Ransomware, Hacked Credentials among COVID-19 Data Breach Trends

For the past seven or eight months, COVID-19 threats and scams have haunted the virtual lives of consumers everywhere. Businesses, too, have faced unprecedented security challenges — including high-impact data breaches — during the pandemic. To meet the increasing demand for digital goods and services, companies have had to implement new solutions more quickly than they normally would. This rapid adoption plus a surge in remote work has created vulnerabilities that cybercriminals are eagerly exploiting.

Recently, the authors of the famous Verizon Data Breach Investigations Report (DBIR), analyzed the impact of COVID-19 on data breaches. They noted:

As the Verizon researchers point out, these risks are nothing new or surprising; rather, the real problem is how rapidly they’re multiplying. Their analysis revealed three key trends:

Increase in Error

Distracted and overworked employees are rushing from one task to another. In their hurry, they easily overlook necessary tasks or make a mistake. For example, a system administrator might misconfigure a new cloud storage solution, or an end-user might forward a confidential email to the wrong party.

These errors, while understandable, can have disastrous consequences. According to Risk Based Security’s 2020 Mid Year Report: Data Breach QuickView, the number of records exposed in a data breach shot up 4x. Three massive data breaches accounted for approximately 84 percent of this number. The cause of these breaches? Misconfigured databases and services.

Stolen Credential-related Hacking

More than 80 percent of hacking breaches in the Verizon DBIR report are caused by stolen or brute-forced credentials — usually via web apps and/or the cloud. Companies increasingly rely on software-as-a-service (SaaS) platforms as part of their rapid digital transformation, which means even more account credentials can be hacked.

Additionally, many organizations lack an effective and thorough process for patching their corporate-owned assets, which is especially difficult with a large remote workforce. “Securing those assets and preventing them from accessing the corporate network…while unpatched will prove to be very challenging, even to the most mature of organizations,” the Verizon authors noted.

The 2020 Marriott breach — the second in three years — is the perfect example of this. On March 31st, the company reported that thieves stole the personal information of 5.2 million guests, including names, addresses, phone numbers, loyalty member data, dates of birth, and other travel information. The hackers obtained two employees’ login information to break into the system.

Ransomware Likely to Rise

Ransomware occurs when hackers seize control of a company’s data and systems, usually by encrypting them, and demand a payment to regain access. While ransomware attacks do not usually result in the unauthorized exposure of personal data, the Verizon analysis included several incidents in which hackers did steal — and publicly post — copies of the data.

Verizon’s cautious prediction about the rise in ransomware attacks is in fact a hard reality. According to the mid-year update to Skybox Security’s 2020 Vulnerability and Threat Trends Report, new ransomware samples surged 72 percent over the first half of the year.

Organizations hit by ransomware face a difficult pay-or-not-pay dilemma. It’s a difficult choice, but any delay can have dire consequences. In Germany, hackers invaded a hospital’s computer servers, causing a woman to die from delayed treatment. And a company that sells software used in clinical trials — including those being used to develop tests, treatments, and a vaccine for COVID-19 — was hit with a ransomware attack.

As we head into the last months of 2020 and into 2021, pandemic-related threats to organizations’ data will only rise. Preparation is the best defense against these inevitable threats. To help get your organization breach-ready, consider IDX’s no-cost priority response solution. Let us, the most experienced and largest data breach response company, be part of your incident response team.