2020: The Year Of Cyber Attacks
You might feel like you’ve spent most of 2020 locked in your room bored out
of your mind, but that hasn’t stopped the hackers and cybercriminals from
doing what they do best even in the midst of a pandemic. Because hey, if you
thought that 2020 couldn’t be any worse, these attacks are about to prove you
wrong.
Here’s a look back at some of the biggest cyberattacks of the year.
January: Microsoft and the exposed customer support
analytics:
Throwback to early 2020 when Microsoft disclosed a serious security breach of 5 customer support databases. The leaky customer support database consisted of a cluster of five Elasticsearch servers, a technology used to simplify search operations. All five servers stored the same data, appearing to be mirrors of each other. The servers contained roughly 250 million entries, with information such as email addresses, IP addresses, and support case details. Microsoft said that most of the records didn’t contain any personal user information. Microsoft blamed the accidental server exposure on
misconfigured Azure security rules it deployed on Dec. 5, which is now fixed.
Source:
https://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/?sh=efeb8f64d1b3
February: Clearview AI’s entire client list stolen in data breach
Clearview AI, a facial-recognition software maker that has sparked privacy
concerns, said Wednesday it suffered a data breach. The data stolen included
its entire list of customers, the number of searches made by the customers and
how many accounts each customer had set up.The shocking thing is that
Clearview’s clients are mostly law enforcement agencies, with police
departments in Toronto, Atlanta and Florida all using the technology. The
company has a database of 3 billion photos that has been collected from the
internet, including websites like YouTube, Facebook and LinkedIn.
The exact flaw hasn’t been specified yet.
Source:
https://www.thedailybeast.com/clearview-ai-facial-recognition-company-that/-works-with-law-enforcement-says-entire-client-list-was-stolen?source=twitter&via=desktop
March: SIM-swap hacking rings:
One of the biggest scandals March had to offer was the amount of arrests that
have been made all across Europe in an effort to stamp out gangs specializing
in SIM-swapping attacks.
SIM-swapping attacks are becoming common as our mobile devices are now
central hubs to access everything from social media to bank accounts. In order
to conduct a SIM-swap, a cyberattacker will attempt to fool a mobile operator
into transferring a victim’s phone number to a SIM in their possession.
It might not take long for a victim to realize something is wrong with their
phone as their service is suddenly cut off and their signal dies. However, this
small window can be enough for threat actors to intercept calls and messages
including the one-time codes sent as part of multi-factor authentication
leading to account compromise. The first hacking ring is believed to be
responsible for the theft of over €3 million in a series of SIM-swapping
attacks.
April: 160.000 Nintendo accounts hacked
Japanese gaming company Nintendo confirmed that hackers gained
unauthorized access to around 160,000 user accounts since the start of the
month which forced the company to disconnect NNID (which is a legacy login
system, used to manage accounts on the old Wii U or Nintendo 3DS platforms) legacy login system from main Nintendo profiles after a massive account hijacking campaign.
Many users reported using strong passwords that were unique to their
Nintendo profiles, and almost impossible to guess or have leaked anywhere
online.Users can link their old NNID accounts to a Nintendo profile Nintendo
didn’t specify what exactly was happening behind the scenes but said that
hackers abused this integration to gain access to the main Nintendo profiles.
Source:
https://www.theverge.com/2020/4/24/21234205/nintendo-account-hack-nnid-breach-security-hacking-attempt
May: Cisco Servers Compromised
Cisco said attackers have been able to compromise its servers after exploiting
two known, critical SaltStack vulnerabilities. The flaws exist in the
open-source Salt management framework, that contains high-severity security
vulnerabilities that allow full remote code execution as root on servers in data
centers and cloud environments which are used in Cisco network-tooling
products.Hackers were able to successfully exploit the flaws incorporated in
the latter product, resulting in the compromise of six VIRL-PE backend
servers, according to Cisco.
Source: https://www.itnews.com.au/news/cisco-servers-compromised-using-saltstack-flaws-548708
June: AWS Facing the largest DDoS attack ever
Amazon said its AWS Shield service diminished the largest DDoS attack ever
recorded, stopping a 2.3 Tbps attack while the previous record for the largest
DDoS attack ever recorded was of 1.7 Tbps, recorded in March 2018.
The report didn’t identify the targeted AWS customer but said the attack was
achieved using hijacked CLDAP web servers(CLDAP (Connection-less
Lightweight Directory Access Protocol) is an alternative to the older LDAP
protocol and is used to connect, search, and modify Internet-shared
directories) and caused three days of “elevated threat” for its AWS Shield staff.
Nowadays, most DDoS attacks usually peak in the 500 Gbps range, which is
why news of the AWS 2.3 Tbps attack was a surprise for industry players.
