In 2020, cyber attacks continue to hit organisations and governments that were largely unaware.
Coupled with COVID-19, the attacks have in many ways unleashed a new set of challenges and accelerated existing challenges within global enterprises.
Cyber security provider Cynet describes the combination of the two as a cyber pandemic is a bit like defining a “perfect storm” — only this storm is in cyberspace.
“What is clear is that in 2020, technology and security professionals struggled to respond to the changing environment as quickly as the bad actors unleashed attacks, taking advantage of unprecedented shifts in people, processes and technology within governments and worldwide companies,” outlined Cynet in a blog article that turns back the pages of 2020 to review the most noteworthy cyberattacks in 2020.
A litany of five attacks in the cyber pandemic year of 2020:
Many of these never made the headlines. iTNews Asia lists five major attacks:
1. The SolarWinds Attack
This attack involved hackers compromising the infrastructure of SolarWinds, a company that produces a network and application monitoring platform called Orion, and then using that access to produce and distribute trojanised updates to the software's users.
On a page on its website that was taken down after news broke out, SolarWinds stated that its customers included 425 of the US Fortune 500, the top ten US telecommunications companies, the top five US accounting firms, all branches of the US Military, the Pentagon and the State Department, as well as hundreds of universities and colleges worldwide.
2. FireEye: The Stolen Red Team Tools
On August 12, 2020 FireEye announced that a sophisticated group of hackers, likely state-sponsored, broke into its network and stole tools that the company's experts developed to simulate real attackers and test the security of its customers. The attack was later found to be tied to SUNBURST malware which was also responsible for the SolarWinds attack.
3. Software AG: Clop Ransomware Attack
The second-largest software vendor in Germany was reportedly hit by a ransomware attack in October 2020. News outlets reported that the German tech firm had been attacked by the Clop ransomware and that the cyber-criminal gang had demanded a $23 million ransom.
The report also stated that the company had still not completely recovered from the attack. The company disclosed that the ransomware attack disrupted a part of its internal network, but services to its customers, including cloud-based services, remained unaffected. The company also tried to negotiate with the attackers, but it those efforts were in vain.
4. Telegram Hijack Hackers
Hackers with access to the Signalling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.
The hackers were after two-factor authentication (2FA) login codes delivered over the short messaging system of the victims’ mobile phone provider.
The hackers sent a message from a foreign cell network to an Israeli one, updating the client’s location. For example, “The client has just landed in Madrid and has registered with our network. Please route his SMS messages via this network.”
5. BlackBaud: Ransomware Attack
Blackbaud, a cloud technology company used by colleges, universities, non-profits organisations, was hit by a data-stealing ransomware attack earlier this year. The attack was one of the biggest of the year in terms of the number of organisations affected, with nearly 200 businesses and millions of individuals potentially impacted.
Blackbaud said last July that it paid the ransom — but also claimed they received “confirmation” that the stolen personal data “had been destroyed,” fooling absolutely nobody.
“After discovering the attack, our Cyber Security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system.”
Blackbaud later confirmed in a regulatory filing that the stolen data also included bank account data and Social Security numbers — far more personally identifiable information than the company first thought.
What can we learn from these attacks?
According to Cynet, the most common causes of data breaches are weak or stolen credentials, and businesses need to be diligent.
“Any organisation can become the victim of phishing schemes, ransomware, DDoS, malware, and other attacks leading to data breaches. Stress to your customers that taking all necessary precautions is the best chance they have at staying secure. Along with detection and response tools, authentication protocols and ongoing employee security awareness training can make the biggest difference,” it advised in a statement,
To counter future threats, Cynet recommends seven rules we should adopt:-
- Conduct VAPT (vulnerability assessment and penetration testing) periodically to check for exploitable security vulnerabilities in the IT infrastructure of your organization
- Back up all the sensitive or confidential data and store it separately from time to time
- Keep all the systems, software, and applications up to date with the latest security patches
- Restrict employees from sharing passwords and encourage them to use unique and strong passwords
- Run a cyber attack simulation campaign to assess the level of cyber awareness among Then train them accordingly
- Make sure to implement the practice of using multi-factor authentication to maintain security and privacy
- Restrict IT admin and access rights to limited Ensure that they are adequately trained on the safe usage and encrypted storage of sensitive data