The number of cyberattacks has increased significantly in 2020. Here are five notorious cyberattacks that many people will remember for years to come.
It is often said that the only things certain in life are death and taxes. However, in today’s world, there is another certainty that can be added to this list: cyberattacks. As long as there is an Internet and devices with which to access it, there will be cybercriminals trying to exploit them for personal profit or pleasure.
Cybercriminals have done a significant amount of exploiting in 2020. The number of cyberattacks has spiked, thanks in part to the Coronavirus Disease 2019 (COVID-19) pandemic. Before the pandemic, the Internet Crime Complaint Center (IC3) received around 1,000 complaints about cyberattacks a day. Nowadays, the IC3 is receiving as many as 4,000 complaints a day — a 400% increase. Some of those cyberattacks are more memorable than others. Here are five notorious cyberattacks that many people will remember long after 2020 ends and the new year begins:
The year 2020 marked the first known death resulting from a ransomware attack. When the Duesseldorf University Hospital’s IT systems crashed on September 10, 2020, the hospital cancelled doctor appointments, postponed surgeries, and told the public not to visit. It also stopped accepting patients in its emergency room, which resulted in them being sent to other hospitals. A woman with a life-threatening condition was one of the patients shuttled elsewhere. She was sent to a hospital about 20 miles away. This delayed treatment by about an hour, which resulted in her death.
While the woman’s death was sad, it was not surprising. In 2019, at least 10 hospitals had to turn away new patients due to systems and data being held for ransom by cybercriminals.
A 17-year-old teenager’s takeover of several high-profile Twitter accounts has become the most infamous hijacking attack in 2020. On July 15, 2020, Graham Clark began calling tech support and consumer service staff members at Twitter, instructing them to reset their passwords on a fake website. A few staff members fell for this phishing scam and entered their credentials, allowing Clark to steal their usernames, passwords, and multifactor authentication codes.
Using the stolen credentials and codes, Clark was able to access and hijack many Twitter accounts, including those of many famous people such as Jeff Bezos, Joe Biden, Mike Bloomberg, Bill Gates, Kim Kardashian, Elon Musk, Barack Obama, and Kanye West. Clark and at least two other hackers used the hijacked accounts for a variety of malicious acts. For example, they tweeted a bitcoin scam to millions of @elonmusk and @billgates followers. The scam netted them around $117,000.
The Dickey’s Barbecue Pit data breach wasn’t the largest in 2020, but it will likely be remembered because of the type of data that was stolen. The cybercriminals stole the payment card details — including names, account numbers, expiration dates, and verification numbers (i.e., the CVV or CVC number on the back) — of 3 million customers. Then, on October 12, 2020, the hackers put the payment card information up for sale in a dark web marketplace known as the Joker’s Stash. A significant amount of fraudulent activity related to these cards is already occurring, according the security firm Q6Cyber.
The Q6Cyber and Gemini Advisory security researchers who investigated the breach determined that the attack persisted for at least 13 months, without detection, before the hackers ended it in August 2020. Customers who used payment cards to purchase items at 156 of the restaurant’s 400+ franchise locations were affected. Given that the affected locations were spread across 30 states, the Gemini Advisory researchers believe that the exposure may be linked to a breach of a single central processor, which was used by many of those locations.
High-speed trading firm Virtu Financial discovered first hand just how easy — and costly — it can be to fall victim to a business email compromise (BEC) attack. It also learned how a seemingly straightforward cyber insurance policy can be interpreted differently. According to court documents, here is what happened:
On May 13, 2020, cybercriminals accessed a Virtu executive’s email account using Outlook Web Access. After reading the executive’s emails for two weeks, the hackers created inbox rules that automatically hid certain messages received in and sent from the executive’s inbox. This was done so that the executive would not see the emails that the cybercriminals were about to send.
Pretending to be the executive, the hackers sent a series of emails to the firm’s accounting department. The emails asked the department to issue two wire transfers, totaling about $10.8 million, to overseas banks for capital calls. Believing that the requests were legitimate, the accounting department wired the money in late May.
A couple of days later, the payments were flagged as potentially fraudulent by a routine auditing process. After an investigation confirmed that the payments were fraudulent, Virtu obtained an injunction that froze $3.9 million of the money it wired.
Virtu was not able to recover the remaining $6.9 million. The firm had an insurance policy that included $10 million coverage for computer systems fraud (Rider 6) and $500,000 coverage for social engineering fraud (Rider 10), so it informed its insurance carrier about the incident. Believing that the $6.9 million loss was covered by Rider 6, Virtu asked the insurance carrier to confirm coverage of the incident and the resulting loss. However, the carrier refused to do so, as it believed the incident and resulting loss were covered by Rider 10. Because Virtu and the insurance carrier had different interpretations of what the riders covered, the case is being settled in court.
The COVID-19 pandemic forced many businesses to change how they handled meetings. Instead of having people talk face-to-face, many companies began holding virtual meetings using the Zoom platform. Zoom usage jumped from an average of 10 million meeting participants per day in December 2019 to 200 million participants per day in March 2020.
The popularity of Zoom virtual meetings gave rise to what is known as Zoom-bombing. In Zoom-bombing attacks, intruders crash Zoom virtual meetings, after which they display hate or pornographic images and use threatening language. It is considered a form of trolling because the intruders are deliberately trying to cause trouble by disrupting the meeting and offending its participants. While there are still occurrences of Zoom-bombing (e.g., three people Zoom-bombed a Western Washington University meeting on November 28, 2020), it is not as prevalent as it once was because the company has made many security-related changes to the platform.