Cyber Attacks 2020!

Cyberattacks

Between January and April 2020, cloud-based attacks increased by 630 percent! Let’s take a look at 20 of the most recent cyberattacks in 2020…

As if the planet didn’t already have enough problems to deal with in 2020, cybercriminals are adding to the collective fear. So far in 2020, we’ve seen a huge number of cyber threats, exposing millions of data records and committing the most dangerous cybercrimes against individuals and organisations, as we do last year. We’ve handpicked 20 of the most notable 2020 cyber attacks to cover from thousands of cyber attacks that have occurred so far this year.

We’ll go through some examples of cyber attacks that targeted individuals, companies, and other organisations, as well as the data breaches that resulted from them, in this post. This includes details on attackers who have used leaked data to commit financial fraud, identity theft, ransomware attacks, brute-force attacks, and gain unauthorised access to user accounts.

We recommend reading this post on Coronavirus Scams if you’re searching for more details about COVID-19 scams.

Cyber Attacks 2020: 20 Attack Examples (So Far)

Just a half year has passed, and we have already seen some of the most heinous cyber attacks of 2020. To make it easier to track, we’ve assembled a list of notable 2020 cyber attacks in chronological order — from January to August.

Iranian Hackers Attack U.S. Government’s Library Program Website

An attack on the Federal Depository Library Program website would kick off our list of 2020 cyber threats. On January 6, 2020, the site displayed a disturbing image over a map of the Middle East. The picture was made up of the following elements:

  • A remembrance of Iran’s late major general Qassim Soleimani.
  • This is a declaration of vengeance for the commander’s death.
  • An picture of an arm and fist branded “Iran” punching US President Donald Trump in the face has been doctored.
  • “This is only a small part of Iran’s cyber capability!” reads the message.

To insert the picture and messages, the attackers took advantage of a poorly designed content management system (CMS). Despite the fact that this cyber attack did not result in a data breach, it highlights the cyber challenges that government-owned websites face. Attackers are actively looking for minor flaws and misconfigurations in the security postures of websites that they can manipulate.

Hacker Group Steals 25 Million Students’ Data from Math App’s Database

Shiny Hunters, a hacker group, stole 25 million students’ email addresses and passwords from Mathway, a math-solving app, in January 2020. According to ZDNet, the attackers placed the data up for sale on the dark web for $4,000 on May 18, 2020.

The passwords were encrypted, and the buyers were responsible for decrypting them. And if the data buyer is unable to decrypt the passwords, a list of 25 million email addresses may be used to send malware-laden phishing or spam emails to students.

Cybercriminal Post Credentials of 3.68 Million MobiFriends Users in Web Forum

A hacker called “DonJuji” attempted to sell confidential data regarding nearly 4 million MobiFriends users on a deep web hacking platform on January 12, 2020, according to a study by Risk Based Security. Another user on the same website posted the same data without restrictions on April 12, 2020.

MobiFriends is a popular dating website based in Barcelona. The following details about 3,688,060 users can be found in the database:

Email addresses, usernames, encrypted passwords, mobile numbers, dates of birth, genders, and website activities are all examples of personal information.

Corporate email addresses from Fortune 1000 companies such as American International Group (AIG), Experian, Walmart, and Virgin Media were included in the results. These businesses can be vulnerable to business email compromise (BEC) related cybercrime if users use the same broken passwords to log in to their corporate email addresses. Although the passwords were encrypted with the MD5 algorithm, it is not considered a very secure hashing algorithm, according to Risk Based Security.

Let’s move on to the next cyber attack on our agenda for 2020.

Attackers Launch a Massive DDoS Attack Against Amazon

Amazon Web Services (AWS) was the victim of a major distributed denial of service (DDoS) attack in February 2020. The business was hit by a DDoS attack with a magnitude of 2.3 terabits per second, which it was able to mitigate (Tbps). It also had a packet forwarding rate of 293.1 Mpps and a request rate of 694,201 requests per second (rps). The DDoS attack, which occurred over the course of a week, triggered three days of increased threat and is considered to be one of the largest DDoS attacks in history.

A Hacker Accesses GoDaddy’s Servers to Steal Users’ Login Credentials

On April 23, 2020, GoDaddy, one of the largest hosting providers, told some of its customers about an altered SSH file in GoDaddy’s hosting environment, which resulted in a data breach. An unauthorised person attempted to access users’ hosting accounts using the exposed credentials, according to the letter.

To avoid further harm, GoDaddy reset the login credentials for the users’ hosting accounts. To compensate for the incident, they gave impacted customers a free one-year subscription to a website malware removal tool.

The time delay is, in my opinion, the most upsetting aspect of this event. Despite the fact that the incident occurred on October 19, 2019, GoDaddy did not become aware of it until April 23, 2020. According to IBM’s Cost of a Data Breach Report 2020, detecting and containing a data breach will take an average of 280 days in 2020! In that moment, an attacker can not only hack the device, but also sell the compromised credential to other cybercriminals on the dark web.

