The Covid-19 pandemic had a huge impact on the technology industry in 2020, with a notable impact in how cyber security was tackled.
There were a plethora of virus attacks, with developments in cloud security, privacy and protection and other things. All of these attack types had their chance in the spotlight. But that was only part of the story, as we didn’t even mention the plethora of cyber crime that took place during that year.
So let’s look back to that time period, and take note of the most significant cyber security stories.
Avon Tackles Cyber Security Incident
Avon, which is s cosmetic brand was at the sad end of a ransomware attack in 2020, but had later found itself in another incident. One just as significant, after they had inadvertently left a Microsoft Azure server exposed to the public without the necessary encryption and protection in place.
This was discovered by Anurag Sen who is an employee of Safety Detectives, which is a security tool comparison service. This vulnerability allowed for anyone that had the appropriate IP address to be able to access an entire database of information.
This incident occurred just 4 weeks after Avon had already mentioned a previous incident, one, though not confirmed that involved a ransomware virus. This led to Avon being offline, the end result was its representatives not being able to make any orders for a time.
Hackers Tinker With the Pandemic Response
Around the start of the lockdown, a group of hackers attempted to target officials that were working on the pandemic global response. While the WHO, World Health Organisation wasn’t hacked, many of those who worked at the organisation had their passwords leaked through other sources. The vast majority of attacks were actually phishing emails, designed to trick WHO staff members into clicking on links and downloading attachments, in order to infect their machines.
The internet forum 4chan, which is a haven for alt-right groups today, circulated in excess of 2,000 passwords believed to belong to the many WHO email accounts they had hacked; based on information from Bloomberg. This information later spread to social media sources, like Twitter, where many far-right groups made the claim that they had hacked the WHO, in their bid to undermine the public health guidelines of the organisation.
When it comes to cyber attacks, there are almost always political components to them, and sometimes, these cyber criminal outfits will do what they do, in order to gain some sort of political advantage or send a message to their perceived enemies. Or maybe it could be to simply put their enemies on the defensive.
In another attack from these hackers during the period of the pandemic, phishing emails were sent out impersonating WHO employees, urging the masses to donate to a non-existent response fund.
U.S Government Warns its Population to Update Their Version of Windows
This story is fairly simple. It goes that the United States Department of Homeland Security’s Cyber security and Infrastructure Security Agency (CISA) sent out a warning to the millions of Windows users. This as a result of a critical security vulnerability. The threat they were singling out was the BlueKeep virus, and the reason they requested that people update was because older versions of Windows were most at risk of the virus, seeing as they lacked the patch to counter the virus. This despite the fact that Microsoft went out of their way to create a fix for all versions of Windows, including XP and 7, both of which had reached their update life cycle. It’s likely that more incidents like this will continue to occur in the near future.
Confusion as Samsung Updates its Firmware
This report is all about a Samsung smartphone update issue, but not related to any critical vulnerability in the Note and Galaxy devices, as we’ve seen in the past. Instead, this story centers on an app which was downloaded over 10 million times, by Samsung users, designed to update the firmware of their devices, which in turn would increase the security of their devices. Samsung’s security team warned their users that the app wasn’t an officially affiliated program, and that users could end up paying money to receive updates that would otherwise be free of charge, if through official channels.
After discussions with the developers of the app, where they were made to explain the misunderstandings surrounding who the app was actually created for, and what problems it was designed to tackle, the app was eventually removed from the Google Play store. The end result was very positive, as the developers, took on board the concerns of the masses, and immediately moved to rectify any problems, whether true or not. This is a story we hope will be repeated in the future, on a continual basis.
GDPR Lawsuit against Salesforce and Oracle is Going Ahead
The data processing practices and policies belonging to two of the largest software companies, both Oracle and Salesforce will be scrutinized by the high courts of England and Wales, in one of the biggest digital privacy class action lawsuits filed, to date.
The objective of this suit, filed by Rebecca Rumbul, who is a privacy campaigner and data protection specialist, is to seek damages that are estimated to be around £10 billion, which when divided up, comes to £500 per internet user in the United Kingdom. There was/is another lawsuit, parallel to the UK one, but in the Netherlands. This one with the backing of the Dutch group, The Privacy Collective Foundation, was for damages in excess of €15 billion.
Rebecca Rumbul was fed up with these tech giants. Their behaviour, in how they acted, believing they were above the law. She wanted to take a stand against these companies in their attitude and belief that they could indiscriminately and unlawfully take peoples personal data, as and when they pleased.
The internet is here to stay, we all use it, and we must all use it, for many of our daily, weekly and monthly duties. For this reasons, big tech companies shouldn’t feel they can simply track people without their consent.