A pandemic-centered yr made the gatherings of 2020 unprecedented in numerous techniques, and the cyber attacks were being no different.
As the planet transitioned to virtual anything — function, university, conferences and household gatherings — attackers took see. Attackers embraced new approaches and a hurried switch to remote entry greater cyberthreats across the board. For illustration, K-twelve universities took a brunt of the strike, and new lows were being reached like the exfiltration of university student info. The checklist of leading cyber attacks from 2020 incorporate ransomware, phishing, info leaks, breaches and a devastating source chain attack with a scope like no other. The virtually-dominated yr raised new worries all around safety postures and techniques, which will keep on into 2021.
When there were being much too lots of incidents to choose from, here is a checklist of 10 of the largest cyber attacks of 2020, in chronological get.
- Toll Team
Toll Team tops the checklist for the year’s worst cyber attacks since it was strike by ransomware two times in a few months. However, a spokesperson for Toll Team instructed SearchSecurity the two incidents were being not related and were being “based mostly on different kinds of ransomware.” On Feb. three the Australia-based mostly logistics business introduced on Twitter that it experienced experienced a cyber attack. “As a precautionary evaluate, Toll has made the selection to shut down a number of methods in response to a cyber safety incident. Many Toll customer-facing apps are impacted as a consequence. Our quick precedence is to resume services to consumers as quickly as possible,” Toll Team wrote on Twitter. The most modern attack occurred in May possibly and included a comparatively new ransomware variant: Nefilim.
- Marriott Intercontinental
For the next time in two many years, the popular resort chain experienced a info breach. On March 31, Marriott unveiled a statement disclosing the information of 5.2 million guests was accessed working with the login qualifications of two staff members at a franchise property. In accordance to the see, the breach impacted an software employed by Marriott to provide guest services. “We consider this activity started off in mid-January 2020,” the statement reported. “On discovery, we verified that the login qualifications were being disabled, right away started an investigation, applied heightened monitoring, and organized methods to inform and assist guests.” When the investigation is ongoing, Marriott reported it has no explanation to consider that the information bundled the Marriott Bonvoy account passwords or PINs, payment card information, passport information, nationwide IDs, or driver’s license quantities. However, compromised information may possibly have included call facts and information relating to customer loyalty accounts, but not passwords.
- Magellan
On May possibly twelve, the healthcare insurance plan big issued a letter to victims stating it experienced experienced a ransomware attack. Menace actors experienced productively exfiltrated logins, individual information and tax information. The scope of the attack bundled 8 Magellan Health and fitness entities and around 365,000 people may possibly have been impacted. “On April eleven, 2020, Magellan identified it was qualified by a ransomware attack. The unauthorized actor received entry to Magellan’s methods after sending a phishing email on April six that impersonated a Magellan client,” the letter reported. The business, which has above 10,000 staff members, reported at the time of the letter they were being not mindful of any fraud or misuse of any of the individual information. Phishing, a popular attack vector, intensified above the yr as risk actors refined their impersonation competencies.
The popular social media business was breached in July by a few individuals in an uncomfortable incident that noticed various superior-profile Twitter accounts hijacked. By a social engineering attack, afterwards verified by Twitter to be cellular phone phishing, the attackers stole employees’ qualifications and received entry to the company’s inside administration methods dozens of superior-profile accounts including people of previous President Barack Obama, Amazon CEO Jeff Bezos, and Tesla and SpaceX CEO Elon Musk, were being hacked. The risk actors then employed the accounts to tweet out bitcoin ripoffs that gained them above $100,000. Two months after the breach, the Division of Justice (DoJ) arraigned the a few suspects and charged 17-yr-previous Graham Ivan Clark as an grownup for the attack he allegedly “masterminded,” according to authorities.
- Garmin
The navigation tech provider experienced a cyber attack that encrypted some of its methods and forced services offline. Though Garmin 1st documented it as an outage, the business exposed on July 27 that it was the victim of a cyber attack which resulted in the disruption of “web page features, customer assistance, customer-facing apps, and business communications.” The push release also mentioned there was no sign that any customer info was accessed, shed or stolen. Speculation rose that the incident was a ransomware attack, while Garmin by no means verified. In addition, various media retailers documented that they gave in to the attackers’ demands, and a ransom experienced been paid. Some information retailers documented it as superior as $10 million.
