Do you know cybercrime may become the third-largest economy by 2021? Sadly, it is the case since the damages causing by cybercrime are reaching up to US $6 trillion by 2021, according to estimates. Along the same lines, we will discuss the top cyberattacks of 2020 that caused a buzz around cyber experts and netizens. So, let’s begin.
LIFARS offers strategic and tactical advice for increasing the security maturity level for organizations.
#1 SolarWinds Hack
This attack is probably the most significant attack of the decade. It might be due to the attack’s scope, the attackers’ cleverness, and the noteworthy victims affected.
Cyber threat actors planted a backdoor in the Orion platform of SolarWinds, initiated when users made updates in the software. It is the software that many government agencies and Fortune 500 use in managing their information technology. The backdoor influenced Orion Platform variants 2019.4 HF5 through 2020.2.1, introduced from March 2020 to June 2020. The extent of the attack has not yet been fully understood.
Similarly, the attackers involved in the SolarWinds supply chain attack figured out how to intensify access inside the internal network of Microsoft. They also accessed few interior records and used them to get to Microsoft source code arsenals.
#2 FireEye Hack
As a result of the SolarWinds hack, The FireEye hack was also one of the prominent breaches in 2020. A blog post by the company’s CEO, Kevin Mandia, revealed the attack robbed red team penetration testing tools. The activity was part of a complicated, government-upheld campaign that utilized some new and unknown techniques.
The FireEye is a company with various agreements across the national security space in the US and its partners.
#3 Ryuk Attack on UHS (Universal Health Services)
In August 2020, Ryuk attacked UHS, prompting a shutdown of their network: 250 hospitals in the United States. It was discovered after the attack that Ryuk intends to target hundreds of healthcare facilities.
Given that, security agencies FBI, CISA, and the Department of HHS advised hospitals to make a move to protect themselves from the ransomware. Further, the advisory cautioned hospitals about malware (TrickBot and BazarLoader) employed by Ryuk to convey the ransomware.
We published a Ryuk Removal Guide, as well as a case study, which you can view here.
#4 Egregor Attack on Ubisoft
In October 2020, a ransomware group known as Egregor , stole data from Ubisoft, one of the world’s largest gaming companies. They just published 20 MB of stolen data on the dark web. However, the group warned Ubisoft to release the entire source code if it would not negotiate. We published a malware analysis report of this ransomware. You can view it here.
#5 Blue Mockingbird
A Monero cryptocurrency-mining campaign also surfaced in 2020. It was driven by a group known under the code name of Blue Mockingbird .
The group usually attacks public-facing servers that run ASP.NET applications using the Telerik system for the UI segment. For instance, the US National Security Agency (NSA) recorded the Telerik UI CVE-2019-18935 vulnerability as possibly the most misused vulnerabilities. It was employed to plant web shells on servers.
Consult our Blue Mockingbird case study since we investigated the matter after companies targeted by this type of malware came to us.
#6 Marriott Data Breach
In 2020, Marriott publicly announced the breach of personal details of its guests. It affected nearly 5.2 million Marriott guests. The personally identifiable data accessed included names, phone numbers, addresses, airline loyalty information, and birth dates.
Marriott is one of the largest hotel brands. Across 134 different countries, it has nearly 7,300 hotel and resort properties. According to the company, the guest information got hacked in mid-January 2020. At a franchised property, it occurred via the login credential of employees.
#7 Sodinokibi Attack aimed at Travelex
A sophisticated ransomware attack called Sodinokibi aimed to hit a foreign exchange company name Travelex. On the eve of New Year, the attack disabled its IT systems. Later on, the company faced a ransom demand of $6 million to decrypt critical files. Travelex has operations in 70 different countries.
We also published an analysis of this ransomware that hit one of our clients. You can read it here.
#8 Credential Stuffing aimed at Zoom
Zoom, a video-telephony software, experienced dramatic growth due to COVID-19. It is because many people around the globe started working from home. On a similar note, it faced various security incidents as well.
The notable among them was its 500,000 user accounts that appeared for sale on a dark web forum. Allegedly, it was through user IDs and passwords exposed in earlier breaches that paved the way for obtaining accounts. Such an attack is well-known by the name called credential stuffing.
#9 A Social Engineering Phishing Plan directed at Magellan Health
Magellan Health faced a social engineering phishing plan in 2020. The cyberattack involved launching ransomware and exporting data that impacted 365,000 patients. It is among the largest health care data breaches that came across in 2020.
#10 Ransomware Attack aimed at Finastra
Finastra, a financial technology company, became the victim of a ransomware attack that interrupted its operations. Moreover, the attack temporarily disconnected influenced servers from the Internet. Subsequently, the company followed isolation, investigation, and containment to get the servers back online.
Finastra has nearly 8,600 customers and US $1.9 billion in revenues with a global footprint.
#11 Cyberattack aimed at Toll Group
In short, the logistics giant Toll group announced on Twitter in February 2020 that it had experienced a cyber-attack. In response, it decided to close various systems in light of the cybersecurity incident. As a result, several customer-facing apps got impacted.
#12 Cyberattack directed at Garmin
The navigation tech supplier named Garmin went through a cyberattack that made some of its systems encrypted. Not only this, but the attack forced services offline.
Initially, the company reported it as an outage. In July 2020, the company confirmed that it was the victim of a cyberattack. The attack had disrupted website functions, customer-facing applications, customer support, and company communications.
#13 Cyberattack aimed at Clark County School District (CCSD)
The news of a cyberattack on CCSD came out shocking for many since the student data was at risk this time. The CCSD confirmed in August 2020 that it was the victim of a cyberattack. The attack might have resulted in stolen student data, and the threat of revealing the pilferage student data was a new low for cybercriminals.
Remember, CCSD is the largest school district in Nevada and the fifth-largest school district in the USA. It serves over 320,000 students.
#14 Double Extortion Attack aimed at Software AG
Begun in October 2020, the German software giant Software AG experienced a double extortion attack. As a result, the attack compelled the shutdown of internal systems. In the end, a significant data leak happened—operators behind the Clop ransomware encrypted and pilferage files.
The cyberattack ended up demanding $20 million from Software AG, according to many new outlets. Nevertheless, Software AG turned down the offer to pay.
#15 Criminal Group demanded $42m from Donald Trump
Hackers who have exfiltrated data from a big entertainment law firm had threatened to publish compromising information on Donald Trump. The cybercriminal group had doubled the ransom demand to $42m, according to reports. However, the group has not offered any evidence that it has discrediting information on Mr. Trump.
To clarify, it was the same hacking group that hacked the law firm Grubman Shire Meiselas & Sacks previously.
#16 COVID Themed Attacks
In 2020, threat actors started proliferating COVID-themed phishing campaigns and online scams. They do it on the pretext of public concern about the COVID.
Bad guys leave no stone unturned to exploit vulnerabilities linked to working from home for monetary benefit. Leveraging COVID-19 related information as bait, they plant spyware, info stealers, and data harvesting malware (Remote Access Trojan). Moreover, they inject banking Trojans into corporate IT networks to take down networks, steal data, build botnets, and divert money.
In this article, we have discussed the top cyberattacks of 2020.
In fact, the digital world has become a hotbed of corruption for cybercriminals. Over the last decade, a large number of businesses have shifted to the Internet. Noticing it, hackers have rolled up their sleeves to hunt for vulnerabilities to make their way into them. Simple antivirus and firewalls are not sufficient to deal with expert criminals. Above all, a sophisticated and proactive cybersecurity strategy is the way forward.
The telling cyberattacks of the previous year
More information on the cyberattack aimed at Mr. Trump