2020 has been a busy year for the cybersecurity industry. As the pandemic has shaken the entire world, it has also fundamentally changed the way we do business. The COVID-19 crisis is reshaping the work environment, with more people than ever before now working remotely. According to IBM’s Cost of a Data Breach Report 2020, remote work has increased the average cost of a data breach by $137,000.
It’s safe to say that even in the post-COVID era, information system security will remain a top priority for businesses around the world.
Here’s an overview of major cyber attacks that happened in 2020. This year, some of the world’s largest companies and organizations in the world have been targeted, and successfully breached. The below list is based off the severity of the attacks, the financial impact, the number of stolen records, and other publicly available information.
-
JANUARY 2020 – MICROSOFT DATA LEAK
Impact: Microsoft suffered a major data leak. According to a report published by Comparitech, up to 250 million records were exposed online.
The data leak was discovered in early January by Paul Bischoff, a privacy advocate and editor at Comparitech. The report revealed how a Comparitech security research team uncovered five servers containing 250 million records. The leak originated from five “elasticsearch” databases containing the customer support data of 250 million Microsoft users.
The exposed data included customers’ physical addresses, their IP addresses, as well as descriptions of problems encountered by users, troubleshooting e-mails from Microsoft employees, case numbers, additional remarks and internal Microsoft notes. The research team also discovered that the incident originated from misconfigured security rules. As this seems to be a rather common and easy mistake in any environment where data is stored – all these rules need to be audited on a regular basis, according to Paul Bischoff.
-
JANUARY 2020 – ESTÉE LAUDER
Impact: 440 million Estée Lauder internal records were displayed online. Customers are questioning Estée Lauder’s ability to keep their information safe. Many have lost trust in the big-name cosmetic company.
The number is staggering: 440 million Estée Lauder records were visible online. The beauty giant is behind some 20 companies, including Clinique, MAC, Tommy Hilfiger and Michael Kors. Thanks to this empire, it generates annual sales of more than $14.8 billion. Cyber security researcher Jeremiah Fowler discovered the leak and determined the incident occurred due to an unprotected database.
On January 30, Jeremiah Fowler discovered the database. It provided access to precisely 440,336,852 lines of data. Upon closer examination, the researcher concluded that the database contained data from Estée Lauder. Anyone who had the address of the database could access it freely, without a password. Nothing more than an internet connection was needed to access this data. According to the cosmetic company’s cybersecurity team, no improper access to the database has been recorded so far. However, all is not solved, the company is still conducting an investigation to determine that no threat actors have accessed the leaked information. Furthermore, the release has naturally raised questions for customers since data breaches can sometimes be used as an access point to enter a company’s internal networks, which could ultimately compromise more internal and customer information.
-
FEBRUARY 2020 – INDIAN MARKETING FIRM PABBLY
Impact: 51.2 million records were exposed. The records are of six years which contained customer names, email addresses, subject line, email messaging, and more internal records like host path and SMTP data.
Pabbly is located in Bhopal, Madhya Pradesh, India. According to their website Pabbly is used by 100K+ businesses, including Harvard University, The Guardian, Uber and other big-name companies. On January 24th a publicly accessible database, containing millions of records and a massive amount of email addresses was discovered by cybersecurity researcher Jeremiah Fowler. According to Fowler “it is unclear who accessed the data and for how long it was exposed. It is also unclear if the affected customers or the authorities were notified of the exposure.”
-
FEBRUARY 2020 – THE HACK OF THE MARRIOTT GROUP
Impact: In February 2020, the Marriott hotel group took a hard blow. After an initial attack in 2018, which is estimated to have affected up to 500 million guests, the cyber attack in February 2020 allegedly affected more than 5 million additional guests.
IDs and passwords of two employees were allegedly stolen, which cybercriminals then used to steal data, including guests’ names, dates of birth, postal addresses, phone numbers and credit card numbers. The major risk associated to this type of data breach is the implementation of phishing campaigns and ultimately, identity theft.
The Marriott Group stated that it had contacted all affected customers.
But what consequences did such an attack have on the group? Like any company who suffers a major cyber attack, the Marriott Group’s image took a hit. The company went through two massive cyber-attacks in two years, which strongly damaged the company’s reputation and impacted the business’ standing and consumer trust. The Marriott group also had to pay substantial fines, a large part of which was due to non-compliance to the EU’s GDPR.
-
MAY 2020 – THE CYBER ATTACK AGAINST EASYJET
Impact: Over 9 million stolen records worldwide, including email addresses, travel itineraries and credit card numbers. Financially, this attack could cost EasyJet several million pounds.
In May 2020, while its fleet was still grounded following the health crisis, the popular low-cost European airline, Easyjet, announced that it had fallen prey to a massive cyber attack. The press release published by the company confirmed that hackers had access to the personal information of over 9 million customers worldwide.
The breached data included email addresses, travel itineraries, but also credit card numbers. The company claimed to have warned all the impacted customers and to have given appropriate support.
Following the attack, Easyjet assured customers that access to its customers’ personal data was no longer possible, but warned that the stolen data could be used for online scams. Online scams and fraud have been on the rise during the health crisis. According to the FBI, the number of complaints about cyberattacks to their Cyber Division has gone up to as many as 4 000 a day. That represents a 400% increase from what they were seeing before the pandemic. Interpol has also reported an “alarming rate of cyberattacks aimed at major corporations, governments, and critical infrastructure.”
Once again, the consequences are numerous, but two of them stand out:
(1) The loss of trust of several million customers(2) More Than 10,000 people have joined a lawsuit against EasyJet for massive data breach, which could end up costing the British company several million pounds.
