The cybersecurity experts had a pretty busy time since the beginning of the year 2020.
While data breaches were already on the rise, we witnessed a particular increase in ransomware attacks this year.
This is all in addition to businesses and consumers’ ignorant behavior towards securing their systems, fixing bugs, and paying attention to their online privacy.
Perhaps, this is why, despite repeated alerts and recommendations, the cybercriminals succeeded in their malicious activities. Today, seeing even the businesses getting shut down due to hackers is not shocking.
So, with this article, we list the top 15 privacy and security stories of 2020.
These are not just stories. Nor we are discussing these incidents as a mere roundup.
We want to emphasize the importance of cybersecurity and privacy for everyone, be it a business or an individual.
And we really hope and wish these issues to not witness again in 2021.
Top 15 privacy and security stories of 2020
1. Travelex paid for recovery after a ransomware attack
The year began with the news of a devastating attack on the British currency exchange Travelex. The incident just towards the end of 2019, and its effects lasted for months in 2020.
Precisely, on December 31, 2019, Travelex services, including their websites and mobile apps, suddenly went offline. The firm disclosed the incident as a cyber attack. However, some users and other observers could judge the involvement of malware in it.
Eventually, on January 7, 2020, it surfaced online that the firm had suffered a ransomware attack from the Sodinokibi gang.
Investigations revealed that Travelex was running vulnerable Pulse Secure VPN servers that facilitated the attack despite patches’ availability.
The attackers not only encrypted the Travelex network but also stole data before that.
In the following weeks, Travelex gradually restored its services (seemingly) while claiming that they found no evidence of data loss. Although the attackers claimed to have stolen 5 GB of personal data, they threatened to leak upon the ransom’s non-payment.
In April 2020, it turned out that Travelex paid $2.3 million as a ransom to the attackers (they had demanded $3 million). Besides this fact, no further details about the handling of compromised data surfaced online.
2. CoronaVirus ransomware emerged amidst phishing attacks
As COVID-19 transformed into a pandemic, cybercriminals also leveraged the opportunity to conduct cyber attacks.
Consequently, exploiting digital reporting practice, the perpetrators started attacking users with COVID-19 themed phishing campaigns.
These emails impersonated alerts from medical facilities, informing the recipient about having contracted the virus. The emails also included an attachment that the sender asked the recipients to print and take to the nearest medical facility. This attachment actually had malware embedded in it that would execute upon opening the attachment. Once executed, the malware would then steal data from the target devices.
Besides this malware, the threat actors also leveraged the disaster to develop CoronaVirus ransomware that actually covered Kpot infection. It was a unique ransomware attack demanding only 0.008 BTC (roughly $50 at that time).
3. Zoombombing threatened the privacy of web conferences
Just when work-from-home started becoming a new normal and the companies rushed going online, Zoom – the popular video conferencing platform – observed a spike in its customer base.
And, this popularity made the firm realize the plethora of vulnerabilities their platform had.
Eventually, we heard of a new term, “Zoombombing.” It is the practice of exploiting different glitches and vulnerabilities to break into strangers’ video meetings. Some did it for trolling, some for stealing information. And the attacks affected every niche, from business meetings to schools’ online classes.
But, whatever the reason could be, such intrusions or Zoombombings compelled the firm to take several security measures to fix the glitches. The aim was to prevent any means of intrusions during video meetings.
4. Israel water systems hacked
Israel marginally escaped a severe disaster earlier this year that could have seriously damaged its health situation.
Precisely, the nation suffered back-to-back cyber attacks on its water treatment systems.
The first attack happened in April 2020 that was swiftly caught and thwarted. The attackers attempted to take over the plant’s digitals system and alter the chlorine’s quantity to be added to the water.
If succeeded, this disturbance could have induced mild poisoning and other health conditions among the persons receiving water from the affected plant due to the intake of improper quantities of chlorine.
After this one, two more similar attacks targeted Israel’s water systems in July 2020. These attacks were also repelled without damage, though.
The Israel National Cyber-Directorate (INCD) and the Water Authority urged the water treatment facilities to reset all internet-connected equipment passwords.
5. BlueLeaks exposed secrets from hundreds of US police departments
In June 2020, an inspiration from WikiLeaks, “DDoSecrets” (Distributed Denial of Secrets), attempted to dump sensitive data online.
Dubbed “BlueLeaks,” they dumped a huge archive of around 270GB online, including critical information from over 200 police departments spanning more than 10 years, according to DDoSecrets.
However, the National Fusion Center Association (NFCA) mentioned that the data actually spanned over 24 years (from August 1996 to June 19, 2020). It included critical data such as names, phone numbers, email addresses, emails with attachments, PDF documents, image files, texts, videos, ZIP, and CSV files.
They also elaborated in their alert,
“Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.”
Analyzing the data made NFCA deduce how the attackers would have exfiltrated the data. Briefly, they compromised a customer account on the Netsential web platform – a service used by fusion centers, law enforcement agencies, and others. They then exploited the upload feature to inject malicious content that allowed downloading the data.
