What a start to the new decade. The year 2020 was one best forgotten, starting with the wild Australian fires and shortly afterwards the global COVID-19 pandemic, which transformed billions of lives. 2020 also was a year full of numerous data breaches and chilling cybersecurity threats.
When looking back at the cybersecurity sector over the past 12 months, what characterizes it best was how the pandemic changed organizations’ and their employees’ working habits. While your typical worker now enjoys the simplicity and comfort of working from their couch, IT and security teams have been forced to work overtime behind the scenes to adapt.
In the past, organizations needed to secure their on-premises network and resources inside their offices and dealt with few remote workers, but now they need to make sure their workforces – most of them off-site – are connecting securely. In the meantime, hordes of endpoints suddenly accessing critical resources from beyond the traditional perimeter ramped up attacks against networks in 2020.
From ransomware attacks, supply chain attacks, data exposures, social engineering attacks to state-sponsored breaches, 2020 was a strange year for the security sector. Here is a quick look at the five biggest cyber attacks that grabbed headlines.
If your approach to fighting off network security attacks is that of a fireman battling the blaze, then the headline-grabbing SolarWinds breach represents a massive global IT inferno, where all security professionals are expected to pitch in. Due to the impact of the SolarWinds breach, former federal officials are saying that this attack was one of the biggest breaches the United States government ever experienced – the Digital Pearl Harbor.
A group of state-backed Russian hackers exploited the SolarWinds Orion monitoring software via a malware attack, which allowed the cybercriminals to move within the network and create a backdoor into the system. This attack was followed up by creating a malicious update within the SolarWinds system, providing the attacker’s full visibility and mobility within the exploited victims’ systems.
SolarWinds suggested that 18,000 of their 300,000 customers had possibly downloaded and installed the malware within their organizations. Many of SolarWind’s customers include Fortune 500 companies, the majority of US-based telcos, and different branches of the US government. On top of these global organizations, other cybersecurity vendors such as FireEye and different US and UK government branches were potentially exploited in the attack.
On July 15th, we saw one of the most high-profile breaches of the year. At least one hacker known for hijacking high-profile Twitter usernames gained access to an internal admin tool on Twitter’s network, hijacked a ton of celebrity accounts — Joe Biden, Bill Gates, and Elon Musk to name a few — and spread a cryptocurrency scam. The hacker made over $120,000 in just a few hours. But how the hacker got in and whether an employee helped remains a mystery. It is likely the hacker found their way into Twitter’s Slack account where they found a set of credentials.
Twitter announced that the hack was done through social engineering. In this type of attack, hackers tend to trick their victims into providing their login credentials for access. Some 130 accounts were affected by the breaches. Twitter later said eight users had their data downloaded — including their DMs. But the company refused to say if the hacker read anyone else’s DMs — even though they’re believed to have had access. The breach could’ve been so much worse, even having serious implications for national security, given that this is an administration that frequently uses Twitter to dictate policy. On July 31st, authorities arrested the 17-year-old hacker who was behind the hack.
In late July, the GPS and fitness wearables powerhouse Garmin were victims of a vicious ransomware attack. The attack simply encrypted Garmin’s systems and as result, their users were prevented from accessing their services. Security experts are suggesting that the Garmin Security Breach is possibly one of the biggest high-profile ransomware attacks in the past century.
Hackers targeted Garmin with a ransomware attack that encrypted the company’s internal systems and shut down critical services like Garmin Connect, flyGarmin, Strava, and inReach. The attack was first detected when an employee’s information was being shared, some information included personal photos and encrypted workstations.
After the hackers encrypted the files they demanded Garmin to pay a ransomware payment of 10 million dollars and in return, the company will gain access to the data. Initially, Garmin didn’t give in to the ransom but within four days later the company started to restore their services and implemented a decryption key to remove the restrictions on their data, hence they paid the hefty ransom.
In early October of 2020, Software AG Germany’s second-largest software vendor fell victim to a Clop ransomware attack that exploited their corporate files and employee information. Shortly after, Software AG issued a statement that indicated that their internal network was compromised by a malware attack but security researchers found the Clop ransomware executable being used.
According to Software AG, customer-facing cloud services were not impacted by the Clop attack, but both employee personal information and confidential files were breached. The exploited information included Software AG’s internal network and employee laptops which included information belonging to the company’s employees: Passport numbers, photo ID scans, health care information, emails, contact lists, and employment contracts among other items. The incident is yet another sign of ransomware groups increasingly going after large enterprise targets with deep pockets.
On July 22nd and in near succession with the Garmin attack, NorthShore University HealthSystem announced they were part of a data security breach that potentially had affected over 348,000 people. They were informed about the breach from a company named Blackbaud, a software services provider to thousands of nonprofit fundraising entities worldwide, including NorthShore Foundation. According to Blackbaud, the breach occurred due to a ransomware attack on its systems between February 7th and May 20th, during which time unauthorized individuals accessed and extracted some of Blackbaud’s client files.
NorthShore determined that patients’ full names, dates of birth, contact information, admission and discharge dates and more were accessible by the attackers.
As we are at the start of 2021 many more breaches will grab the security headlines and we will learn how hackers are becoming more sophisticated when targeting large organizations. One thing that will never change is how employees unintentionally allow cybercriminals to exploit their information and their organization.
As long as security hygiene isn’t up to par, hackers will continue to exploit organizations where it truly hurts, finally. Hopefully, we can learn from 2020 and avoid becoming a victim listed on the next year’s top attacks.