Article

The Craziest Cybersecurity Stories of 2020

December 18, 2020

Heaven help us – with that title, we hardly know where to start.

OK, we’ll just quote a headline from Vice: “New Yorker Suspends Jeffrey Toobin for Masturbating on Zoom Call.” You can’t make it up, right? Somehow a highly respected New Yorker reporter, during a call between several New Yorker reporters and a radio station, didn’t realize his video was on while he was touching himself.

He was not alone in Zoom stupidity. A Florida court was zoom-bombed in August by pornography when someone changed the secure Zoom defaults and allowed screen sharing, allowed participants to unmute themselves and completed the fiasco by posting the hearing link publicly at the Florida state attorney’s office website complete with time and ID number. That’s a trifecta of stupidity. So the court hearing for 17-year-old Graham Clark of Tampa, Florida (the alleged mastermind of the July 15 hack against Twitter which resulted in a bitcoin scam after the accounts of high-profile Twitter users were compromised) was terminated swiftly after someone injected a pornographic video clip into the proceeding.

No matter how well Zoom secures its platform, if you mess with the secure default settings, you are setting yourself up for disaster.

A law firm in Oklahoma learned the same lesson in May 2020. On August 14, Oklahoma’s NBC 4 reported that an Oklahoma City law firm (not named) set up a Q&A session in May which was open to the public.

Someone named “Christine” joined the meeting and began showing a graphic video of a man sexually assaulting a child. Not something a law firm needs.

The meeting was brought to a quick close, followed by an investigation by both the Oklahoma City police and Zoom. User error again.

While we could recount Zoom stories forever, the BIG story of the year for the legal world was ransomware. Law firms, bar associations, and all manner of other organizations were hard hit as ransomware surged by 715% in the first half of 2020. 27% of victims are now paying the ransoms, especially when the cybercriminals have stolen law firm data before they encrypted it. This gives the option, if you can restore your data from your own good backups, for them to demand a ransom for destroying your data rather than publishing it.

The authors had all but begged our clients to allow us to put endpoint protection on their networks. But three law firm clients did not and were subsequently struck by ransomware. To the credit of all three, these clients were quick to blame themselves for not listening to our entreaties. Happily, they all had backup protection solutions and we they were up and running in less than a day without having to pay the ransom. They all signed up for endpoint protection subsequently. A hard-earned lesson.

Read the entire article here.