The amount of digital information increases by the minute. Millions of people work, communicate, and play online across the globe. This streamlined form of interaction comes at a cost, however. The sheer mass of information out there is tempting to cyber criminals, and the attack space increases as more and more devices join the Internet of Things.
With the wealth of data that is available, it is no wonder that data breaches have increased. The rapid shift to remote work in 2020 placed stress on almost every industry, and COVID-19 continues to affect the global market. This uncertainty has given cyber criminals ample opportunity to breach hundreds of companies and accounts. The following incidents are only a few of the most notable examples from this year.
Colonial Pipeline
The east coast spent early May in trepidation as the Colonial Pipeline Company shut down its entire pipeline system on May 7th due to a ransomware attack. Hacking group DarkSide used ransomware to infiltrate the company’s systems and hold data hostage until they were paid 2.3 million in Bitcoin.
This pipeline supplies about 45% of the gas, diesel, and jet fuel to the coast regions of the eastern United States. Flights were delayed and gas prices rose across the country. The shutdown had such a huge impact that Congress relaxed fuel transport rules to stabilize supply levels in southern metropolitan areas. While the money was later recovered by the FBI, this hack led to consequences for everyday people. This is always a concern when threat actors target critical infrastructure.
In a volatile economy, workers rely heavily on job and networking sites like LinkedIn. Unfortunately for some 92% of LinkedIn users, a series of data issues allowed nefarious actors to buy databases of their account information. One hacker claimed to have scraped 700 million accounts “for fun” and was selling the data to multiple customers for $5,000. Some of the sellers had the data filtered by profession, such as IT, HR, and financial workers.
LinkedIn stated that the scrape was only a large scale collection of public profile data and thus not a security hack in a traditional sense. Regardless, the selling of sorted collections of this data — including phone numbers, locations, and email addresses — is concerning for the data security world. This information can be used to launch other digital attacks on unsuspecting job hunters and fellow employees.
Sociallarks
Safety Detectives discovered a security weakness impacting at least 214 million social media users from across the globe, including high-profile influencers and celebrities. Sociallarks is a Chinese social media platform. Its ElasticSearch database was noted to have weak data security. Against all sound judgment, this database was publicly exposed without any encryption or password protection. Some of the data in this database was scraped from public information on accounts. Oddly, there were also selections of non-public data from some LinkedIn and Instagram pages.
Many in America may not have heard of Sociallarks, but the lesson here is universal. Everyone would do well to take careful stock of where their personal information exists. Data on public platforms can be used maliciously, especially in social engineering attacks and for answering security questions.
Digital security is important for individuals and companies alike. Even mundane activities like sharing files and opening links in emails can be used as attack vectors. A lack of sufficient security can have severe legal, personal, and financial consequences. Tools like encryption, multi-factor authentication, and remote hard drive wiping are vital for protecting sensitive data. Take steps today to fortify your digital security and defend against breaches and attacks.
About DriveStrike
DriveStrike is a security software that enables you to protect confidential data on personal and proprietary devices. from a secure digital console, you can manage encryption, remotely wipe devices and servers, and lock devices remotely. Contact our team if you have any questions, and start your free trial today. Your security is our priority.