6. Apps used to store users’ clipboard data
Apple users’ confidence in their devices’ privacy features was proven overconfidence when researchers caught how a plethora of apps had accessed what the users copied and pasted.
Precisely, two researchers, Tommy Mysk and Talal Haj Bakry, discovered many popular apps from different niches used to access the device clipboard without users’ consent explicitly. Whenever a user would open any of such app, that app accessed the clipboard’s text.
Some popular apps exhibiting this behavior also included TikTok, Truecaller, Viber, games like Bejeweled, 8 Ball Pool, PUBG Mobile, news media like Al-Jazeera, CNBC, Fox News, and many others.
After their disclosure via a report, many of the apps stopped this behavior. The researchers have listed all the app names in their article.
Their research specifically addressed the apps’ behavior with iOS 13.3. With iOS 14, Apple rolled out a feature to notify the users whenever an app would access the clipboard.
With this feature, it turned out that LinkedIn and Reddit also spied on users. Nonetheless, both fixed the glitch later on.
7. Blackbaud security breach triggered a domino effect on universities
In July 2020, Blackbaud, a cloud service provider firm, disclosed a cyberattack that actually hit the firm in May 2020.
In their security notice, Blackbaud openly admitted to having suffered a ransomware attack for which they paid as well. Though they assured that the incident didn’t affect any sensitive data like bank information, they still paid the ransom to ensure that the attackers delete the stolen data.
Things seemed fine until then, except that the company was late to disclose the breach as per the EU GDPR.
However, the actual disaster unveiled when tens of universities and other organizations admitted they had suffered an impact of the Blackbaud cyber attack.
Overall the customers who got information about the attack from Blackbaud two months after the incident belonged to the US, UK, the Netherlands, and Canada.
Eventually, in October 2020, via an 8-K Form filing, the company admitted that the incident also affected sensitive information, including the customers’ bank account data.
8. Vulnerabilities in critical US infrastructure uncovered
In July 2020, researchers from CyberNews shared horrifying details about the security status of critical infrastructure in the United States. Briefly, here’s what they found,
“By scanning IP blocks for open ports in the US IP address range as part of an internet mapping project, we found several unprotected and accessible Industrial Control Systems in the country.”
The report continued,
“Industry, institutions, and cybersecurity experts are all aware of the dangers associated with outdated ICS systems. But as our research shows, many ICS access points in the US, particularly in water and energy sectors, are still vulnerable to attacks.”
Thankfully, after reached out to CISA, CERT, and the respective owners of the vulnerable ICSs, the glitch got fixed.
9. Huge hacking attack took over verified Twitter accounts
In July, Twitter users, especially the key ones, including world leaders and influencers, faced a pretty embarrassing situation when they found their accounts promoting crypto scams without them knowing.
Within a short time, it was confirmed that Twitter had suffered a massive cyber attack. Twitter also confirmed the unrest via a series of tweets through their official support account.
While they managed to recover from the incident, they started investigations and then updated the users via a detailed post.
It turned out that the attackers basically targeted Twitter employees with spearphishing to gain access to their account credentials. This eventually allowed the attackers to break into Twitters’ infrastructure.
10. Android banking trojans kept everyone busy
The emergence of Android malware is nothing new. However, this year, we witnessed a particular stir with regards to Android banking trojans, apart from their malware.
At first, the 2019’s prominent Android banking trojan Cerberus was found to have acquired a major upgrade. Researchers revealed that the trojan could even steal 2FA codes from the Google Authenticator app.
Later on, Cerberus even appeared on the Google Play Store, mimicking a cryptocurrency converter app.
Meanwhile, another mobile banking trojan, EventBot, emerged as a new threat.
After that, BlackRock Android malware appeared to join the list of devastating trojans by targeting over 300 apps.
There then came a moment to breathe a sigh of relief as Cerberus hinted about its departure, after the team breakup, in late July.
But, shortly after, researchers caught a new banking trojan, dubbed ‘Alien,’ in the wild running active campaigns. This malware seemed a fork of Cerberus.
These trojans specifically pilfer banking data from the users’ devices for those who don’t know yet. For this, they either impersonate banking or financial apps or overlay such apps’ login screens to steal data. Though, they can perform a variety of other malicious activities as well.
These trojans are certainly dangerous as they can cause severe financial damages to the victims.
11. Cyberattack at UHS hospitals network and others amidst COVID-19 peak
While hospitals were already biological risk as they attended an overwhelming number of COVID-19 patients, they suffered a digital blow as well. The situation then became even more painful, not only for the patients but also for the medical staff.
In September, a ransomware attack targeted Universal Health Services thereby causing service disruptions.
Then, in October, a wave of ransomware attack targeted multiple hospitals in New York and Oregon. Soon after, another cyber attack hit the University of Vermont Health Network facilities. This was also believed to be a ransomware attack.
(Well, the cybercriminals were truly heartless, weren’t they?)
