7 of the Worst Hacks and Data Leaks of 2020

At this point in time, we can say, in all fairness, that 2020 was an awful year. Technology played a major role to alleviate those overriding separation anxiety all over the world. However, technology also played spoilsport for many businesses as it spelled doom with rising ransomware attacks, and this only further increased with hackers leveraging coronavirus fears to steal even more information from unsuspecting users and organizations.

Multiple high-profile accounts across social platforms were hacked. Foreign governments pounced and polarized many governments simply by launching massive IT hacks into the systems. Overall, you are justified to call 2020 a year full of dangerous, cybersecurity plagues. As if the nasty coronavirus was not enough!

The following list of 7 notorious cybercrimes shook the world over the past 12 fateful months. These series of attacks only highlight the importance of adopting stringent measures to safeguard yourself against online threats, malware, and data leaks.

#1 Hacking campaign targeting US energy, treasury and commerce agencies

Even the superpowers are not safe from cyber-attacks. A sophisticated and powerful group of hackers backed by a foreign government targeted US federal agency including the treasury and commerce departments and the energy department. According to authorities, the grave risk of such unprecedented and expansive attack spread across “critical infrastructure entities” and federal, state and local governments.

The full scope of the hack remains unclear. According to sources, staff emails on NTIA’s Microsoft’s Office 365 software was monitored by the hackers over many months. Though government agencies refuse to divulge more details, the seriousness of this hack called for an urgent national security council meeting at the White House.

#2 The SolarWinds Hack

SolarWinds is an enterprise providing IT service solutions to government organizations and businesses around the world. Sometime in the middle of dreary December, the company disclosed how an exploited update slipped by a hacker left many of their files exposed to outside threats.

Hackers were able to access files of US government departments and big enterprises for months. Cybersecurity experts consider it one of the largest attacks of all time. The potential victims feature some of the prominent names including the Department of Defense, Secret Service, NASA, Microsoft, Visa, Mastercard and many more.

#3 Travelex ransom demand after Sodinokibi breach

In one of the savviest ransomware attacks, Travelex, renowned foreign exchange company, faced demands for huge payments to decrypt its critical programs and files. The ransomware known as Sodinokibi disabled the entire IT system of Travelex. The attack disrupted the system for days. According to experts, criminals demanded six-figure sums to supply necessary decryption tools that will help the company unlock and recover the thousands of files encrypted by the virus. 

#4 FireEye Hack

Hackers proved their mettle once again when FireEye, the cybersecurity company defending third-parties globally, reported a data breach on December 8, 2020. Hackers managed to access the very tools FireEye employs to test their client’s security protocols. These tools simulate real hacking attacks.

FireEye conceded that the attack was highly refined and targeted and, in all likelihood, came from a state-sponsored hacking team. Though Moscow denied responsibility, experts believe the attack was led by Cozy Bear, Russia’s state-sponsored hacking agency.

#5 Cyberattack on European Medical Agency

The summer of 2020 was certainly one of the most prolific seasons for the infamous Cozy Bear.  They repeatedly attacked numerous medical companies researching and producing the possible COVID-19 vaccine. The European Medical Agency (EMA) faced a massive hack from an unknown group. The hack went on to expose crucial data of COVID-19 vaccine prepared by Pfizer.

Though details are scare on the method of attack, but the possibility directs at custom Spear Fishing and Malware techniques specialized by Cozy Bear. Unlike most run-of the-mill broad technologies used by hackers, these are highly targeted and crafted for companies and individuals. This customization makes them all the more deadly.

#6 Data breach at Estee Lauder

One of the monumental data breaches of 2020 took place at Estee Lauder in February. The cosmetic conglomerate witnessed 440 million of its documents accessed in this staggering security breach. Of the 440 targeted records, a large volume was plain-text email addresses. Cybercriminals went on to upload the unprotected database on the Internet.

Though the technique of attack was unclear as well as the duration of access, most likely hackers created multiple breaches in the system to create many back doors for potential compromises in the future.

#7 UK Medical Research Center faces Maze ransomware attack

COVID-19 vaccine became a point of concern for numerous malicious attacks worldwide. The Maze ransomware group attacked the elaborate computer network of Hammersmith Medicines Research demanding a ransom. The company is also invested in research to develop a possible Ebola vaccine and drugs to address Alzheimer’s disease.

The company was on standby for carrying out possible COVID-19 trials. When the company refused to pay the ransom, personal information of their former patients was published. This is after the ransomware group insisted not to attack medical organizations. Their move to publish patient data was to ‘encourage’ payment.

Protecting Your Business and Brand in the Age of Everything Tech

The two important trends emerge from this global madness. COVID-19 introduced diverse and novel attack opportunities and surfaces for threat actors. New methods of ransomware extortion strategy also saw millions paid to illegal operators like Egregor, Sodinokibi, Maze and others.

The uncertain situation and instability at the state and global spheres encouraged bad actors to hone their skills and target unprotected entities at both personal and organizational levels. Healthcare entities have seen ransomware attacks quadrupling in the past year. Researchers recorded a spurt in phishing scams. Cyberattacks on US healthcare facilities alone have affected as many as 17.3 million people. Medical records are often the best-sellers on the underground black marketplace. 

The unforeseen surge in criminal activity is a cause of concern that does not seem to dissipate in the coming year. The message is loud and clear. If you want to stay safe, you’ve to invest in evolving IT security systems to prevent future attacks. Cybersecurity will drive the technology budget of an enterprise in the years to come. This is the reality as globally the focus remains on accelerating digitization.