A pandemic-focused calendar year produced the situations of 2020 unparalleled in several means, and the cyber assaults were being no distinctive.
As the world transitioned to virtual everything — get the job done, college, conferences and family gatherings — attackers took notice. Attackers embraced new approaches and a hurried swap to remote access amplified cyberthreats across the board. For instance, K-twelve universities took a brunt of the strike, and new lows were being arrived at like the exfiltration of pupil details. The list of major cyber assaults from 2020 consist of ransomware, phishing, details leaks, breaches and a devastating supply chain attack with a scope like no other. The pretty much-dominated calendar year raised new issues close to security postures and practices, which will go on into 2021.
Even though there were being too many incidents to select from, here is a list of 10 of the biggest cyber assaults of 2020, in chronological get.
- Toll Team
Toll Team tops the list for the year’s worst cyber assaults simply because it was strike by ransomware twice in a few months. Even so, a spokesperson for Toll Team informed SearchSecurity the two incidents were being not linked and were being “centered on distinctive sorts of ransomware.” On Feb. three the Australia-centered logistics organization announced on Twitter that it experienced experienced a cyber attack. “As a precautionary measure, Toll has produced the decision to shut down a number of programs in reaction to a cyber security incident. A number of Toll consumer-dealing with applications are impacted as a result. Our speedy priority is to resume companies to consumers as before long as feasible,” Toll Team wrote on Twitter. The most latest attack transpired in May perhaps and concerned a comparatively new ransomware variant: Nefilim.
- Marriott Worldwide
For the 2nd time in two many years, the common lodge chain experienced a details breach. On March 31, Marriott introduced a statement disclosing the information and facts of 5.2 million attendees was accessed working with the login credentials of two staff members at a franchise house. In accordance to the notice, the breach influenced an application utilized by Marriott to deliver visitor companies. “We believe this activity began in mid-January 2020,” the statement explained. “On discovery, we confirmed that the login credentials were being disabled, right away commenced an investigation, executed heightened monitoring, and arranged methods to tell and assist attendees.” Even though the investigation is ongoing, Marriott explained it has no explanation to believe that the information and facts integrated the Marriott Bonvoy account passwords or PINs, payment card information and facts, passport information and facts, nationwide IDs, or driver’s license figures. Even so, compromised information and facts may perhaps have concerned speak to aspects and information and facts relating to consumer loyalty accounts, but not passwords.
On May perhaps twelve, the health care insurance policy big issued a letter to victims stating it experienced experienced a ransomware attack. Danger actors experienced properly exfiltrated logins, particular information and facts and tax information and facts. The scope of the attack integrated 8 Magellan Health and fitness entities and about 365,000 individuals may perhaps have been impacted. “On April 11, 2020, Magellan identified it was focused by a ransomware attack. The unauthorized actor received access to Magellan’s programs immediately after sending a phishing electronic mail on April 6 that impersonated a Magellan customer,” the letter explained. The organization, which has over 10,000 staff members, explained at the time of the letter they were being not knowledgeable of any fraud or misuse of any of the particular information and facts. Phishing, a popular attack vector, intensified over the calendar year as menace actors refined their impersonation capabilities.
The common social media organization was breached in July by a few people in an embarrassing incident that noticed many substantial-profile Twitter accounts hijacked. As a result of a social engineering attack, later on confirmed by Twitter to be cellphone phishing, the attackers stole employees’ credentials and received access to the company’s inside management programs dozens of substantial-profile accounts which includes these of previous President Barack Obama, Amazon CEO Jeff Bezos, and Tesla and SpaceX CEO Elon Musk, were being hacked. The menace actors then utilized the accounts to tweet out bitcoin frauds that attained them over $one hundred,000. Two months immediately after the breach, the Department of Justice (DoJ) arraigned the a few suspects and billed seventeen-calendar year-outdated Graham Ivan Clark as an grownup for the attack he allegedly “masterminded,” in accordance to authorities.
The navigation tech supplier experienced a cyber attack that encrypted some of its programs and pressured companies offline. Nevertheless Garmin initially noted it as an outage, the organization disclosed on July 27 that it was the victim of a cyber attack which resulted in the disruption of “site capabilities, consumer help, consumer-dealing with applications, and organization communications.” The press launch also said there was no sign that any consumer details was accessed, dropped or stolen. Speculation rose that the incident was a ransomware attack, even though Garmin hardly ever confirmed. In addition, many media outlets noted that they gave in to the attackers’ needs, and a ransom experienced been compensated. Some news outlets noted it as substantial as $10 million.
