From ransomware to supply chain attacks, this year has mixed classic hacks with unusual hacks and data thefts.
In 2020, digital risks and security breaches have become an even bigger problem for users and companies, which, in principle, is not so surprising in an era of constant development of technology and the Internet.
However, this year has been unique in that Covid-19 has radically and even tragically changed the lives of people around the world. The pandemic has created an unprecedented environment for cyber technology, reshaping the internet and forcing masses of people to work from home. Pharmaceutical companies began to fight for the right to be the first to have access to vaccine research, and such a race created new opportunities for states to spy on each other and favorably influenced the growth of online crime.
By tradition, in the last days of the outgoing year, we sum up the results and choose the most high-profile events that have made noise this year. In this article, we’ll talk about security breaches, data theft, ransomware attacks, and all the digital frenzy that’s been going on in 2020. Sit back and get ready to read a lot of interesting facts.
Hack SolarWinds
Beginning Sunday, December 13, the news came in waves that United States government agencies such as the Department of Commerce, Treasury, Department of Homeland Security and Department of Energy, corporations and international targets were the victims of a massive national-level spying campaign.
Hackers, widely reported as "some Russian hackers," carried out an attack on the supply chain of US IT vendor SolarWinds. Hackers hacked the company back in October 2019 and injected their malicious code into software updates of its Orion network monitoring tool. Without knowing it, any customer who installed the Orion patch released between March and June 2020 was also installing a backdoor.
With this attack, hackers gained access to approximately 18,000 SolarWinds client networks (according to the company itself). The networks of many of the company’s customers around the world turned out to be compromised. At the same time, the goals are not only state organizations, but also private companies from various sectors of the national economy.
The consequences of the attack varied depending on the victim. In some cases, the hackers only installed a backdoor, in others they used access to the victim’s computers for a long time. Some of the victims were very unlucky – with the help of their PC, reconnaissance and data exfiltration were carried out. Moreover, important infrastructure companies (in the oil, electricity and manufacturing sectors) also installed a backdoor, but it is not known exactly how widely this was used by the attackers and how far they went. This situation highlights the threat that supply chain attacks pose, as they give fraudsters access to vast amounts of data in an instant.
In July , a wave of mind-boggling hacks flooded the Twitter pages. It affected the accounts of Joe Biden, Barack Obama, Elon Musk, Kanye West, Bill Gates and Michael Bloomberg, as well as large corporate accounts of companies such as Apple and Uber. The accounts posted tweets that went something like this: “I decided to help people with money. All bitcoins sent to the address below will be returned to you in double the amount! If you send 1000$, I will refund you 2000$. Your money is accepted within 30 minutes.
Attackers gained full access to accounts – this is, in fact, a nightmare scenario that any hacker dreams of becoming a reality. However, this attack was just part of a bitcoin scam that ended up netting the scammers around $120,000. In total, the scammers targeted 130 accounts and took control of 45 of them. In a frantic battle to contain the fallout from the dangerous situation, Twitter temporarily froze all verified accounts, blocking them from posting tweets and changing their account password.
Subsequent investigation revealed that the attackers called Twitter’s " Customer Service " and tricked the resource into logging in to the phishing site in order to obtain their site administration credentials (including username, password, and multi-factor authentication codes). The attackers were then able to use this data to reset the passwords of targeted user accounts. In late July, three suspects were arrested and charged with the scam, including 17-year-old Graham Ivan Clark of Tampa, Florida, who allegedly masterminded the entire digital attack. Following this breach, Twitter said it had made a major effort to overhaul its employees’ access control system.
Blueleaks
On June 17, a leak activist group released 269 gigabytes of information about law enforcement agencies in the United States, including their emails, documents, audio and video files.
DDOSecrets said the data came from a source claiming to be part of the ephemeral hacker collective Anonymous. Released after the killing of George Floyd, a data vault of more than a million files included documents and private messages from the police about law enforcement initiatives to identify and track protesters.
Much of the information has come from law enforcement "convergence hubs" that gather and share intelligence with law enforcement groups across the country.
