2020 Top Breaches: Part III

Each week Cyber Security Hub offers an Incident of the Week for consideration by the community. Initially, the incidents centered around misconfiguration, credential stuffing, password exposure, phishing, unauthorized access, malware and ransomware.

As the pandemic raged, Q2, 2020 saw a siege of scourge towards the healthcare, education, financial loan and ecommerce sectors.

Q3, 2020 has shone a light on global state adversaries attacking US government and election related entities. Ransomware attacks, ransomware payments and Ransomware-as-a-Service (RaaS) all made news. And insider threats along with more advanced social engineering all took place.

Here is how the Incident of the Week played out each week of Q3, 2020 here on the Cyber Security Hub:

JULY

• Alabama Hit By 2nd Ransomware Attack In As Many Months
  • Alabama’s Chilton County employees notified the local IT team that their computers were running sluggish and some of the applications looked different. In an effort to shut down a suspected ransomware data breach, the county closed its doors to the public last Wednesday, July 8.
• The Infamous Twitter Attack & What Enterprises Can Learn From It
  • As Twitter continues its attempt to unravel the complexity and nuances of the attack, a broader story of SIM swapping and social engineering emerges.
• Chinese Hackers Accused Of Freelancing For The Chinese Government
  • Li Xiaoyu and Dong Jiazhi, Chinese nationals who met in a Chengu, China engineering school, were indicted by the Department of Justice on Tuesday, July 21. Their crime? Stealing several terabytes of intellectual property from 11 Western nations over the past decade.

AUGUST

• Russia Utilizes Hacking 101 Strategies Toward Government And Energy Sector Targets
  • The Russian Hacker group Fancy Bear poses an ongoing threat to the 2020 US election. Known to sow discord and confusion through misinformation campaigns, the FBI warns that Fancy Bear has been ramping up their activity since May of 2020—a mere six months before Americans hit the ballot box.
• Garmin Pays $10 Million To Ransomware Hackers Who Rendered Systems Useless
  • On July 23, Garmin users went to Twitter to express their concern over inaccessible website features. Four days later, Garmin released an official statement confirming that a cyber attack had taken place. Garmin assured its users that no PII (personal identifying information) was compromised.
• Russia’s Cyber Threat Du Jour Prompts The FBI And NSA To Release A Joint Statement
  • Russian cyber threats made the news again when the FBI and NSA broke status quo and released a statement about the new Fancy Bear malware Drovorub. 
• Social Media Data Scraped And Found Unprotected Online
  • A database of 235 million social media profiles were found unsecured by researchers with Comparitech. While data scraping is technically legal, it goes against the terms of use for the brands affected.

[inlinead-1]

SEPTEMBER

• Thwarted Ransomware Attack Against Tesla Serves As A Warning
  • Early last month, Tesla was notified by an internal employee that they had been approached with an unusual offer. For $500,000, the employee was to install ransomware onto the company’s network in order to extort them out of millions.
• Equinix Is The Latest In A Long Line Of Ransomware Victims
  • Ransomware-as-a-Service (RaaS) poses an increasing threat across the cyber security landscape, as it allows inexperienced or less technical hackers purchase the automation software needed to execute such a hack.
• Shopify Internal Data Breach Exemplifies Insider Threat Trend
  • While the investigation is still young, it follows a startling trend that has emerged within recent cyber security incidents. Tesla’s recent thwarted internal attack involved Russian operatives attempting to bribe internal employees.