Source: https://www.bbc.com/news/technology-53093611
July: Russian hackers targeting Covid-19 vaccine research
The UK, US and Canada accused hackers backed by the Russian state of trying
to abduct information from researchers working on COVID-19 vaccines.
Russia rejected the accusations as “baseless.”Cybersecurity agencies in the UK,US and Canada said in a report released Thursday that a network of Russia-backed hackers is trying to steal information on coronavirus vaccine
research from academic and pharmaceutical institutions.The National Cyber
Security Center said the hackers scan databases for vulnerabilities, steal
authentication credentials to gain access and then deploy malware to upload
documents.The group also uses spear-phishing, which is an email posing as a
trusted sender to get individuals to reveal information like account
credentials.
Source:
https://www.cnet.com/news/russian-and-north-korean-hackers-are-targeting-covid-19-vaccine-researchers/?ftag=CMG-01–10aaa1b
August: Freepik data breach
Freepik, a website dedicated to providing access to high-quality free photos
and design graphics, has revealed that they have been under a major
security breach impacting 8.3 Million of its users.
According to the company’s statement, the security breach occurred after a
hacker (or hackers) used an SQL injection vulnerability to gain access to
one of its databases storing user data.Freepik said the hacker obtained
usernames and passwords for the oldest 8.3 million users registered on the
website.
“For the remaining 3.77M users the attacker got their email address and a
hash of their password,” the company added. “For 3.55M of these users, the
method to hash the password is bcrypt, and for the remaining 229K users
the method was salted MD5. Since then we have updated the hash of all
users to bcrypt.”
Source: https://securityboulevard.com/2020/08/freepik-company-discloses-data-breach-affecting-more-than-8-million-users/
September: First Death caused by Ransomware
German authorities are investigating the death of a patient after a ransomware attack on a hospital in Duesseldorf. The patient,a woman who needed really urgent medical care, died after being re-routed to a hospital in the city of Wuppertal, more than 30 km away from her intended destination, the Duesseldorf University Hospital.
The Duesseldorf hospital was unable to receive her as it was in the midst of
dealing with a ransomware attack that hit its network and infected more than
30 internal servers.The incident marks the first-ever reported human death
indirectly caused by a ransomware attack.
Source:
https://www.wired.com/story/a-patient-dies-after-a-ransomware-attack-hits-a-hospital/
October: Ubisoft and Crytek data stolen by a ransomware gang
A ransomware gang going by the name of “Egregor” has exposed data it claims to have accessed from the internal networks of two of today’s largest and biggest gaming companies, Ubisoft and Crytek.Data allegedly taken from each company has been published on the ransomware gang’s dark web portal.
Ransomware gangs like Egregor regularly breach companies, steal their data,
encrypt files, and typically ask for a ransom to decrypt the locked data.For the
Ubisoft leak, the Egregor group shared files to suggest they were in possession
of source code from one of the company’s Watch Dogs games. On its web
portal, the group touted they were in possession of the source code for the
Watch Dogs: Legion game, scheduled to be released later this month.The
Crytek files included documents that appeared to have been stolen from the
company’s game development division. These documents contained
resources and information about the development process of games like
Arena of Fate and Warface.
Source: https://www.bleepingcomputer.com/news/security/crytek-hit-by-egregor-ransomware-ubisoft-data-leaked/
November: a $100 million Botnet
A Russian cybercriminal has been jailed for eight years for participating in a
botnet scheme that caused at least $100 million in financial damage.Brovko wrote scripts able to parse log data from botnet sources and then searched
these data dumps to uncover personally identifiable information (PII) and
account credentials. Any account credentials logged by Brovko’s code would
then be verified by the Russian national, sometimes manually, to see if it was
“worthwhile” using the accounts to conduct fraudulent transactions.
Brovko possessed and trafficked over 200,000 unauthorized access devices
during the course of the conspiracy and used his programming skills to
facilitate the large-scale theft and use of stolen personal and financial
information, resulting in over $100 million in intended loss.
Source:
https://www.justice.gov/opa/pr/russian-cybercriminal-sentenced-prison-r
ole-100-million-botnet-conspiracy
December: The Famous FireEye breach
FireEye, one of the world largest security firms, said it was hacked and that a
“highly sophisticated threat actor”one whose discipline, operational security,
and techniques lead us to believe it was a state-sponsored attack accessed
its internal network and stole hacking tools FireEye uses to test the networks
of its customers.
FireEye said its assessment was confirmed by Microsoft, which the
company brought in to help investigate the breach.The Federal Bureau of
Investigation was also notified and is currently assisting the company, a
major government contractor.
Because FireEye believes the attackers got their hands on its custom
penetration testing tools, the company is now sharing the indicators of
Compromise and countermeasures on its GitHub account to help other
companies detect if hackers used any of FireEye’s stolen tools to breach
their networks.
Source: https://securityboulevard.com/2020/12/fireeye-hack-turns-into-a-global-supply-chain-attack/
