The media is full of news about cybersecurity breaches from high-profile companies. According to IT security professionals, an increase in digital threats since the COVID-19 pandemic has been noticeable in the area of data exfiltration and leakage. More exactly, data is moved or transferred from a device unlawfully, either by the perpetrator or malware.
Phishing and ransomware are the two most popular tools of hackers to gain a foothold in corporate networks. There have been several warnings about hacking groups. Malicious actors reside in countries that ignore or tacitly approve of their behavior. Sanctions and indictments have done little. It’s also obvious that the problem is difficult to solve.
Who is a target? That’s the question on everyone’s lips. Any organization that uses the Internet is a target for cybercriminals. Large businesses are selected as the aim of an attack because they have a large amount of capital, aside from the fact that their customer base leaves a lot of sensitive data ripe for the taking. Despite the fact that cybercriminals are commonly perceived as being hacker groups operating under foreign jurisdiction, more often than not, companies know the perpetrator.
As cybercriminal become more and more sophisticated, it’s not a question of if it will happen, but when. We’ve compiled a list of some of the biggest companies that were hacked by cyber thieves. Securing data is a difficult undertaking nor just for data security heads but also for CEOs. Like with most cases, we learn more about the nature of the hacking as time passes. While headlines focus more on who did it, investigations provide solid details.
1. China National Petroleum
China National Petroleum is the third-largest oil company in China and, needless to say, plays a key role in the petroleum industry. Roughly 20,000 gas stations went offline in 2017 following the WannaCry ransomware attack. As we can all remember, this digital threat spread through computers operating Microsoft Windows. The malicious software infected the systems, blocking access until a sum of bitcoins was paid.
While petrol stations in the western city of Chongqing weren’t able to accept credit card payments, university students saw ransom pop-ups on their computers, as universities across the nation experienced severe disruption. Cybersecurity experts have long said that essential parts of the national infrastructure could be vulnerable to a cyber-attack.
2. Royal Dutch Shell
Energy company Shell sustained a data breach in 2020 after the company’s secure file-sharing system, powered by Accellion’s FTA, was exploited to gain access to the files shared by each organization. The FTA was isolated from the rest of the network, so the damage was limited. It’s believed that many companies still using the FTA suffered dramatic data losses, although the impact hasn’t been truly understood. Shell stated that cybersecurity and personal data privacy are of the utmost importance and insisted they were working to enhance information risk management practices.
3. Sony Pictures
Sony Pictures attracted unwanted attention due to a devastating security breach that cost it about $15 million. A malicious actor group that goes by the name of “Guardians of Peace” leaked confidential data from the film studio. It’s believed that the Guardians of Peace have ties with North Korea’s elite cyber-warfare Bureau 121. Many of the bureau’s hackers are top-notch graduates of the University of Automation, Pyongyang.
Hard as it may have been, Sony stood up to its attackers and, most importantly, fought back. even if malicious actors didn’t get what they wanted, they still managed to instill fear. The lesson to be learnt here is that it’s necessary for an organization to determine whether it’s prepared to respond in a world of constant threats and vulnerability. It’s important to rise to the challenge quickly and diligently to protect essential processes.
4. Saudi Aramco
Oil giant Saudi Aramco was recently the victim of a data leak. It seems that approximately 1TB containing proprietary company information and employee profiles was stolen due to a security lapse at a contractor. The hacker seized a copy of the data without using malware. It’s interesting to note that Saudi Aramco’s facilities have been targeted in the past by cybercriminals. In 2012, an incident took place, which was blamed on Iran. Saudi Arabia and Iran have been opposites in pretty much everything.
A bunch of data used for sales and marketing purposes during 2014 and 2019 was exposed, although the timeline hasn’t been established yet. The data encompasses first names and last names, mailing addresses, phone numbers, and so on. Audi customers and potential buyers who’ve made a purchase data may have been compromised. It’s a good thing that the automaker identified the source of the incident.
Volkswagen sent emails and letters to those affected, offering free credit monitoring and notifying them of possible phishing attacks using the information stolen. This cyber incident is a good example of what can happen when sensitive data is left unsecured over the Internet. A great many vendors don’t configure their cloud storage adequately, which is why companies should take the time to check in with them.
BP’s web-based recruitment portal was hacked back in 2018, leaving thousands of job applicants at risk. A third-party gold hold of information such as names, age, gender, contact details, etc. A warning email was sent to individuals who had applied for a job in BP stores, letting them know that their personal data was compromised. The fuel company began to use the online portal once more, but only after receiving guarantees from independent cybersecurity experts.
Security breaches of this kind make job seekers reluctant to share their work histories and contact information online, even if it’s safe to do so. Cyber-attacks will most likely continue with the rise of the Internet of Things. The question is what are organizations willing to do to protect customer data. It’s too early to say, but the current alternatives aren’t appealing. Many believe that digital threats are set to increase in the following months. To be more precise, there will be a growth in the environment of malicious actors who specialize in different capabilities.