2019 saw a variety of challenging threats facing enterprises in the 5th-Gen Cyber Landscape. The threats faced could be categorized as stealthy and targeted and that implication of this pointed at greater destruction. The history of cybersecurity is intriguing for security practitioners and last year brought up many incidents and concerns, which are expected to worsen going forward.
There have been several data breaches, with state-backed hacking programs and supply chain manipulations showing the evidence. Ransomware is seen to be an ever-increasing threat, while geopolitical tensions surge worldwide. It is important to keep a note of major cybersecurity incidents that occurred in 2019 before moving on to solutions and prospects.
Summary of Cyber Incidents in 2019
January 2019: The Chile ATM Attack was a major cyber incident witnessed in January 2019, where hackers breached Redbanc – the country’s ATM interbank network, post-tricking an employee to download a malicious program through a fake job interview. This espionage was carried out on 15th January 2019. It has been found out that the Redbanc employee came across a Linkedin job advertisement. The employee then appeared for the skype interview, where the attackers persuaded him into downloading malware on his system. This gave the attackers access to the network of Redbank. However, Redbanc claims that their business operations were not affected.
February 2019: The SBI Breach is an example of a cyber incident this month, wherein India’s largest bank refused to accept the claims that its servers have been compromised by an intrusion. The breach was reported first on 4th Feb 2019. There were reports from multiple media outlets that a server of SBI was unprotected. This facilitated the attackers to gain access to their systems and the personal information of users was at threat.
March 2019: On 22nd March 2019, a software vulnerability was sensed in the accounts of the Royal Bank of Scotland’s (RBS) customers. These accounts had been exposed to a security flaw, post-introduction of the new customer security service. The RBS had launched an endpoint security service for free for their customers in association with Hedimal Security – a Danish firm. While this security service was dedicated to protect RBS customers from cyberattacks and detect threats, a software flaw was discovered by researchers. This flaw enabled access to the banking details, internet history and emails of the customers. An update was soon released by the Hedimal Security for fixing the flaw, insisting that 50,000 computers were impacte and there were zero intrusions resulting from the security flaw.
April 2019: This month saw the detention of two lead members of a Romanian cyber attackers group, who have allegedly been accused of being the brains behind Mexico’s ATM skimming operation. One of two suspects was identified as the mastermind of Instacash, which is a fraudulent ATM service provider that operates from outside of Mexico. The head of Instacash had allegedly coerced ATM technicians through bribes and made them install some sophisticated skimmers based on bluetooth inside the ATM of their competitor. This facilitated the cyber attackers group in stealing card data and PINs remotely from ATMs across Mexico’s popular tourist destinations.
May 2019: An international cyber criminals group who utilized GozNym malware and stole over $100 Mn were dismantled on 16th of this month. The U.S. Department of Justice, Europol, and 6 other countries had the part in detention of this cyber criminals group. Multiple locations were targeted and the incident was kept highly confidential. This group stole the money from more than 40,000 victims, which included bank accounts of small enterprises, non-profit organizations, international corporations, and law firms. 10 members were detained and charged for the attack following the law enforcement investigation in Ukraine, Moldova, Georgia, Germany, Bulgaria, and the U.S.
June 2019: On 25th, the British law enforcement firm, Europol, saw 6 individuals being arrested by officials the theft of cryptocurrency that amounted to over $26 Mn. The attack involved theft from multiple locations and the individuals used the technique called ‘typosquatting,’ wherein they mimicked an online cryptocurrency exchange for gaining access and stealing information of the bitcoin wallets of victims. The attack affected over 4,000 individuals from across nearly 12 countries.
July 2019: On 29th, a data breach was announced by Capital One, which compromised credit card applications from over 100 Mn individuals. This was caused by when a software engineer hacked into their cloud-based server. The applications comprised the contact information, credit scores, dates of birth, names, and some Canadian and American social security numbers. A misconfigured firewall was exploited for gaining access to a personal information database hosted by AWS. After gaining access, the incident was posted on GitHub by the hacker, when an unidentified individual notified this to Capital One. One individual connected with the data theft was then arrested by the authorities.
August 2019: In this month, Binance, a cryptocurrency exchange based in Malta, became victim to ransomware. The attackers demand an exchange of 300 bitcoin, which was close to $3.5 Mn) for their Know Your Customer database that contained personal information of over 10,000 users. This KYC database comprised photographs and personal identification information of users along with documents such as passports. The authenticity of these documents was contested by the company. The company refused to pay any ransom, claimed that they did not have any digital watermarks, and reported to law enforcement for help in capturing the attackers.
September 2019: The Hong Kong-based stock exchange, Hong Kong Exchanges and Clearing Limited, discovered a technical bug and suffered from a DDoS attack. This forced the company to suspend trading. Huge volumes of traffic were sent to the website of the organization by the attackers, which slowed down and displayed limited information on prices of the exchange. Even though the services resumed while the issues were resolved, it was the second incidence suffered by the company after a DDoS attack in 2011, which forced the organization to suspend its services. Later, the individual behind the attack was prisoned for 9 months.
October 2019: ‘BrainsClub’ – a leading underground market for stolen payment and credit card details, was hacked by one of their competitors that stole nearly 26 Mn card details. The details of the credit card were included in BrainsClub from 2015 to 2019, which represented approximately 30% of credit cards being sold in the underground market.
November 2019: On 13th November 2019, a Russian man was charged by the U.S. for running ‘Cardplanet,’ which was a platform for card trading worth nearly $20 Mn. This platform used to buy and sell the payment card details that were stolen. The culprit faced numerous charges including computer intrusion, identity theft, and device fraud.
December 2019: Evidence was found by security researchers that a hacking group linked with Chinese government was bypassing 2FA in recent attacks. The primary targets of the hacking group were managed service providers and government entities, as these were active in areas such as insurance, healthcare, energy, finance, and some niche areas such as physical locks and gambling. A group called APT20 was attributed to this attack. The cybersecurity industry has been tracking this group that was identified as an operator on instructions of the Beijing government.
What Enterprises Must Focus on Moving Forward
Cyber crime has been a huge business, with most elite hackers earning nearly half million dollars annually. This is just to test the security of the system, whereas the criminals are raking billions from thefts. As more and more business is carried out in virtual environments, exploits are increasing in number and affecting all regions globally. The government leaders and businesses at all levels are in dire need to take security into consideration during the planning, software design, and network setup.
While the cloud is considered to be the weakest link of an organization and the growing malware prevalence compromise IT networks from various entry points, advanced threat prevention solutions are being introduced in the cybersecurity industry. Benefits that these cybersecurity solutions hold over their traditional counterparts must be leveraged by the organizations, if they have to remain aware and stay ahead of the security curve in the ever-evolving threat landscape.