12 Big Cyber Incidents of 2020
It’s no secret that 2020 has brought more than its fair share of troubling events. From the offset, the first half of the year saw a 35% increase in cyberattack volume, compared to the final half of 2019. So far this year, 80% more organisations have reported an increase in cyberattack – not surprising considering the declaration of the COVID-19 virus as a pandemic, meaning that 88% of businesses across the globe introduced mandatory homeworking procedures. We’ve seen some troubling statistics this year surrounding threat risk; cloud-based attacks rose 630% between January and April, and in March alone the risk surrounding ransomware attach rose by 148%.
But the most crucial part of any threat recovery is review; understanding where the ball was dropped in the first place to prevent the same vulnerabilities being exploited again. Even if your business has been fortunate enough to escape the criminals this year, the sophistication of threat is growing, and it’s important to keep understanding the landscape and learning from what has happened to others. This is why we’ve compiled our list and key details of some of the biggest cyber incidents over the course of this tumultuous year.
January
Exposure of thousands of British passports
A prime reminder to all on the importance of keeping organised in order to ensure compliancy and reduce vulnerability. It was revealed in January that the passport details of thousands of Brits, including scans, tax documents and other sensitive personal information was left unsecured in an open Amazon Web Services database. The information found unsecured in this ‘bucket’ by Rotem and Locar whilst working on a web-mapping project that was scanning for data leaks; it was dated back as far as 2011, and related primarily to a range of HR-related consultancy businesses.
In this situation, it was lucky the data was found by Rotem and Locar as a part of their experiment (and then quickly removed), as the nature and recency of the information leaked presented a golden gift basket to cybercriminals.
February
MGM Hotels data breach
It was exposed in February this year that the personal information of a staggering 10.6 million guests, including the likes of Justin Bieber and Twitter-founder Jack Dorsey, had been hacked in an attack on MGM Resorts in the summer of 2019. The data exposed included names, addresses and passport numbers, and was the result of ‘unauthorised access to a cloud server’ that contained information for previous guests. Whilst this is by no means the largest leak of data to happen to a hotel chain in recent history, the after effects to customers, brand integrity, and through fines are still being felt – and naturally not in a pleasant way alongside the devastation the pandemic has caused to the travel and tourism industry this year.
March
Phishing attack on the World Health Organisation (WHO)
The month in which coronavirus was officially declared by WHO as a global pandemic brought with it a resulting onslaught of phishing attempts from a series of ‘elite’ hackers. These perpatrators responsible are suspected to be sophisticated APT Groups, such as DarkHotel, whose intent was to steal important credentials and access WHO’s network at such a time when the organisation was significantly distracted.
Fortunately, the patterns of the attack vector were recognised and thwarted before any great damage could be done however, sadly, this scenario marked the first in a new wave of global cyberattack and industrial espionage attempts now directed at healthcare and medical organisations looking to fight and develop a vaccine for the virus.
April
Zoombombing
International borders began to close to visitors in April, also announcing the beginning of a nationwide lockdown that saw many forced to make the shift to new home working procedures, and tasked with using new methods of communication to keep in touch with colleagues, teams and loved ones across the world.
One such champion that rose to meet the global challenge was, of course, video-conferencing company Zoom. With their accelerated expansion and widespread adoption came growing pains: dubbed ‘Zoombombing’ unwanted visitors and trolls could easily hijack important meetings that had not been set-up correctly, exposing a great deal of sensitive data, intelligence, and affording the opportunity to spread hate and abuse.
It was brought to light quickly just how much of a problem this posed to the security of the public and businesses alike. Even governments did not escape risk: a U.S House Oversight Committee member briefing on women’s rights in Afghanistan was disrupted 3 times in the same meeting by uninvited guests, compromising any sensitive data shared within that session.
May
EasyJet reports the breach of 9 million customers’ data
Alas, as if this year couldn’t have been worse for travel and tourism, in May value Airline giant EasyJet admitted to being victim of a ‘highly sophisticated cyberattack’ that affected 9 million of its customers. Email addresses and travel details, alongside some instances of credit and debit card access were compromised in the hack, including CVV numbers on the back of customer credit cards.
Whilst the true source of the breach has never been announced, it was thought that the hackers’ intent was to target company IP, rather than the customer details actually stolen. Still, the event serves as an important reminder to guard all your company’s assets, because (to a hacker) any information accessible that holds financial value either on the black market or for a future campaign, will be desired and taken irrespective of original motive.
