The 5 Biggest Cyber Failures of 2021 -What could have prevented them?
With more organizations going digital and remote working becoming the new normal, cybersecurity risks have increased manifold. In 2021 alone, 5.1 billion data records were breached. Hackers all over the world are exploiting the security vulnerabilities of enterprises, keeping organizations hostage, and even leaking sensitive data into the public domain.
Here are the 5 biggest cyber failures of 2021 that shook the world:
1. Microsoft Exchange Server data breach (January 2021)
Microsoft Exchange Server’s Data breach was reported on 5th January 2021, and it was identified on 6th January 2021. The acknowledgement took an extended period, and it was finally acknowledged on 2nd March 2021. These cyberattacks and data breaches were on a global scale.
This server data breach included some key details of users, including emails and passwords. But it does not end with the data only. Hackers were also able to access connected devices.
After two months of continuous monitoring, Microsoft patched the exploit, but the damage was already done.
As we are all aware, such problems have irreversible side effects, which lead to trust issues between service providers and customers. Eventually, a new type of ransomware was deployed on 12th March 2021 to encrypt all the files.
2. Android users data leak (May 2021)
In May, Android security researchers were working on their daily routine to check for flaws in the system and found several misconfigurations in the cloud service. The misconfiguration was related to a security bug that allowed hackers to trespass into the database and steal the data of millions of users resulting in the Android data breach in May 2021.
This was not a data breach, but the small difference in configuration exposed data of more than a million users. There was a total of 23 apps that used the unprotected real-time database. Cybersecurity company Check Point found that the entire data could be accessed by anyone who had the basic knowledge. The information in the leak was sensitive and it contained data related to many things like:
- Full names
- Email addresses
- Chat messages
- Dates of birth
- Gender
- Location
- Photos
- Passwords
- Phone numbers
- Payment information
- Push notifications
Having access to such sensitive information related to payments and passwords meant making way for huge financial losses for customers.
3. Volkswagen, Audi data breach (May 2021)
Although they are automobile companies, Volkswagen and Audi gather and process a lot of sensitive customer data. Millions of Audi and Volkswagen customer data were stolen, and the breach was identified and patched in May 2021.
Hackers stole data of around 3.3 million users including first and last name, email address, business mailing address, and phone numbers.
4. LinkedIn (June 2021)
LinkedIn has more than 800 million users now. However, 2021 was not a good year for the company.
Over 700 million records of LinkedIn users were compromised in June 2021, and this is one of the largest data breaches LinkedIn faced. This huge data breach provided hackers with access to more than 93% of their user information. Hackers posted samples and shared details to sell the data. However, this data did not have any login credentials or financial information. Nevertheless, such a massive data breach left millions of users worried.
The information included full names, physical addresses, phone numbers, email addresses, LinkedIn usernames, geolocation records, experiences, and backgrounds, connected social media accounts usernames and genders.
5. Facebook Outage (October 2021)
Facebook is probably the easiest one to remember even for a person who does not know much about cyber failures. According to experts the Facebook outage resulted in a $6 billion loss. With the massive infrastructure and backup that a company like Facebook has, this outage was unforeseen.
The Facebook outage took place due to several errors during the maintenance of the Facebook Network. All the Facebook data centers are connected around the globe with a configuration that if one system fails, then the other system can still handle the load. However, due to the disconnection of a system from the chain, all the data centers of Facebook went down.
The incident impacted Facebook’s Instagram and WhatsApp, too. This outage made headlines globally and the services were down for more than 12 hours.
Log4j Vulnerability
Although not a breach or outage, Log4j was a vulnerability identified towards the end of 2021.
The Log4j vulnerability enables hackers to remotely execute code on target machines or networks. It is an open-source Java-based logging library for Java. The publicly accessible software is leveraged to record error messages on the server.
The Log4j vulnerability allows hackers to easily control the system or steal data by Remote Code Execution (RCE). Enterprises having proprietary applications use the Log4j library and are vulnerable to greater security risks.
Read more about Log4j vulnerability in this blog.
How rigorous cybersecurity testing could have helped the above incidents?
Cybersecurity is a business-critical component of any global business. A successful cybersecurity strategy should support businesses by identifying vulnerabilities and finding remedies to ensure prevention against any such circumstances before they appear.
To deliver secure applications and keep the organization immune from digital frauds, cybersecurity testing is crucial. Organizations need to understand the effectiveness of the security stack for more capable cyber defense. It can be achieved by validating security controls through emulation of real attacks.
To conclude…
Data breaches are common, but preventable with measured cautiousness and the rising numbers of breaches and outages are alarming. Organizations need to leverage robust cybersecurity testing to mitigate risks and safeguard user data.
Qualitest’s shift-left application security approach introduces security into all phases of the software development lifecycle. We can help you identify vulnerabilities at an early stage and decrease cyberattack risks efficiently.