12. Malicious apps running adware campaign targeted Android/iOS users
In September, a teenage TikTok user drew attention to a serious threat to Android users.
Briefly, the girl found aggressive promotion of an app via TikTok, about which she alerted Avast. Scratching the surface then made Avast unveil a well-orchestrated adware campaign running via 7 different apps that had over 2.4 million downloads. These apps existed on both the Apple App Store and Google Play Store.
Earlier, in June, Avast also unveiled 47 different mobile apps with over 15 million downloads involved in the HiddenAds campaign.
13. Microsoft’s Zerologon vulnerability went under exploit
Once again, the practice of not paying attention to updating the systems incurred huge damages to various businesses.
Briefly, a vulnerability, identified as CVE-2020-1472, affected the Netlogon Remote Protocol. Exploiting this bug could allow an attacker to gain elevated privileges upon connecting to a domain controller.
This is what actually happened later. While Microsoft already patched the vulnerability in August whilst releasing the monthly Patch Tuesday updates.
However, instead of catching the attention of the users, the bug caught the attention of cybercriminals.
Eventually, a trail of security breaches happened, affecting different firms as the attackers used publicly known exploits on vulnerable systems, ultimately transforming the vulnerability into “Zerologon.”
14. Multiple attacks on COVID-19 vaccine firms
Amidst all the biological and cybersecurity chaos that existed throughout 2020, the research firms succeeded in developing vaccines against COVID-19.
But it seemed the perpetrators didn’t like it much, or they became curious about the vaccine. In December, reports about a cyber-attack hitting the European Medicines Agency (EMA) surfaced online. As revealed, the incident also caused a leak of data regarding the development of the Pfizer Inc and BioNTech COVID-19 vaccine.
Before that, in November, North Korean hackers targeted COVID-19 vaccine front-runners, including AstraZeneca, Johnson & Johnson, Novavax, and the South Korean firms, Celltrion, Genexine, and Shin Poong Pharmaceutical.
(Is a malicious COVID-19 vaccine in the making? We hope not!)
15. SolarWinds cyber attack
As 2020 is now reaching the end, the most devastating cyberattack of the year surfaced online.
Reportedly, the perpetrators, presumably, Russian state actors, injected malicious codes and backdoor to an Orion Platform product from SolarWinds. This allowed them to spy on and steal data from the users of the product.
SolarWinds is a software development firm having numerous US federal agencies and Fortune 500 companies on its customer base.
Eventually, a whirlwind of disruption surfaced online as multiple big names keep themselves adding to the victim list.
What did we learn from these stories?
These 15 privacy and security stories highlighted various underlying causes. They have taught us 15 different lessons that we quickly list below.
Quick tips to prevent yourself from becoming the next story:
- Leaving systems and devices unpatched can make you suffer huge losses. Keep an eye on the updates and fixes coming up and ensure keeping all IT equipment up-to-date.
- Stay wary of the emails you receive. Not every email that looks harmless is actually harmless. Read our guide on phishing emails to learn how to protect yourself from the consequent cyber threats.
- As a business, pay attention to the customers’ privacy and security if you don’t want to lose your customers’ trust and market credibility.
- Make sure to set up unique and strong passwords. Reusing passwords, setting weak passwords, or not updating passwords frequently can be harmful.
- Never be careless with your old data, especially if it’s online. Also, since you can’t really train your consumers to implement cybersecurity best practices (you can only ask them), make sure to protect the system’s integrity from your end to avoid any disaster.
- Never trust the apps you install on your mobile phones. At any time, they can go malicious and start spying on you, especially the ones that are free to use since they would do anything to collect your data for monetization. Make sure to allow only the most necessary permissions to an app. And, if you don’t use an app or use it rarely, either uninstall it from your device or disable it.
- B2B companies should remain extra cautious for the security of their products. They should also make sure to keep their customers in the loop to avoid any embarrassing situations later on.
- Anything connected to the internet is vulnerable to cyber-attacks. So, regardless of the niche of your or your employers’ businesses, if you need internet for anything, then make sure to protect all subsequent IT equipment well-protected.
- Businesses must ensure training their staff well about managing email security and handling cybersecurity threats.
- Be wary of the apps you install on your device, especially mobile phones. You never know when malware would sneak into your device. Also, keep an eye on your financial transactions to spot any unusual situation right away.
- Cyber attacks can happen to anyone. So, the business and the educational and medical sectors also need to pay attention to cybersecurity best practices.
- Ads may be supportive of the content creators, but they are often offensive and malicious. It’s better to avoid watching and trusting them. Use adblockers as much as you can.
- Re-read number 1. We can’t stress more on that.
- Re-read number 11. That’s enough to make you realize the significance of online security for everyone.
- Re-read number 3 and number 7. It’s all about staying vigilant for your own as well as your customers’ security.
Perhaps, keeping these lessons in mind will protect you from falling victim to such cyber attacks.
What do you feel after reading these top security issues of the year 2020? Do share with us your thoughts via your comments.