Ransomware Attack Steals 800 GB of Sensitive Data from W&T Offshore

On April 28, 2020, security analysis company Cyble Inc. released a study about a ransomware attack on W&T Offshore. Netfilim ransomware operators, according to the study, stole 800 gigabytes of sensitive data from the Texas-based oil and gas company.

The company’s ransom talks with the intruder failed, according to the article, resulting in the cybercriminal releasing 10 GB of data on the dark web. The data that was leaked contained the following confidential financial documents:

Statements of bank reconciliation, journal entries, the company’s risk analytics model, and long-term debt reports

Network Break Leads to Theft of 11 Million Banco BCR Payment Card Credentials

On May 1, 2020, BleepingComputer published an article about Maze ransomware operators claiming responsibility for stealing 11 million credit card credentials from BCR’s network.

Banco BCR is a commercial bank operated by the government. The bank’s network was hacked in August 2019 and February 2020, according to the study, but the attackers claim to have stolen “a few years of records, including 11 million credit cards.”

4 million of the 11 million documents are unique, and 140,000 of them belong to Americans. Hackers posted the following as proof:

240 credit card numbers (without the last four digits), as well as the cards’ expiration dates and authentication codes (CVV).

According to BleepingComputer, the attackers have been unable to contact bank officials in order to discuss the ransom. The Maze ransomware operators have begun releasing Banco’s customers’ credit card data on the dark web, according to a study published by Cyble Inc on May 22, 2020. Because the bank didn’t take their leak allegations seriously, the attackers released a 2GB CSV file containing various Mastercard and Visa credit and debit card details.

A Hacker Posts 15 Million Tokopedia Users’ Data on The Dark Web

The data breach detection and prevention programme Under the Breach is next on our list of 2020 cyber attacks. On May 2, 2020, they tweeted that a hacker had put the personal information of 15 million Tokopedia customers up for sale on the dark web. The information was obtained as a result of a hack that occurred in March. The firm announced on May 3 that the perpetrator has 91 million victim documents, which they are selling for $5,000.

The details, according to ZDnet, includes:

Dates of birth, full names, email addresses, phone numbers, hashed passwords, and Tokopedia profile-related information

Fortunately, the passwords were encrypted using the SHA2-384 hashing algorithm, which prevented the hacker from decrypting them. The company’s spokesperson stated that they had taken precautions to protect their customers’ data, but that users could still change their passwords as a precaution.

Australia’s Home Affairs Department Leaks Data on 774,000 immigrants

On May 2, 2020, The Guardian published a study claiming that Australia’s Home Affairs Department has a leaking database that reveals the personal information of 774,000 current and potential migrants online.

Information about migrants was leaked from the database, including:

774,326 ADUserIDs, 189,426 completed expressions of interest, application results, and applicants’ birth countries, ages, skills, and marital statuses

The Australian government took the details offline after The Guardian’s article.

A Hacker Tries Selling Unacademy’s 21,909,709 Registered Users’ Data Online

The next cyber attack on our list of 2020 cyber attacks is Unacademy. On the 8th of May, a hacker started selling nearly 22 million Unacademy users’ data on the dark web, which was an unfortunate lesson in cybersecurity for India’s largest educational site. According to Cyble, the hackers were selling the entire Unacademy database for $2,000 on the dark web.

According to Cyber Inc.’s study, the data included:

First and last names, usernames, encrypted passwords, and email addresses are all included.

It also included information about Unacademy’s user accounts, including their positions and statuses. Corporate email addresses from reputable companies including Wipro, Reliance Industries, TCS, Google, and Facebook are also included in the leaked database. If users use the same password for their personal and work email accounts, attackers can gain access to the company’s email network.

When asked about Mint’s data protection measures, Unacademy’s co-founder Hemesh Singh replied that accessing passwords using the leaked data is “extremely implausible.” This is because they encrypt their passwords with the SHA256 algorithm and use a one-time password (OTP) based login method to provide two-factor authentication (2FA).

Phishing Email Leads to Leak of More Than 12,000 Nikkei Employees’ Data

A data breach involving the personal data of 12,514 contract workers was disclosed by Nikkei Inc., a prominent Japanese newspaper publisher. What was the reason for the attack? A virus was found in a phishing email that seemed to come from Nikkei’s internal network.

The virus corrupted a portion of Nikkei’s internal email system, stealing the personal information of 12,514 contract workers, including their names, affiliations, and email addresses. On May 8, 2020, the information was leaked.

The Hacker Group ShinyHunters Lists 73 Million User Records for Sale

Individual databases containing 73.2 million user records from ten separate organisations were classified for sale on the dark web by the hacker group ShinyHunters for $18,000 each. ShinyHunters is the same party that was responsible for the Tokopedia data breach in March, according to a ZDnet article from May 9, 2020.

