The Great Security Incidents of 2019 and What Connects Them

Mailspike By Mailspike • December 13, 2019

As has been the case with many years in the past decade or so, a lot of major security incidents dominated the news in 2019. 

In this article, we wanted to cover and discuss what connects them, so you'll know what you need to do to stay protected from similar cyber threats that can cost your business millions.

As has been the case with many years in the past decade or so, a lot of major security incidents dominated the news in 2019. 

In this article, we wanted to cover and discuss what connects them, so you'll know what you need to do to stay protected from similar cyber threats that can cost your business millions.

 

The Biggest Security Incidents in 2019 (So Far)

There's still a little time left in 2019 for another major attack to occur (we hope it won't), but the ones that have happened are the following:

  • The attack on Dunkin’ Donuts

In January, the famous American donut chain Dunkin’ Donuts suffered a cyber attack. It resulted in user credentials being leaked to other sites, which were then used to access Dunkin' Donuts perks rewards accounts. 

No personal information was stolen, only the credentials that allow access to these reward accounts. They subsequently sold most of these accounts on the Dark Web. 

  • Two attacks on the car giant Toyota

In February and March, two breaches occurred at Toyota. They haven’t been entirely forthcoming with what happened, but it seems that both were highly targeted data breaches. 

Whatever happened, Toyota has reaffirmed its customers that no personal customer information was stolen. 

  • The major breach of Citrix

In March, the FBI contacted Ciprix to inform them that international cybercriminals have likely breached their systems. Later on, Citrix, the multinational software conglomerate, determined that a breach did occur. It was discovered that the breach happened in December 2018, and subsequently, some six terabytes of data, including emails, were stolen. 

  • The breach of Indian IT outsourcing firm Wipro

For those who are not aware, Wipro is a major multinational corporation with revenues of around $8.5 billion and more than 170,000 employees across the globe. 

In April, they confirmed that they experienced a significant phishing attack. It was a multi-month intrusion that ended up using Wipro’s systems to attack several of Wipro’s own clients. 

Outside of these four, there were several other significant attacks as well, like the ones on Evite (10 million accounts affected), American Medical Collection Agency (200,000 patients affected), Capital One (names, addresses, credit scores, dates of birth, bank account numbers, and Social Security numbers stolen), and more. 

The Connection Between These Attacks and What Can Be Done to Prevent Similar Attacks

One crucial factor is the connection between most of these attacks – email. Hackers used email-based attacks like phishing and Business Email Compromise to either gain access to these companies' systems, or to trick their employees and executives into providing them what they need. 

The problem here is born out of the lack of a sound email protection system. Many companies omit the necessity of protecting the emails of the business and its employees. However, such protection is more than necessary, as it can help companies stay ahead of advanced email-attacks that can lead to the attacks and breaches we previously covered. 

It's thus vital for your company to put a robust, dedicated email security system on its Christmas list for 2019.

 

AnubisNetworks

 

Author: Mailspike

The Anubis Labs team is tasked with the ongoing effort to discovery new threats, track and collect intelligence about malware and botnets and figure out the best approach to let our customers have a good insight on their threat landscape.