June
Honda hit by ransomware attack
In June, Japanese car-maker Honda announced that they had been victim to a cyberattack that crippled their network and affected the ability to access computer servers, exchange email and use other internal systems. The virus attack also had an impact on production systems that were outside of Japan, leading to the temporary suspension of operations in the UK, North America, Turkey and Italy.
It was suspected that Honda were prey to the ransomware Ekans (Snake ransomware) that is attacks the industrial control systems networks, encrypting data and locking employees out of the internal IT systems. It has never been confirmed the root source of hacker access, however this year there has been a noticeable trend in the delivery of ransomware via phishing campaigns to employees, under the cleverly constructed guise of a member of the company’s SLT.
Honda claimed the attack had minimal business impact, however the sheer amount of downtime across the worldwide 220,000 employees would likely have resulted in severe operational financial losses.
July
Orange announces ransomware attack
French telecommunications leader and Europe’s 4th largest telecommunications company Orange announced in July that they had been subject to a ransomware attack that exposed the records of 20 enterprise customers.
This particular breach is a prime example to show that even when a little is accessed the damage can be a lot – the researching team analysing the compromised files post attack discovered that the stolen archive included files from a French aircraft manufacturer, along with details identifying them as an Orange business customer.
Other corporate customer details were later discovered for sale on ransomware operator Nefilim’s site on the dark web. The ransom figure demanded of Orange still remains unknown in the public circle.
August
Premier League subjected to impersonation fraud
In the month of August it was revealed that a Premier League football club almost lost £1 million to cyber criminals after a hacked transfer deal. According the National Cyber Security Centre (NCSC), the email address of the club’s managing director was hacked by cybercriminals during a transfer negotiation, and it was only intervention from the club’s bank that first raised the alarm bells.
It was a rough month in terms of cyber security for the sports sector, as at a similar moment another fixture in the English football league was almost postponed due to a ransomware attack that disabled security systems, front-desk computers and blocked turnstiles.
September
First incidence of death as a result of a cyberattack
A sad month for the cyber world when the results of a cyberattack against Dusseldorf University Hospital resulted in the physical death of a woman. The hospital’s computer systems were disabled by hackers during a ransomware attack that scrambled data and made computer systems inoperable.
Devastatingly, this meant complications at the University’s hospital with the victim’s life-saving treatment, therefore requiring immediate transfer to another facility to perform the procedure that the patient did not make.
It is understood now that the hackers were not intent on attacking the hospital and were trying to target a different university – they handed over the decryption key and forfeited payment demands once they realised what had occurred.
October
Hackney Council cyberattack
Beginning in October and continuing to late November, council teams struggle to recover systems and resolve the disruption caused by a cyberattack. Owing to its recency, the attack is still subject to investigation, however is still affecting a few of the council’s key operational services, including disruption in the processing of planning applications, land searches for residents and online financial portals for service charges, rent and balance check.
Unfortunately, not a great deal more is known about the cause of the attack, however government and NCSC services are still investigating in an attempt to get operations back on track.
November
Gaming giant Capcom hit by severe ransomware attack
At the beginning of November, game-maker Capcom unveiled a security breach compromising the data of thousands of customers and employees. It is estimated that 350,000 people’s data has been subjected to hacker hands and included names, home and email addresses, shareholder numbers, photos and phone numbers. Also stolen was company IP, crucial data on sales, business partner information, and other documents.
It’s understood that Capcom were subjected to a Ragnar Locker ransomware attack and ransomed for $11m. Following the breach, the company are still trying to ascertain the overall number of potentially breached records, as during the attack they are reported to have lost important logs. A clear as day reminder to all businesses to ensure that a safe cybersecurity process is identified in the event of a live breach – read the first part of our 3 part series to learn more about this.
December
Email attack on global COVID-19 vaccine supply chain
We draw to a close around a year on from the initial reports of the coronavirus epidemic, and international giant Pfizer are the first to announce and begin the production of the COVID-19 vaccine.
Just a few days into operations and IBM cybersecurity analysts uncover an email phishing scam targeting global coronavirus supply chains. Fraudulent emails were found that impersonated business executives at a cold-chain supply company in a suspected attempt to harvest credentials and gain future unauthorised access to the networks of vaccine producers, like Pfizer and Moderna. Where there is opportunity for a cybercriminal they will go, and the situation is still yet to unfold as the vaccine is distributed; for now, more than ever, medical companies must stay on high alert as their threat risk grows.
Serbus is an industry leader for secure communications and remote device security, providing solutions to the likes of the MoD, UK Government and world class brands alike. If you are interested to learn more about how we can help protect your business devices against external threat, keeping your company IP and customer data at the highest level of security, contact us for a chat. Email us on [email protected] or call our office +44 (0)1432 870 879.