Recent Cyber Attacks in 2020

Recent Cyber Attacks in 2020

As the dust settles, the industry is uncovering even more evidence of rapid growth of cybercrime during the upheaval created by 2020’s pandemic. Cybercriminals were indiscriminate in their attacks, targeting businesses and platforms of all types.

Cybercriminals targeted the ways we connect in a pandemic

In a time when online connection became so important, opportunistic cybercriminals were quick on the uptake to attack social platforms.

Telegram

Telegram, the cross-platform messaging software service, was attacked in September 2020. In this campaign, hackers were able to access the email data of some important players in the cryptocurrency space using the Signaling System 7 (SS7) protocol, which is used for connecting mobile networks worldwide.

It’s believed they attacked this platform to access two-step authentication codes, in order to get access to cryptocurrency safely secured within digital wallets worldwide.

Zoom

A more well-known and wide-ranging incident occurred to the workhorse of the COVID era, Zoom. This high-profile attack saw hackers access approximately 500,000 Zoom user accounts, passwords, credentials, and meeting URLs.

And it wasn’t a particularly sophisticated attack, either—but it was persistent. The hackers gained access via credential stuffing, one of the most common methods of cyber attack.

Essentially a scaled-up version of trying to guess a friend’s password, hackers use the information in stolen lists of usernames, passwords, and email addresses, under the logic that people commonly reuse these credentials. A stress-testing tool then deploys multiple bots at different IP addresses using combinations of these login credentials. All details met with a positive login attempt were then collated and sold on the dark web.

Zoom has since put in place stronger security measures, but it was a big blow during the initial pivot to working from home.

Software providers weren’t immune

One big cyber attack in October 2020 saw German software vendor Software AG hit with the Clop ransomware, with a cybercrime syndicate demanding a $20 million ransom.

While service to their customers remained unchanged, this attack ended up disrupting Software AG’s internal network, and casting a pall over their security protocols.

The scope of cyber attacks in 2020 broadened significantly

The December 2020 SolarWinds breach was one of the biggest cyber attacks of 2020, both in breadth and ferocity.

In this incident, hackers took advantage of malicious code that was inserted into the SolarWinds Orion network management software, targeting the server that provided access to patches and updates for these tools.

This enabled the hackers to infect multiple clients at once—clients who were part of some of the largest organisations in the world.

The US Departments of Treasury, Commerce, Energy, and network of the National Nuclear Security Administration all were breached. Even the US Department of Homeland Security found itself under threat. Fortune 500 companies across Asia, Europe, and the UAE came under attack, with tech firms like Microsoft becoming involved in the breach.

This attack was so large, and so wide, that security experts are still unsure of the full extent and scope of this threat.

Hackers enjoyed irony, too

With patrons worldwide distancing themselves from cruise ships in 2020, cybercriminals found their opportunity to take advantage of cruise lines.

Carnival Corporation, one of the largest cruise line operators in the world, found themselves victims of a massive data breach in August 2020. Hackers breached their network and encrypted their IT infrastructure, accessing confidential customer, crew, and employee information.

While there hasn’t yet been any flow-on effects from this attack, it still demonstrates the widespread effects that cyber attacks can have on businesses.

Close to home

Australia wasn’t without its significant cyber attack incidents, either.

Toll Group, the giant logistics company, was hit with ransomware attacks not just once, but twice, the incidents occurring within three months of each other.

In February, 1,000 of Toll’s servers became infected with the MailTo( Netwalker ) ransomware variant. This effectively shut down their supply chain, interrupting deliveries and services across the country. While it was discovered that no personal details had been leaked, it still had a chokehold effect on the business.

The second ransomware attack saw them fall victim to a different ransomware strain, known as Nefilim. This attack allowed the perpetrators to access a Toll corporate server, from where they were able to steal information about commercial agreements, and staff information.

We’ll help you stay protected against cyber security threats in 2021

GPK Group provides cyber security services to Brisbane businesses, to ensure you remain safe and protected against the rising risk of cyber attack.

Get in touch with us today for a free, no-obligation IT security discussion. We’ll talk about your current systems, and discuss how our robust cyber security solutions ensure your business remains safe in 2021—and help keep you out of this list for 2022.