“This is the largest data theft ever committed by US law enforcement," said Emma Best, co-founder of DDOSecrets. "This ‘leak of information’ allows ordinary people to analyze the actions of the police tasked with protecting the public, including the government’s response to Covid-19 and the Black Live Matters protests."
University Hospital Düsseldorf
In September, a ransomware attack originally targeted at the Heinrich Heine University in Düsseldorf instead brought down 30 servers at the Düsseldorf University Hospital, breaking the hospital’s system and preventing proper patient care.
It is worth noting that unintentional attacks by hackers on university hospitals can be considered a common occurrence. The Düsseldorf University Hospital incident was particularly significant because it is the first time that a human death has been caused by cybercriminals.
As a result of the attack, an unknown woman in need of emergency care was redirected from the University Hospital Düsseldorf to another facility 38 miles from the hospital, delaying treatment by an hour. As a result, she did not survive. The researchers note that it is difficult to definitively establish a causal relationship that led to this death. However, this incident is clearly an important reminder of the real impact of ransomware attacks on medical facilities and any critical infrastructure in the city.
Reception desk
In late October, amid a sobering wave of ransomware attacks targeting hospitals, hackers threatened to release data stolen from one of Finland’s largest mental health networks, Vastaamo, unless individuals and the organization itself paid to keep the data private.
The hackers could have obtained this information by conducting a special operation to infiltrate the company. Similar digital extortion attempts have been made for many decades, but Vastaamo’s situation was especially egregious because the stolen data, which was obtained approximately two years ago, included psychotherapy records and other sensitive patient health information.
Vastaamo worked with the private security firm Nixu, the Finnish criminal police and other law enforcement agencies to investigate crimes. Government officials estimate that the episode touched on the case histories of tens of thousands of patients. The hackers demanded that individual victims pay around €200 (or $230) in bitcoin within 24 hours of posting their message or €500 ($590) at a later date in order to keep private information from being made public.
Finnish media also reported that the scammers demanded about $530,000 in bitcoins from Vastaamo so that the stolen data would also not be published. A hacker named " ransom_man " posted private information about at least 300 Vastaamo patients on the Tor anonymous web service to prove that the stolen information was true.
Garmin
At the end of July, hackers launched an attack on Garmin, a manufacturer of navigators and smart watches. They hacked into Garmin Connect, a cloud platform that syncs user activity data across devices, and parts of the Garmin.com website. The company’s e-mail systems and customer call centers were also disabled.
In addition to athletes, fitness enthusiasts, and other regulars, aircraft pilots who use Garmin products for positioning, navigation, and timekeeping have experienced performance issues with their on-board devices. The flyGarmin and Garmin Pilot apps were down for days, impacting some of the Garmin hardware used on the aircraft, such as flight planning tools and updates to the FAA’s essential aviation databases.
Some reports indicate that the Garmin ActiveCaptain marine app has also been hit by hackers. This incident highlights how IoT devices can be prone to system failures. Imagine how terrible it is when the instruments in the pilot’s office stop working during a plane landing or taking off.
Bonus. Chinese government-sponsored hackers
This year, China has continued its global hacker spree. Beijing-sponsored hackers have infiltrated Taiwan’s industrial companies to steal vast amounts of intellectual property, from source code and software development kits to chip designs.
Australian Prime Minister Scott Morrison said in June that the Australian government and other organizations have been subjected to repeated attacks by hackers. Australia has pledged to invest nearly $1 billion over the next 10 years to expand its defensive and offensive cybersecurity capabilities. Although Morrison did not specify which country attacked Australia, there is an opinion that he was referring to China.
Australia and China have been embroiled in an intense trade war that has forced rethinking of the relationship between the two countries. The Reuters report also reports on ongoing Chinese hacking operations across Africa after the African Union in Addis Ababa, Ethiopia, spotted Chinese attackers stealing CCTV footage stored on servers.
The United States has also experienced digital espionage and intellectual property theft attributed to China this year, mostly in the areas of health care and vaccine development to combat Covid-19.