ransom amount is unknown, and there is not much information if any payments were made or not. FBI is looking into this case and still it’s unclear who was behind this attack.
Records Exposed For Food Delivery Service DoorDash
Date May 2019 Impact 4.9 Million Records
Nearly 5 million user records were accessed by an unauthorized third party of food delivery service DoorDash. A combination of data from DoorDash merchants, its Dasher delivery personnel and end-user consumers were accessed. Users who joined the service before April 5, 2018 were compromised.
A representative of the delivery service told that a “third-party service provider” was to blame, though no specific provider was named. After the breach, DoorDash removed access to the data from the third-party, added additional protective security layers around the data as well as improved security protocols that govern access to DoorDash systems.
Cybersecurity is a never-ending battle. A permanently conclusive solution to the problem of cyber threats will not be found in the foreseeable future. Improvements to overall cybersecurity state of individuals, firms, government agencies have significant value in reducing the loss that is associated with cybersecurity breaches. The cyber threats are hard to deny, so by applying preventive measures such as risk assessment and undertaking of Vulnerability Assessment and Penetration Testing, we can minimize the attack vectors hence mitigating threats.
To minimize the impact of the breach, remember these points.
i. Follow information security news portals to get latest information about the incident. What data is breached?
ii. Check whether your email or login id is included in the breach. There are some websites that provide this information such as haveibeenpwnd.com.
iii. if your id is included, change your password as soon as possible.
iv. Be aware of phishing emails or calls, if something is too good to be true, it certainly is.