The review of the year can lead us to a lot of important lessons that can be helpful to prepare for the upcoming year's security challenges.
There were many massive data breaches happening in 2019 indicating the raising risks driven by technology shift to Cloud service and network ownerships politics between nations.
We conducted a list of 10 memorable security events of 2019 that reflects the fundamental technology movements.
- 1 Over 540 Million Facebook Users' Dataset Discovered on Amazon S3 Bucket Configured Publically Downloadable
- 2 Huawei Products and their 5G Networks Banned by U.S. Commerce Department due to Potential National Security Threat
- 3 Advanced SMS Phishing Increases Security Risks Toward Android Users
- 4 730% Increase in Emotet Banking Trojan Activity
- 5 Chineses Organizations Secretly Dominates Top VPN Services Worldwide
- 6 4 Billion Accounts Exposed - One of the Largest Data Leak in History from a Single Organization Source
- 7 Over 6TB of Data Breached from Citrix by Hacker, Advised by FBI
- 8 Amazon Employee Steals 106 Million Profiles from Capital One
- 9 Phishing Attack is the cause of 32% Data Breaches
- 10 Seven & I Holdings Scraps their Smartphone Payment Service after ¥38.6 Million Hack
Over 540 Million Facebook Users' Dataset Discovered on Amazon S3 Bucket Configured Publically Downloadable
One of the largest security breaches of the year occurred on Facebook where more than half of billion users' datasets were insecurely stored on Amazon Web Service exposed to the public.
The incident was discovered and announced by Cyber Risk, the UpGround cybersecurity research team. Two exposed Facebook datasets belong to Cultura Colectiva and At the Pool which are Facebook integrated applications developed by third-party.
The biggest concern of this story is, any sort of action to stop the data exposure took over two months after the team notified both Cultura Colectiva and Amazon.
Huawei Products and their 5G Networks Banned by U.S. Commerce Department due to Potential National Security Threat
Huawei, a Chinese multinational technology company, has been developing its next-generation mobile network foundations around the world while the U.S. government decided to be against the movement.
Among the 58 countries that made the decision, the U.S. is one of four countries that decided to ban Huawei's 5G network integration. The U.S. also listed Huawei on a national trade blacklist to restrict the nation's supply chains from selling or purchasing their technology products, including smartphones and network equipment, to prevent potential security threats.
The biggest challenge that Huawei is facing by being banned is the disconnection from Google which involves fundamental usage of the Android license and Google Play market. A possible solution is to develop an alternative OS and application market place from the ground up using the basic opensource Android, yet a further struggle is expected as many Android applications heavily rely on numbers of Google services.
Advanced SMS Phishing Increases Security Risks Toward Android Users
This type of hacking attack relies on the over-the-air (OTA) provisioning system which is originally designed for a network operator to remotely update mobile device settings. Users under attack get prompted with a fake login page, and submitting their credentials will result in providing access permissions to the hacker.
One common characteristic that can be used to identify phishing is that hackers use falsely crafted SMS messages to attempt gaining the device's remote control permission. Therefore the proper way to prevent such attacks is by being alerted to any unfamiliar text messages and installation requests on your mobile device.
730% Increase in Emotet Banking Trojan Activity
Return of improved Emotet, a Trojan created to steal financial data from banking machines, was detected with stronger tactics ever causing critical data breaches to several enterprise corporations.
The latest Emotet is loaded with new features such as TrickBot and Ryuk capable to send out malicious emails that will infect other workspace devices connected through the corporate network system. Emotet spam emails are delivered with organization related requests, invoice details, and order confirmations which makes it difficult for the employees to distinguish from normal emails.
Researchers noticed that Emotet tends to follow a certain pattern, starts with a period of hibernation while receiving new features and malware updates leading to a spike of activity. This indicates there is a massive amount of Emotet laying dormant waiting for the right moment to make its moves. Constant security patch updates and system observation toward malicious activities are suggested.
Chineses Organizations Secretly Dominates Top VPN Services Worldwide
Research conducted by VPNPro shows nearly 30% of Virtual Private Network (VPN) is hiddenly owned by six Chinese organizations, causing ambiguity in the usage of VPN.
