Top 15 Cyber Attacks in 2020 and Way forward

The year 2020 has become exceptional in many ways, particularly once it involves the surge in cyber-attacks as evolved due to the global pandemic Covid-19. As Home had become our New office and the security gap between the house and workplace network has attributed to the increase of cyber-attacks.

In fact, 80% of the organizations have seen a rise in cyber-attacks last year globally. Corona Virus or Covid19 Outbreak  was solely responsible for a 238% rise in cyber-attacks on banks. Phishing attacks had seen a dramatic increase of 600% since the end of February, 2020 as well.

There are over 445 million cyber-attacks according since the inception of 2020, that is double compared to 2019.

While the heterogeneous IT landscape is becoming complex day by day with the digital adoption, cyber-criminals are getting better at identifying and targeting the intrinsic weaknesses.

Below are a few cyber-security incidents that took place in 2020:

  1. A hacker/hacking group known as ShinyHunters stolen and leaked data of 18 companies with 386 million users record
  2. Experian, a consumer credit reporting agency, suffered with a serious data breach which exposed nearly 24 million South African consumers with 793,749 business entities in August 2020.
  3. MGM Resorts hotels was attacked by a hacking forum in February 2020 and personal details of more than 10.6 million guests were revealed.
  4. Cognizant Technology Solutions (CTS), was impacted by Maze ransomware cyber-attack on April 18, 2020 and this had resulted service disruption of their clients.
  5. University of California, San Francisco, faced a ransomware attack on June 1 and was forced to pay $1.14 million as Ransom since encrypted data was critical for the institution.
  6. In April, there was a severe attack named Zoombombing with many other security concerns in the Zoom app. In this attack, activists with bad intentions could join the private meetings, read conversations, and screen share images of whatever they wanted, mainly sort of offensive, like adult or shock videos.
  7. Tillamook County’s IT government systems were infected on January 22, 2020 by a malware attack where 250 county employees and 25,000 citizens records were affected and they were forced to pay $300,000 as ransom.
  8. The Twitter Bitcoin hack was one of the biggest shock as occurred on July 15th. Over 130 accounts were affected including high-profile global figures like Elon Musk, Barack Obama, Bill Gates and even companies such as Apple, Uber. Breached accounts were impacted by posting identical weird tweets, claiming to support Bitcoin
  9. Personal information for close to 5.2 million guests was exposed for Marriot International, a hospitality giant. The information was comprising of contact details, loyalty account information along with personal details like gender and birthdays, and other personal preferences.
  10. 25,000 email addresses and passwords were leaked online On April 19 for several groups working together to fight the Corona pandemic, including WHO, NIH, the US Centres for Disease Control and Prevention (CDC), the Gates Foundation etc.
  11. Overall, eight Magellan Health entities with approximately 365,000 patients were breached by a social engineering phishing that involved exporting data and launching ransomware.
  12. Energias de Portugal (EDP), a Portuguese multinational energy company faced one of the most threatening cyber-security incident in April 2020. Around 10 TB data was stolen, and $10.9 M was demanded as ransom.
  13. A British low-cost airline group EasyJet faced a highly sophisticated cyber-attack in June. Approximately 9 million customers were affected where 2,208 customers credit and debit cards data got exposed as well.
  14. New Zealand stock exchange (NZX) was affected with Distributed Denial of Service (DDoS) cyber-attacks in August and September and, at times, was knocked offline.
  15. Telegram Hijack: In September 2020, hackers had gained access to Telegram messenger and email data of some big names in the cryptocurrency business. Hackers used Signalling System 7 (SS7), which is used for connecting mobile networks across the world, to hack the data to at least 20 targeted high-profile victims.

With the leaning from the last year’s trends, let us go back to basics to follow best practices like regular audits (VAPT), Patch Management, End point and Gateway security, Encryption, virtual private network (VPN), multi-factor authentication and many more.

May read through the best practices as we captured earlier for Work from Home situations.

Wishing you and your organization a Cyber-safe year ahead.  Let this new year be filled with joy, laughter and lots of fun. Happy New Year 2021.