The world is more connected than ever before, but with this comes more opportunities for cybercriminals to take advantage of vulnerabilities. Cybersecurity plays an essential role in protecting our privacy, rights and digital freedom. Get a glimpse of what cybersecurity threats 2020 may have in store by reviewing the 10 worst hacks, cyberattacks, and data breaches that occurred in 2019.
- Container threats
A container image is a self-contained piece of software that has code, tools, and resources in it needed to run independently. Containers or self-contained applications allow businesses to install microservices and applications at an incredible rate and scale, but there were significant security issues within container images in 2019. Although they are driving evolution in the management of network applications, they are vulnerable. The initial entry point of container images needs serious screening and security. Companies are advised to use only official images or build their own.
- The rise of Kubernetes tools
Kubernetes (or k8s) is an open-source container orchestration system for automating deployment, scaling and management of application containers. Kubernetes tools will increasingly be adopted in 2020 and will be the target of more attacks. “It’s like a nefarious version supply and demand; the greater the supply of Kubernetes clusters running in production, the greater “demand” there will be among bad actors trying to find security holes” (Kevin Casey: 2019).
- Continued threat of Android malware
The global Android market share rose to 87% in 2019 (IDC) with over 2.5 billion active Android devices making them targets for attacks. Google announced that it is exploring a more secure platform by moving toward the Linux mainline kernel after attacks like xHelper and Joker, and adware attacks were found in Google Play Store apps.
- Capital One breach
Former Amazon software engineer Paige Thompson is accused of breaching the server of a third-party cloud company used by Capital One bank, and was indicted for stealing over 106 million records – making it one of the biggest breaches in history. Thompson allegedly built a custom scanning tool that searched the web for cloud servers that were misconfigured allowing outsiders to access username and password credentials, or mine for cryptocurrency.
- Evite breach
In 2019, online invitations company Evite indicated that hackers had accessed an inactive data storage file. Data from 10 million Evite accounts were put up for sale on the dark web. Experts warn that data in obsolete systems may not be of much value to a business, but may earn bitcoin on the dark web. Information stolen included names, usernames, email addresses, passwords, birthdates, phone numbers, and mailing addresses.
- DoorDash breach
DoorDash, a San Francisco-based on-demand prepared food delivery service announced in 2019 that 4.9 million “consumers, Dashers, and merchants”, who signed up on or before 5 April 2018 fell victim to a breach. Names, email addresses, delivery addresses, order histories, phone numbers, and hashed, salted passwords all may have been accessed. The last four digits of bank account numbers belonging to some their restaurant clients and delivery drivers were also taken, along with the driver’s license numbers of 100,000 delivery staff.
- American Medical Collection Agency breach
The medical debt collector American Medical Collection Agency (AMCA) filed for bankruptcy after a devastating data breach from August 1, 2018 to March 30, 2019. At least 20 million US citizens were affected by the security incident during which user data including names, Social Security numbers, addresses, dates of birth, and payment card information were accessed. The stolen data was put up for sale on underground web forums.
- Georgia Tech breach
The Georgia Institute of Technology reported a data breach potentially exposing information belonging to 1.3 million employees and students due to a web application vulnerable to outside entry. An attacker accessed a central database that contained Social Security numbers, names, addresses, and birthdates of current/former students, faculty, and staff.
- In-auto mobile phone use detection
Two UK police forces launched technology that detects GSM signals across 2/3/4G networks, thus, indicating if drivers are using their mobile devices when driving. However, it is currently only being used as a warning system since it cannot detect whether it is the driver or a passenger using a mobile device. Hackers may use the technology to breach mobile phone data to identify users and their locales. It may also be used for citizen surveillance, impinging on users’ right to privacy.
- Juice jacking
Juice jacking involves a type of cyberattack when travellers charge their mobile devices via public charging stations in airports and hotels. The attack uses a charging port or infected cable to extract data from the connected device or upload malware onto it. However, no confirmed incidents of juice jacking have been reported and the possibility remains hypothetical, yet it illustrates that no device is truly secure.
Let us help guide you into which Home Fibre line you should be using!