2020 Top Breaches: Part IV

Each week Cyber Security Hub offers an Incident of the Week for considertion by the community. Initially the incidents centered around misconfiguration, credential stuffing, password exposure, phishing, unauthorized access, malware and ransomware.

2020 Top Breaches Part I

2020 Top Breaches Part II

2020 Top Breaches Part III

2020 was an unwelcome year in many respects. Early on, things felt like the past which wasn't necessarily so bad. As the year ramped up, attacks thought to be previously off-limits sadly became the centrifugal force of the global threat landscape. As we passed the halfway point focus was squarely on the US election. And as we finish the year- we can see each of the years aspects not fade away, but continue to collectively come to fruition.

Futhermore, Q4 not only showcased today's issues and foreshadowed issues we'll be grappling with through 2021. Automated ransomware and Ransomware-as-a-Service attacks are picking up steam. The Life Sciences & Healthcare industry continue to be a central focus of malicious actors. Federal, state, provincial and Local entities continue to be hit from private and foreign state actors. 

Here's how the Incident of the Week played out each week of Q4, 2020 here on the Cyber Security Hub:

October

• Government Sanctioned Russian Hackers Penetrate U.S. Federal Agency
  • It appears Fancy Bear, the Russian cyber crime group linked to the GRU, is responsible for a US federal agency break-in and data theft. Cyber experts piece together clues to garner more insight into the sophisticated attack.
• Ethical Hackers Discover Several Apple Vulnerabilities—And The Payout May Reach A Half-A-Million Dollars
  • Ethical hackers recently participated in Apple’s vulnerability bounty program and scored big. Over the span of three months, five hackers, led by 20-year-old Sam Curry, uncovered 55 vulnerabilities. Eleven of those vulnerabilities were deemed critical. Their payout? $288,000 and counting.
• Despite Patch, Zerologon Attack Still A Big Deal
  • A more robust patch is scheduled to release in February of 2021. However, Microsoft predicts the new patch will permanently disable standing authentication procedures on some devices.
• Will There Be An Incident Of Impact On Tuesday’s Election?
  • The United States presidential election is four days away. Last Wednesday, government officials released a statement about Russian and Iranian hacking threats. On Thursday, more information followed. What does that mean for Election Day—and beyond?

November

• Once Considered Off Limits, A Streak Of Ransomware Attacks Hit The United States Healthcare System
  • In the past, several cyber crime organizations pledged to stay away from the health care sector, with assurances that it’s money they’re after, not casualties. However, as COVID-19 has moved the workforce remote, new opportunities for cyber criminals exploded.
• Malware Mainstay QBot Targets Election Insecurities With New Phishing Campaign
  • Cyber crime software is becoming streamlined and automated as cyber crime campaigns succeed and funding increases. This enables increasingly nuanced and psychological cyber crime campaigns.
• A Popular Video Game Was Hacked, Compromising 46 Million Records
  • The gaming industry has been a desirable target for cyber criminals as of late, with popular games and gaming companies like Among Us, Capcom, and Minecraft falling victim to hackers and scammers.
• World’s Third Most Valuable Football Club Hit By Cyber Attack
  • Man. United is being praised for its quick response to the threat and transparency surrounding the incident. An incident response plan was followed, which helped quickly disseminate information to key stakeholders and investigators.

December

• A Pennsylvania County Pays Ransomware Ransom Covered Under Insurance Plan
  • Paying cyber security insurance is a double-edged sword. A March 11 report released by Deloitte uncovered that, “For every dollar in premiums collected from policyholders, insurers paid out roughly 35 cents in claims, making cyber insurance nearly twice as profitable as other types of insurance.”
• Disruption Key Strategy For Public Transportation Ransomware Attack
  • Some media outlets and cyber security professionals condemned TransLink for their lack of transparency, while the company insists it was necessary due to the ongoing investigation.
• US Treasury & Commerce Departments, DHS, NIH & Others Significantly Exposed
  
  • Russian operatives are now equipped with the very tools that were built to keep them out. The DHS, FBI, and CISA are working together to counter the attack, which Russia denies.

[inlinead-1]