Major Cyberattacks of 2020
Globally, cybercrime damages are expected to reach $6 trillion by 2021.
Oh, what a year it’s been. Most of 2020 was no one’s idea of a good time, but the COVID-19 pandemic gave an unprecedented avenue to a massive increase in cyberattacks in particular, all across the globe. The remarkable surge in working from home has also contributed to the rise of cyberattacks. Going into 2021, we are still only learning how to close the security gaps between the home and office networks and to minimize the theft of confidential information, phishing, cryptojacking, ransomware attacks, IoT attacks, and other data breaches that have marked 2020.
2020 Cybercrime by the Numbers
With so many people switching to working from home and remote learning during this year’s global lockdown, and so many more online transactions as deliveries increased, cybercriminals jumped at the chance to hack credit card data and target educational institutions, already taxed with infrastructure hurdles after having to switch to remote learning. Healthcare organizations weren’t spared either, as they were struggling to contain the virus and save lives.
Consider some recent stats as reported by Security Boulevard:
- 81 global firms from 81 countries reported data breaches in the first half of 2020
- 80% of firms have seen an increase in cyberattacks this year
- Coronavirus was blamed for a 238% rise in cyberattacks on banks
- Phishing attacks have seen a dramatic increase of 600% since the end of February
- Ransomware attacks rose 148% in March and the average ransomware payment rose by 33% to $111,605 as compared to Q4 2019
Here are some more disturbing stats, courtesy of Fintech News:
- Cloud-based attacks rose 630% between January and April 2020
- Apple accounted for 10% of branded phishing attempts in Q1 2020
- 394,000 unique IP addresses attacked UK firms in Q1
- Attacks targeting home workers rose fivefold in six weeks since lockdown
- 5% of coronavirus-related domains deemed suspicious
- Visits to hacker websites and forums rose 66% in March
Educational institutions were hit hard. As TechRepublic reported, the average number of weekly cyberattacks per educational facility in the U.S. rose by 30% just between July and August of 2020. The primary tactic was the distributed denial-of-service (DDoS) attack. (We’ve reported on the various cyberattacks and back-to-school hurdles back in September.)
The Most Popular Methods of Cyberattacks
The Cybersecurity Advisory and Assessment Solutions (ISACA) issued a report this November, listing the top few breaches of 2020 and detailing the most-often used tactics the hackers employ. According to ISACA’s State of Cybersecurity 2020 report, the most common cyberattack methods in 2020 are social engineering, followed by advanced persistent threat, tied by ransomware, and unpatched systems tied for the third place.
In the case of social engineering, it’s crucial to have an identity verification process and multi-factor authentication system in place. Data security failures could be prevented by implementing and following robust encryption policies.
Frank Downs, Senior Director at ISACA, writes:
“The increase of ransomware attacks in health care has been the most significant trend in cybersecurity in the past year, according to a Corvus Security Report, which found a 350 percent in ransomware attacks on health care entities in Q4 2019 vs. Q4 2018. Given that 91 percent of ransomware attacks are the result of phishing exploits, health care organizations should improve email security, including using scanning and filtering tools.”
The third runner-up, issues related to patch management, is tied to ransomware attacks. An aggressive patch management program can help mitigate or avoid those altogether.
Top 12 Cyberattacks of 2020
- Carnival Corporation. This world’s largest cruise line operator reported a data breach due to a ransomware attack that took place in August. Hackers stole confidential information of customers, employees, and crew members.
- Magellan Health. The attack on this health care company was one of the largest in 2020, when hackers used a social engineering phishing plan to export data and launch the ransomware.
- Marriott. No stranger to data breaches, Marriott had personal information of approximately 5.2 million hotel guests stolen last January via login credentials of employees.
- MGM Resorts. Personal data on more than 10.6 million guests of MGM Resorts properties was shared on a hacking forum, including names, home addresses, phone numbers, birth dates, and email addresses. Some were celebrities, plus senior executives of major companies, reporters, and FBI agents.
- Seyfarth Shaw. The Chicago-based global legal firm became a victim of a malware attack, which downed the firm’s email system completely.
- Software AG. The second-largest software vendor in Germany and the seventh-largest in Europe was hit by a ransomware attack in October, with the hackers demanding more than $20 million ransom. The company is still restoring its system and database after an unsuccessful negotiation with the attackers.
- Sopra Steria. French IT service giant Sopra Steria was attacked by ransomware in October, by a new version of the Ryuk ransomware, previously unknown to cybersecurity providers.
- Telegram. In September 2020, hackers gained access to Telegram messenger and email data of some big names in the cryptocurrency business, in the attack most likely aimed at obtaining cryptocurrency.
- The U.S. Government. Just recently, in one of the largest hacks in more than five years, email systems were breached at the Treasury and Commerce Departments. The current administration acknowledged that hackers acting on behalf of a foreign government, most likely Russia. Other key government networks were targeted, and an investigation is underway.
- Twitter. Some of the most recognized and highly regarded global Twitter handles were compromised and used to fraudulently tweet about Bitcoin. Those included Bill Gates, Elon Musk, Jeff Bezos, Warren Buffett, Kanye West, and several prominent politicians. The 45 accounts requested Bitcoin from their followers, promising double in return. Before the tweets were deleted, they generated more than $100,000 worth of Bitcoin. The attackers used a phone spear phishing method to obtain secure data.
- World Health Organization. Hackers leaked staff login credentials as part of a larger phishing campaign, during which nearly 25,000 private email addresses and passwords were leaked from WHO, the CDC, NIH, and other organizations that have banded together to contain COVID-19.
- Zoom. Due primarily to the switch to working remotely, Zoom became a household name as one of the most recognized and widely used video and audio conferencing platforms in the world. So it’s not surprising that it also became a target of security breaches. The most notable incident included approximately 500,000 user accounts being offered for sale on a dark web forum. Another unpleasant trend emerged in 2020 and became known as Zoom bombing, when the uninvited users joined meetings to disrupt or share inappropriate material. Zoom has since addressed the issues.
To learn how to increase your company’s cybersecurity and data protection, contact the experts at CyberReef today.