(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
The year 2020 was largely about COVID-19, both online and offline. Cybercriminals have used pandemic to launch scams and phishing attacks on critical infrastructure, social media, medical and research institutions, and individual users.
Cyber security firm McAfee noted that cybercrime incidents could cost the world around $1 trillion in 2020, up from $600 billion in 2018. In its report titled, ‘The Hidden Costs of Cybercrime’, the firm said that the annual cost of cybercrime this year would be more than 1% of the global gross domestic product (GDP). It added that global spending on cybersecurity is also expected to surpass $ 145 billion this year.
Another report by cybersecurity firm Trend Micro said, there was an increase of nearly nine million threat cases from January to June, specifically related to Covid-19. Most attacks were perpetrated in April as users were looking to get more information on coronavirus.
Here’s a look at major cyberattacks and trends this year globally:
Remote working made cyberattacks easier to pull off: As many corporations asked their employees to work from home with their office-provided devices, unsecure access to office network made it difficult for the companies to protect their workers from cyberattacks.
The shift in moving in-person meetings to online video-conferencing calls was effectively used by cybercriminals to launch attacks like crashing of private video calls and baiting users with malicious domains.
According to Trend Micro’s mid-year cybersecurity report, there was a significant increase in inbound attacks as well as attacks on devices and routers in the first half of 2020.
There were 1.2 billion inbound attacks in the first half of 2020 as compared to 189,540, 803 attacks in H1 2019. Of all, 898,040 attacks were targeted on devices while 674, 575 attacks were launched on routers.
Hackers used brute force login attempts to attack remote access service accounts. This made up of almost 89% of all inbound attacks. Malicious actors targeted home servers and used them as launch pad for further attacks.
Attacks on vaccine makers: This year cybercriminals were after scientists researching vaccine for COVID-19. According to multiple reports published in December, North Korean hackers targeted at least six pharmaceutical companies working on Covid-19 treatments in the U.S., the U.K. and South Korea.
Johnson & Johnson and Novovax Inc, both experimental vaccine makers, were targeted. Hackers also tried to get hold of details related to UK-based AstraZeneca whose Covid vaccine was shown to be 90% effective.
The other three are South Korean companies. However, whether hackers were successful in getting hold of the information was not known. As per a Reuters report, the web domains and servers used by attackers show the campaign originated from North Korean. The same report noted that hacking attempts started in September by mimicking online login portals to gain access into employees’ credentials.
Twitter cryptocurrency hack: In July, a number of high-profile twitter accounts were compromised as a result of a bitcoin scam. Fake tweets about bitcoins went viral from twitter accounts of former U.S. President Barack Obama, Amazon’s Jeff Bezos, Tesla’s Elon Musk, Bill Gates, U.S. President-elect Joe Biden, and several others. Elon Musk’s account was the first one to post the bitcoin tweet.
The micro-blogging platform notified later that a coordinated social engineering attack on its employees gave hackers access to the company’s internal system and tools.
An analysis by Elliptic, a cryptocurrency compliance firm, showed scammers received 400 payments in bitcoins with a total value of $121,000.
Return of EMOTET: Emotet, a notorious malware, returned after a five-month break with a new malicious spam campaign.
“We didn’t expect Emotet to stay silent for so long, but now its back in full, and as dangerous as ever,” Fabian Sanz, researcher at Avira Protections Labs noted.
Emotet marked its return in July by sending out 250,000 spam emails to the people in the U.S. and U.K. The messages contained a malicious document or link that when activated, installs Emotet payload. After the first batch, messages were sent to French, Spanish, German and Italians, according to cybersecurity firm, Avira.
The Emotet gang operates an email spam campaign to inject Emotet trojan and then install other malware, either for their own interest or any other cybercrime group. Emotet is considered as a dangerous attack due to its ties with many ransomware gangs.
Those infected with Emotet are advised to quickly isolate the entire system to prevent ransomware attack.
Zoom data leak: Zoom became an overnight success after people around the world had to shift their in-person meetings to video calls due to the pandemic. But, even before most could rely on the video-conferencing app, reports of Zoom leaking users’ data surfaced. Over 500,000 Zoom accounts were being sold on the dark web and hacker forums for less than a penny.
Bleeping Computer reported that login credentials were gathered through credential stuffing attacks where hackers tried logging into Zoom accounts using leaked accounts from earlier breaches. Those successful are then sold to other hackers.
While most accounts were sold at very low prices, some were offered for free to Zoom-bomb and send malicious attacks.
This was not the first time Zoom was under the scanner. Previously, a security bug in the app leaked users’ data such as email addresses, users’ photos and started a video call with strangers.
Cyberattack on Dr. Reddy’s Laboratories: On October 22, Dr. Reddy’s Laboratories was cyberattacked, leading to a temporary shut down of some of its production facilities. The pharma company also isolated all of its data centres to take required actions after detection of a cyberattack.
In a statement to the stock exchange, Dr. Reddy’s said, it experienced an information security incident and consequently isolated the impacted IT services. The incident involved a ransomware attack, it added.
However, the company’s investigation did not find any data breaches pertaining to personally identifiable information in the systems.
Big Basket data breach: In November, online grocery firm Big Basket’s systems were hacked and almost 20 million users’ data was leaked. According to cybersecurity firm Cyble, the alleged breach occurred on October 14. Two weeks later the firm informed Big Basket, and made the details public.
Cyble said that details of 20 million users including names, email IDs, passwords, pin, contact numbers and IP addresses were being sold on the dark web for $40,000.
Big Basket said the privacy and confidentiality of customers was its priority. The customer data it maintains include email IDs, phone numbers, order details, and addresses, and that these are the only details that could have been accessed.
The Bengaluru-based firm filed a complaint with the Cyber Crime Cell in Bengaluru, Karnataka.
Unacademy data breach: Bengaluru-based online educational platform Unacademy, suffered a data breach that exposed data of 20 million of its subscribers. The accessed data was later being sold on dark web, cybersecurity firm Cyble said in a blog post.
Unacademy confirmed the data breach but denied compromise of any sensitive information. Hemesh Singh, co-founder and CTO of Unacademy told news agencies that the data of around 11 million learners has been compromised, but financial data, location and passwords have not been exposed.
The data breach took place in January, but came to light five months later. Hackers behind the attack said they had access to the entire database.
The records included username, hashed passwords, date joined, login date, email addresses, first and last names and so on. The database also had accounts with corporate emails such of Wipro, Infosys, and Cognizant.