-
MAY 2020 – MITSUBISHI, A JAPANESE AUTOMOTIVE MANUFACTURER SUFFERS A DATA BREACH
Impact: Confidential missile design data has been stolen. The hackers also reportedly got access to documents containing data on Mitsubishi and other manufacturers, held as part of a bidding process.
The cyberattack took place on June 28, 2019, but was made public in May 2020. According to an article published by ZDNet, approximately 200MB in files were stolen. Furthermore, Mitsubishi said the cyberattack had impacted over 8,000 people. Due to the sensitive nature of the stolen data – the company informed the Defense Ministry of the potential national security threat. The ZDNet article also reveals that the intrusion was made possible through the use of a zero-day vulnerability in Trend Micro OfficeScan antivirus software and that the breach had now been contained. The attack has been traced back to a Chinese cyberespionage group called the Tick.
-
JUNE 2020 – THE UNIVERSITY OF CALIFORNIA AT SAN FRANCISCO (UCSF)
Impact: The University of California at San Francisco (UCSF) payed a partial ransom of $1.14 million to recover files encrypted by ransomware infection.
The University of California, San Francisco was attacked on June 1st and paid a ransom of $1.14 million to hackers who encrypted and threatened to publish sensitive files stolen from the University’s School of Medicine. According to a ZDNet article, once the malware was discovered, the university’s security team and administration quickly took action to prevent the hackers from gaining access to the UCSF core network and causing further damage. Authorities in most countries advise against giving in to blackmail and paying ransom. Negotiations leading to ransom payments have, however, highly increased worldwide. Using Netwalker (A strain of the Mailto ransomware that can inject malicious code into Windows Explorer), the hackers and the University of California began talks on June 5 and the hackers initially asked for $3 million to give scientists access to their data.
UCSF initially offered $780,000, explaining that the coronavirus crisis had been “financially devastating” for them. An agreement was finally reached and UCSF paid 116.4 bitcoins to the hackers through their electronic account. The ransomware authors then sent decryption software in order for the institution to recover the lost data. According to UCSF, the hack did not affect patient care delivery operations or research on COVID-19.
-
JULY 2020 – HACKERS LEAK 386 MILLION USER RECORDS FROM 18 COMPANIES
Impact: Hackers leak 386 million user records from 18 companies for free on a hacker forum known for selling and sharing stolen data.
A seller of data breaches known as ShinyHunters began leaking the databases on a hacker forum known for selling and sharing stolen data. The cybercriminals claim to have hacked the personal data of users of 18 companies worldwide. ShinyHunters arrogantly stated: “I’ve made enough money now” and began offering stolen data for free in a commercial dark web hacker forum.
In fact, in just the first two weeks of May 2020, ShinyHunters, sold over 200 million stolen data records on the dark web. The surprising thing is that, until then, ShinyHunters was unknown. However, that rapidly changed since, by the start of July 2020, ShinyHunters had become a well-known data breach broker with an exponential number of security breaches under their belt.
According to a Forbes article, ShinyHunters has given away 386 million records from nearly 20 data breaches.
-
OCTOBER 2020 – SOPRA STERIA RANSOMWARE ATTACK
Impact: This attack has had huge financial consequences for the company. It’s expected to cost the company up to €50 million and will push Sopra Steria’s organic growth for 2020 into negative territory, by between -4.5% and -5%.
The French company Sopra Steria has fallen prey to a massive cyber attack. Sopra Steria is France’s sixth-largest digital services company employing 46,000 people & generates 4.4 billion in revenue. The attack took place on October 20th, barely five days after Sopra Steria’s conference on cyber crisis management at the Assises de Monaco.
According to the information site Le MagIT, a new version of Ryuk ransomware is responsible for the attack.
Sopra Steria confirmed the attack in a short press release published on 21 October. One of the major setback for Sopra Steria is that the attack seems to have been very widespread, affecting its entire network.
According to an article in BleepingComputer, Ryuk ransomware has become one of the most active and profitable ransomware software. An internal briefing note from Sopra Steria’s cybersecurity teams, explicitly mentioned Ryuk as the ransomware behind the attack.
-
DECEMBER 2020 – SOLARWINDS HACK HITS GOVERNMENT AGENCY SYSTEMS AND CRITICAL INFRASTRUCTURE
Impact: According to SolarWinds, 18,000 of its clients have been impacted, including parts of the Pentagon, Centers for Disease Control and Prevention, the State department, the Justice department, and others. This attack is being described as one of the biggest cyberattacks to have targeted US government agencies and private companies. The hack has revealed that U.S. critical infrastructure and sensitive data remain vulnerable to threats from cyberspace.
The hackers used SolarWinds, a software published by the Texan company Orion, which is used to manage computer networks. The hackers managed to insert a spyware program inside the SolarWinds updates thus, using this common and well-known software, the victims were unknowingly installing sophisticated spyware. The spyware, once installed, was remotely controlled while hiding in the normal SolarWinds activity, making its activity all the more difficult to detect. Consequently, hackers have infiltrated, for weeks at least, the heart of the computer networks of several administrations in the United States. Both the Treasury and Commerce departments admitted to having been attacked, without giving further details.
Although it is still too early to determine the exact scope, the scale and sophistication of the attack, the impact is grave. It seems, hackers would have had access, perhaps since March, to e-mails exchanged within these two institutions, which would make this event the largest infiltration of the United States in recent years.
According to the Reuters news agency, the National Security Council (NSC), (the White House’s main security advisory and decision-making body) called an emergency meeting and are taking the matter very seriously.
