Major Cybersecurity Incidents in December 2020
As 2020 came to a close, December was quite eventful when it came to cybersecurity incidents. Hackers and bad actors didn’t hold back even in the final moments of what was a challenging year for online security professionals and digital natives. Ranging from attacks on state infrastructure to healthcare companies to cryptocurrency platforms, there have been a plethora of significant breaches and hacks. One of the most devastating among them was the FireEye attack on the back of a SolarWinds hack. Both of these are believed to be just parts of the larger “sunburst” attack on US infrastructure by nation state(s). More on these later. Here are some events that made the news this month:
1.Ledger Customer Data Dumped on Hacker Forums
Cryptocurrency hardware wallet manufacturer Ledger had suffered a data breach back in July 2020 which leaked information of millions of its customers. The breach included personally identifiable information such as full name, phone number, postal address, products purchased and email ID. The common modus operandi of such leaks involve the hacker then selling the database to interested parties. The same thing happened in this instance as well with the stolen data being sold and resold online over several months since July. However, in a final act of malice the entire database was dumped this month on an infamous hacker forum called Raidforums with the poster making it a free-for-all. All Ledger customers should practice caution and expect phishing email campaigns in the following months. The same database is possibly also being used for phishing attacks made to look like Trezor emails with the assumption that some Ledger customers also own Trezor wallets. There can be cases of scareware too such as these:
2. FireEye Hacked by Nation State
Leading global cybersecurity firm FireEye suffered an attack on its systems this month which saw a suite of security and hacking tools being stolen. It is believed that a nation-state is behind this hack going by the timing (US elections), sophistication of the operation and the target — a toolkit referred to as “Red Team tools”. This toolkit is used by the company to roleplay real world attacks on the systems of its clients in order to look for weaknesses. Experts fear that the same tools could now be used to launch actual attacks on targets. This is because the Red Team assessment tools have been purpose-built from sophisticated criminal hacking software.
FireEye has an impressive repertoire of customers ranging from government agencies to entire countries to global conglomerates like Sony, Infosys and Equifax. They have played a key role in numerous high-stakes situations to hunt for black hat hackers and plug vulnerabilities. Therefore, it is possible that this incident played out as retaliation for their activities. Investigators from Google and Microsoft said that some of the techniques seen in this hack have never been observed before. In response to the attack, FireEye has released instructions which can help detect and thwart if their stolen software is indeed used in hacking attempts.
3. IT Giant SolarWinds Breached
While investigating its own breach, FireEye found out that the attack was orchestrated through a vulnerability in an IT product of one of its vendors, SolarWinds. Further inspections led to an alarming discovery — SolarWinds had been breached long back and its services were being used to continually penetrate systems of its clients. This ran alarm bells across the world. A public statement from SolarWinds says that 18,000 of its clients have been affected by the hack. Its clientele includes 400+ Fortune 500 companies, all top telecom operators, the Big 5 accounting firms, NASA, branches of the US Military and many key departments and agencies of the US Administration. In the days following the news, Microsoft, VMware and Cisco also released statements saying that they were attacked through the SolarWinds exploit.
The attack on SolarWinds is believed to be part of a larger scheme of attack on the US government and is referred to as the Sunburst attack. As part of the attack, hackers accessed a vulnerability on a product called Orion on the SolarWinds platform and planted malware in it. All clients who updated their systems to use the modified Orion version unknowingly gave backdoor access to these threat actors. This is called a supply chain attack where a vendor is used to break into a target instead of a direct malware attack. It was subsequently discovered that the same vehicle was being used to attack US government assets like the National Nuclear Security Administration (NNSA), US Treasury, Department of Homeland Security among others. The FBI and CISA (Cybersecurity and Infrastructure Security Agency) have put out security advisories and have set up a task force to coordinate their response efforts quickly.
4. Vancouver’s TransLink Attacked by Egregor Ransomware
Early in December, Vancouver city’s metro transit system TransLink was hit by the Egregor ransomware which disrupted its passenger cards and ticketing kiosks for days. This particular ransomware is also known to latch onto printing devices to repeatedly print ransom notes without pausing. In this case too, it caught hold of nearby printers to publish ransom letters non-stop. Just like REvil as mentioned in last month’s cybersecurity incidents report, Egregor is a global ransomware-as-a-service (RaaS) operation that works with affiliates on a revenue sharing agreement. The ticketing and card systems were restored in the following days with a press release from TransLink stating that payment systems and transit routes were unaffected by the attack.
Tachyon VPN masks IP and encrypts traffic end-to-end which helps prevent social engineering attacks and can avoid targeted instances of scareware. One of the easiest ways to thwart Man-In-The-Middle (MITM) attacks like DNS spoofing, WiFi snooping and SSL hijacking is to install a VPN service. A decentralised VPN like Tachyon VPN makes your system even more robust. Distributed systems like Tachyon are difficult to take down by bad actors since nodes are anonymous and run independently. In a highly connected world with corporations hosting leaky databases, it is important to protect personal sovereignty. Tachyon VPN helps you achieve that and more.
Download Tachyon VPN from App Store:
Download Tachyon VPN from Google Play:
Download Tachyon VPN from macOS here:
https://tachyon.eco/d/Tachyon_1.7_2020-06-02_cbc39602.dmg
Download Tachyon VPN from Windows: Coming Soon
About Tachyon Protocol:
Tachyon Protocol is a decentralized internet protocol that aims to create a libre, secure and private internet for users. By implementing techniques from DHT, blockchain, UDP and encryption, Tachyon is committed to building the next generation TCP/IP that can provide a self-sufficient internet environment with high security, untraceability, availability, and maximum network speed. Tachyon brings to fruition years of experience and research by Sunny King (inventor of PoS i.e. Proof-of-Stake consensus mechanism), Peerchemist (Peercoin Project Leader and President of the Peercoin Foundation) and FinTech investor Alex Yang. Tachyon VPN currently has nearly 2.3M users and over 1.5k distributed nodes to choose from. For more information, please visit https://tachyon.eco/.
Stay Connected:
Don’t forget to follow us on these platforms and get notifications. Launch a hot discussion about Tachyon anytime anywhere.
➤ Telegram Group: https://t.me/tachyoneco
➤ Telegram Channel: https://t.me/tachyonprotocol
➤ Twitter:https://twitter.com/tachyon_eco
➤ Medium:https://medium.com/tachyon-protocol
➤ LinkedIn: https://www.linkedin.com/company/tachyon-protocol
➤ KaKao: https://open.kakao.com/o/gRTetMzb
➤ Reddit: https://www.reddit.com/r/TachyonIPX/
➤Youtube:https://www.youtube.com/channel/UCvrANAq2HBYEPSL5nnsYQPg/