The fact that many VPN services have been hiding their parent company has led the VPNPro team to perform an in-depth investigation of VPN stream ownership. Evidence shows China owns 29 providers among the top 97 VPN services.
Despite the common network privacy provided by VPN, the data content can still be legally extracted by the providers as well as the government that manages the business. This means China and other countries that owns the VPN service are free to identify personal and governmental network activities worldwide through analyzing their streams.
We must understand network security requires attention to not only the usage of VPN but also the selection of VPN providers to make sure our internet activities are not tracked.
4 Billion Accounts Exposed - One of the Largest Data Leak in History from a Single Organization Source
A massive data leak was discovered exposing over 4 billion accounts associated with 1.2 billion unique persons' profiles on the public internet. Exposed data are insecurely hosted on Google Cloud allowing any internet users to download without password or authentication. Profile information contained in the data includes name, email, home address, and phone numbers. Furthermore, contents were associated with social media accounts such as LinkedIn, Facebook, Twitter, and GitHub URLs.
The research team announced that data was organized using Elasticsearch indexes with a label named PDL and OXY. The label indicates that data potential originated from two companies, People Data Labs and OxyData.IO, both specialize in data enrichment and aggregation services. However, the root cause of the data exposure and the owner of discovered Google Cloud server is yet unclear.
Further investigation is needed to analyze if these data were exposed due to server storage misconfiguration or they were stolen and hosted by a forensic reason. Cloud privacy regulations are preventing the reveal and only a legal process can uncover such mystery.
Over 6TB of Data Breached from Citrix by Hacker, Advised by FBI
Citrix, a cloud computing company, has announced that they were attacked by international hackers causing estimation of 6TB to 10TB data breach. The incident was revealed after the FBI informed the company about the trace of unauthorized access.
The announcement informs that two attacks were focused on stealing highly confidential data related to the FBI, aerospace industry, NASA, and oil company owned by Saudi Arabia. President of Citrix says found evidence describes the malware was placed into their network since 10 years ago kept silence until this hack was triggered.
Amazon Employee Steals 106 Million Profiles from Capital One
A former Amazon employee was arrested by the FBI for stealing 30GB of Capital One data through storage hosted on a cloud service. The activity was potentially conducted between 2015 and 2016 while the assailant worked as a System Engineer and access to client system configuration was available.
The incident impacted over 106 million Capital One customers; about 80,000 bank accounts and 140,000 Social Security numbers were included in the breached data. The further concern lies in the security aspect of modern public cloud service as the client's most sensitive data are exposed to the cloud provider's internal employer, especially those people with the intention to misuse.
Phishing Attack is the cause of 32% Data Breaches
The 2019 Data Breach Investigations Report conducted by Verison identifies that phishing attacks are the cause of 32% of confirmed data breaches. As mentioned earlier, the advancement of phishing techniques shoots up during 2019 leading to allow hackers to steal data using a variety of ways.
The report also indicates that 30% of phishing messages succeed to be opened by the target users. This overall means, the majority of a data breach are caused by targeted users
Notes to Protect against modern phishing activities:
- SMiShing: Phishing through SMS. Targets Android-based mobile devices by sending malicious SMS to tempt users to allow remote control access.
- Vishing: Short for Voice Phishing, sends voice instruction to mobile device owners to install unauthorized applications.
- Private information that phishing tends to target is account usernames, passwords, credit card details, and Social Security number.
Seven & I Holdings Scraps their Smartphone Payment Service after ¥38.6 Million Hack
Seven & I Holding Corporation announced the discovered a hacking activity to their smartphone payment service, 7pay, causing ¥38.6 million worth of damage in total. The company immediately applied a password reset to all of their 16.5 million accounts for extra security measures and inform users to register a new password.
However, two days later, Seven & I Holdings decided to end their hacked mobile payment service to minimize the negative impact caused by the attack. A further announcement informed the clients that new service will be developed using an improved security system, aiming to regain clients' future trust.