- Clark County University District
The attack on the Clark County University District (CCSD) in Nevada disclosed a new security threat: the exposure of pupil details. CCSD disclosed it was strike by a ransomware attack on Aug. 27 which may perhaps have resulted in the theft of pupil details. Following the district declined to fork out the ransom, an update was posted indicating it was knowledgeable of media stories professing pupil details experienced been exposed on the internet as retribution. Even though it truly is unclear what information and facts was, the menace of exposing stolen pupil details was a new small for menace actors and represented a change to identity theft in assaults on universities.
- Software program AG
The German software package big was the victim of a double extortion attack that began on Oct. three, which resulted in a pressured shutdown of inside programs and finally a major details leak. Documents were being encrypted and stolen by operators guiding the Clop ransomware. In accordance to various news outlets, a $20 million ransom was demanded, which Software program AG declined to fork out. As a result, the ransomware gang followed by way of with its assure and posted confidential details on a details leak web page which includes employees’ passport aspects, inside emails and fiscal information and facts. Operators guiding the Clop ransomware were not the only group utilizing a double extortion attack. The name-and-shame tactic grew to become progressively popular throughout 2020 and is now the normal exercise for many ransomware gangs.
- Vastaamo Psychotherapy Centre
The greatest private psychotherapy supplier in Finland confirmed it experienced develop into the victim of a details breach on Oct 21, wherever menace actors stole confidential client information. The attack set a new precedent alternatively than building needs of the organization, individuals were being blackmailed specifically. As of very last thirty day period, 25,000 prison stories experienced been submitted to Finland law enforcement. In addition, the government’s overall reaction to the incident was sizeable, both equally in urgency and sensitivity. Finland’s interior minister named an unexpected emergency conference with key cabinet associates and provided unexpected emergency counseling companies to prospective victims of the extortion scheme.
- FireEye and SolarWinds supply chain attack victims
FireEye set off a chain of situations on Dec. 8th when it disclosed that suspected nation-state hackers experienced breached the security vendor and received FireEye’s crimson staff resources. On Dec. 13, the organization disclosed that the nation-state attack was the result of a massive supply chain attack on SolarWinds. FireEye dubbed the backdoor campaign “UNC2452” and explained it authorized menace actors to obtain access to several govt and enterprise networks across the world. In accordance to a joint statement Dec. seventeen by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Safety Agency and the Business of the Director of Nationwide Intelligence, the assaults are ongoing. Moreover, the statement disclosed that the supply chain attack influenced extra than just the Orion system. CISA explained it has “evidence that the Orion supply chain compromise is not the only preliminary an infection vector leveraged by the APT actor.” Considering the fact that the statement, major tech corporations this sort of as Intel, Nvidia and Cisco disclosed they experienced been given the malicious SolarWinds updates, while the corporations explained they’ve uncovered no evidence that menace actors exploited the backdoors and breached their networks. Even so, Microsoft disclosed on Dec. 31 that menace actors infiltrated its community and seen — but did not alter or get — the company’s source code. Microsoft also explained there is no evidence the breach influenced consumer details or the company’s products and companies.
The scope of the attack, the sophistication of the menace actors and the substantial-profile victims influenced make this not only the biggest attack of 2020, but perhaps of the 10 years. The incident also highlights the potential risks of supply chain assaults and provides into issue the security posture of this sort of a big organization. Danger actors, who experienced performed reconnaissance due to the fact March, planted a backdoor in SolarWinds’ Orion system, which was activated when consumers updated the software package. SolarWinds issued a security advisory about the backdoor which the vendor explained influenced Orion System versions 2019.four HF5 by way of 2020.2.1, which were being introduced among March 2020 and June 2020. “We have been suggested this attack was possible executed by an outside the house nation-state and meant to be a narrow, extremely focused and manually executed attack, as opposed to a wide, technique-broad attack,” the organization explained. In the a few-week-extended investigation due to the fact, the whole breadth of the attack has grown immensely, but is nonetheless not nonetheless totally understood.