Recent Security Breaches from 2020 to 2022: List, Consequences, and Solutions, Essays (high school) of History

A list of major security breaches from 2020 to 2022, discussing their consequences and suggesting solutions for organizations to prevent similar incidents. Breaches involved microsoft, zoom, facebook, and others, resulting in financial loss, reputational damage, operational downtime, legal action, and loss of sensitive data.

Typology: Essays (high school)

2010/2011

Uploaded on 10/03/2022

Papayayax
Papayayax 🇻🇳

4.8

(13)

144 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Ex 1:
What are the recent 2020 ->2022 security breach? List and give examples with dates
Discuss the consequences of this breach?
Suggest solutions to organizations
Ex 2: Identify types of security threat to organizations and list of security procedures
Ex1
What are the recent 2020 ->2022 security breach? List and give examples with dates
2020
Microsoft
January 22, 2020: A customer support database holding over 280 million Microsoft customer records was
left unprotected on the web. Microsoft’s exposed database disclosed email addresses, IP addresses, and
support case details. Microsoft says the database did not include any other personal information.
Zoom
April 14, 2020: The credentials of over 500,000 Zoom teleconferencing accounts were found for sale on the
dark web and hacker forums for as little as $.02. Email addresses, passwords, personal meeting URLs and
host keys are said to be collected through a credential stuffing attack.
Facebook
April 21, 2020: More than 267 million Facebook profiles have been listed for sale on the Dark Web – all for
$600. Reports link these profiles back to the data leak discovered in December, with additional PII attached,
including email addresses. Researchers are still uncertain how this data was exposed, but have noted that
16.8 million of the Facebook profiles now include more data than originally exposed.
https://www.identityforce.com/blog/2020-data-breaches
2021
Microsoft Software Caused Data Breach
March, 2021: The Chinese hacking group known as Hafnium attacked Microsoft in March of 2021. The
attack affected over 30,000 organizations across the United States, including local governments,
government agencies, and businesses.
While the attack wasn’t directed specifically at Microsoft, the group “primarily targets entities in the United
States for the purpose of exfiltrating information from a number of industry sectors,” according to
Microsoft’s notification to customers.
pf3
pf4

Partial preview of the text

Download Recent Security Breaches from 2020 to 2022: List, Consequences, and Solutions and more Essays (high school) History in PDF only on Docsity!

Ex 1: What are the recent 2020 ->2022 security breach? List and give examples with dates Discuss the consequences of this breach? Suggest solutions to organizations Ex 2: Identify types of security threat to organizations and list of security procedures Ex What are the recent 2020 ->2022 security breach? List and give examples with dates 2020 Microsoft January 22, 2020 : A customer support database holding over 280 million Microsoft customer records was left unprotected on the web. Microsoft’s exposed database disclosed email addresses, IP addresses, and support case details. Microsoft says the database did not include any other personal information. Zoom April 14, 2020 : The credentials of over 500,000 Zoom teleconferencing accounts were found for sale on the dark web and hacker forums for as little as $.02. Email addresses, passwords, personal meeting URLs and host keys are said to be collected through a credential stuffing attack. Facebook April 21, 2020 : More than 267 million Facebook profiles have been listed for sale on the Dark Web – all for $600. Reports link these profiles back to the data leak discovered in December, with additional PII attached, including email addresses. Researchers are still uncertain how this data was exposed, but have noted that 16.8 million of the Facebook profiles now include more data than originally exposed. https://www.identityforce.com/blog/2020-data-breaches 2021 Microsoft Software Caused Data Breach March, 2021: The Chinese hacking group known as Hafnium attacked Microsoft in March of 2021. The attack affected over 30,000 organizations across the United States, including local governments, government agencies, and businesses. While the attack wasn’t directed specifically at Microsoft, the group “primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors,” according to Microsoft’s notification to customers.

Facebook Data Breach April, 2021: A Facebook data breach exposed over 533 million individuals’ personal information to hackers. This included the user’s name, date of birth, current city, and posts made on their wall. The vulnerability was discovered in 2021 by a white hat security group and has existed since 2019. Kaseya Ransomware attack July, 2021 : unknown assailants infiltrated Kaseya’s network and deployed ransomware to at least three managed service providers (MSPs) – with the potential for the attack to have impacted many more. The ransomware encrypted files on affected systems, preventing users from accessing them. https://jumpcloud.com/blog/top-5-security-breaches-of- 2022 Microsoft March 20th 2022 : the firm was targeted by a hacking collective called Lapsus$(opens in new tab). The group posted a screenshot on Telegram (opens in new tab) to indicate that they’d managed to hack Microsoft and, in the process, they’d compromised Cortana, Bing (opens in new tab), and several other products. News Corp February 2022 : News Corp admitted server breaches way back in February 2020. News Corp uncovered evidence that emails were stolen from its journalists. The thieves have not been identified, but News Corp has mooted that espionage is at the root of this attack https://www.techradar.com/features/top-data-breaches-and-cyber-attacks-of- Discuss the consequences of this breach?

1. Financial Loss The financial impact of a data breach is undoubtedly one of the most immediate and hard-hitting consequences that organisations will have to deal with. Costs can include compensating affected customers, setting up incident response efforts, investigating the breach, investment into new security measures, legal fees, not to mention the eye-watering regulatory penalties that can be imposed for non-compliance with the GDPR (General Data Protection Regulation). 2. Reputational Damage The reputational damage resulting from a data breach can be devastating for a business. Research has shown that up to a third of customers in retail, finance and healthcare will stop doing business with organisations that have been breached. Reputational damage is long-lasting and will also impact an organisation’s ability to attract new customers, future investment and new employees to the company

Keeping software patched and updated will close off hacker backdoors into your system as well as reduce the chances of a zero-day attack. While you’re at it, automate and schedule patching and updates so that there isn’t a window of opportunity for hackers to exploit your system when vulnerabilities are identified.

4. Foster End-User Awareness Your team needs to be aware of the risks and importance of cybersecurity to keep your business safe. They also need to be mindful of the various ways hackers can try to gain access to your systems so they can be on the lookout for any suspicious activity, particularly phishing. You can hold training sessions or send out periodic emails with updates on the latest threats. 5. Implement a Zero Trust Architecture In the future we are rapidly moving toward, the concept of “trust nothing, verify everything” will be vital in preventing cyberattacks from spreading quickly throughout an organization. A Zero Trust security strategy operates on the assumption that everything is a potential threat, and therefore everything must be comprehensively verified. Today’s decentralized IT networks, widespread remote work, and bring your own device (BYOD) policy adoption all point to Zero Trust architecture as the way forward for securing company resources effectively. https://jumpcloud.com/blog/top-5-security-breaches-of-