- Clark County University District
The attack on the Clark County University District (CCSD) in Nevada exposed a new safety hazard: the publicity of university student info. CCSD exposed it was strike by a ransomware attack on Aug. 27 which may possibly have resulted in the theft of university student info. Right after the district declined to spend the ransom, an update was posted indicating it was mindful of media stories declaring university student info experienced been exposed on the web as retribution. When it truly is unclear what information was, the risk of exposing stolen university student info was a new reduced for risk actors and represented a shift to id theft in attacks on universities.
- Program AG
The German software program big was the victim of a double extortion attack that started off on Oct. three, which resulted in a forced shutdown of inside methods and in the long run a big info leak. Documents were being encrypted and stolen by operators at the rear of the Clop ransomware. In accordance to multiple information retailers, a $20 million ransom was demanded, which Program AG declined to spend. As a consequence, the ransomware gang adopted by means of with its promise and released private info on a info leak web site including employees’ passport facts, inside e-mail and money information. Operators at the rear of the Clop ransomware were not the only group utilizing a double extortion attack. The identify-and-shame tactic grew to become progressively popular throughout 2020 and is now the standard follow for various ransomware gangs.
- Vastaamo Psychotherapy Centre
The premier personal psychotherapy service provider in Finland verified it experienced grow to be the victim of a info breach on October 21, exactly where risk actors stole private client documents. The attack set a new precedent instead than making demands of the group, people were being blackmailed immediately. As of very last thirty day period, twenty five,000 legal stories experienced been submitted to Finland law enforcement. In addition, the government’s over-all response to the incident was significant, each in urgency and sensitivity. Finland’s inside minister named an crisis meeting with critical cabinet associates and furnished crisis counseling services to prospective victims of the extortion plan.
- FireEye and SolarWinds source chain attack victims
FireEye set off a chain of gatherings on Dec. eightth when it disclosed that suspected nation-point out hackers experienced breached the safety vendor and received FireEye’s purple team applications. On Dec. thirteen, the business disclosed that the nation-point out attack was the consequence of a massive source chain attack on SolarWinds. FireEye dubbed the backdoor campaign “UNC2452” and reported it permitted risk actors to achieve entry to numerous govt and enterprise networks across the world. In accordance to a joint statement Dec. 17 by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Safety Agency and the Office of the Director of National Intelligence, the attacks are ongoing. On top of that, the statement exposed that the source chain attack impacted more than just the Orion platform. CISA reported it has “evidence that the Orion source chain compromise is not the only first infection vector leveraged by the APT actor.” Since the statement, big tech companies these as Intel, Nvidia and Cisco disclosed they experienced been given the malicious SolarWinds updates, although the companies reported they’ve observed no evidence that risk actors exploited the backdoors and breached their networks. However, Microsoft disclosed on Dec. 31 that risk actors infiltrated its community and seen — but did not change or attain — the company’s source code. Microsoft also reported there is no evidence the breach impacted customer info or the company’s items and services.
- SolarWinds
The scope of the attack, the sophistication of the risk actors and the superior-profile victims impacted make this not only the largest attack of 2020, but perhaps of the 10 years. The incident also highlights the hazards of source chain attacks and delivers into query the safety posture of these a massive business. Menace actors, who experienced done reconnaissance given that March, planted a backdoor in SolarWinds’ Orion platform, which was activated when consumers up-to-date the software program. SolarWinds issued a safety advisory about the backdoor which the vendor reported impacted Orion System variations 2019.four HF5 by means of 2020.2.1, which were being unveiled between March 2020 and June 2020. “We have been encouraged this attack was probably carried out by an exterior nation-point out and supposed to be a slender, extremely qualified and manually executed attack, as opposed to a broad, method-extensive attack,” the business reported. In the a few-week-extensive investigation given that, the total breadth of the attack has developed immensely, but is continue to not however entirely comprehended.