A Cyber Attack on EasyJet Affects 9 Million Customers

According to the BBC, EasyJet, a low-cost airline, was the target of a sophisticated cyber attack in which nine million customers’ email addresses and travel information were stolen. According to the study, attackers gained access to 2,208 customers’ credit card/debit card numbers as well as CVV.

Despite the fact that EasyJet had been informed of the data breach since January, it did not inform the general public until May 19. The airline did, however, notify customers whose payment card information was stolen in April. EasyJet has notified the UK’s Information Commissioner’s Office (ICO) of the security breach in order to assist them in their investigation.

A Hacker Publishes 2.3 Million Indonesian Voters’ Data on The Darknet

A hacker released 2.3 million Indonesian voter data on the hacking site Raidforums on May 20, 2020, according to a study published by Reuters on May 22. The information contained personal information such as the voters’ home addresses and national identification numbers. The attacker had also threatened to leak the information of the other 200 million voters. The General Election Commission of Indonesia has verified the validity of the voter results.

Bigfooty.com’s Leaky Database Exposes 132GB of Customer Data

On May 29, 2020, security researcher Anurag Sen and his team at Safety Detectives discovered a leaky database of bigfooty.com on the server of Bigfooty’s parent company Big Interest Group LLC. With over 100,000 users, Bigfooty.com is a well-known Australian football fan website.

The Elasticsearch database had 132 GB of data and about 70 million user accounts when it was hacked. This data breach affected up to 100,000 users and included information such as:

  • Passwords and Usernames
  • Email addresses are listed below.
  • Numbers for mobile phones
  • Messages from friends and family, as well as information about their habits and activities

Users in Bigfooty have the choice of remaining anonymous. With the above information, however, it is possible to track down the identities of anonymous users, including those who sent personal threats and racist content in private messages. It is also possible to track down comments made by high-profile users such as Australian police officers and government employees. Attackers can easily use such information for ransomware attacks, blackmailing, personal vengeance, and tarnishing a person’s or organization’s name or credibility.

Internal technical information from the website, such as IP addresses and GPS coordinates, operating system and server data, access and error logs, and so on, was also leaked. Hackers may use this information to commit other serious crimes against the website.

UCSF Pays $1.14 Million Ransom

On June 1, 2020, the University of California San Francisco (UCSF) was the target of a ransomware attack. Some critical servers from the university’s medical-research institution, which was working on a cure for COVID-19, were encrypted by the Netwalker ransomware operators.

UCSF workers disconnected the malware-infected servers from the main UCSF network, but they had no plans to return to unlock the compromised servers and decrypt the data. As a result, on June 26, 2020, UCSF reached an agreement with the hackers and billed $1.14 million (116.4 bitcoins) to Netwalker operators. In exchange, the hackers sent UCSF the decryption key, which they used to regain access to the servers and recover the data.

Cloudflare Becomes the Target of a Massive DDoS Attack

On June 18, 2020, an attacker conducted a huge DDoS attack against Cloudflare, a leading provider of network infrastructure and security in the United States. The assault lasted four days before coming to an end on June 21. Cloudflare included the following information about the attack’s severity:

  • DDoS cyber attacks in June 2020 lasted for several hours, with speeds reaching 400-600 million packets per second (pps). It topped 700 million packets per second many times.
  • 754 million pps were sent out from over 316,000 separate IP addresses at the height of the attack.
  • SYN floods, SYN-ACK floods, and ACK floods were used in conjunction as TCP attack vectors.

The attackers targeted a Cloudflare IP address that was often used by websites with the free subscription plan.

Fortunately, Cloudflare’s own DDoS detection and mitigation method, Gatebot, detected and handled the assault. There was no downtime or quality gaps for the customers. Though Cloudflare was able to successfully mitigate the DDoS attack, not all businesses can say the same. For other businesses, especially startups and small businesses, surviving a major DDoS attack relatively unscathed is a huge accomplishment.

Bitcoin Scammers Hacks 130 Celebrities’ Twitter Accounts

On July 15, 2020, a group of hackers compromised 130 high-profile Twitter accounts and used their accounts to spread cryptocurrency scam messages. According to Twitter, the posts were the product of a social engineering attack that resulted in 45 accounts receiving tweets, 36 accounts receiving direct messages, and seven accounts receiving Twitter info.

The following is an example of a fake message sent from Joe Biden’s account:

“I’m returning the favour to the party. All Bitcoins sent to the following address will be doubled! If you send $1,000, I will return $2,000 to you. This will only take 30 minutes.”

Barack Obama, Joe Biden, Elon Musk, Kanye West, and Bill Gates were among the celebrities on the list, all of whom have millions of followers. Via a social engineering assault, hackers obtained access to Twitter’s own internal administration tool. All checked users’ accounts were placed on hold for the time being, and they were unable to post anything. However, the attackers were successful in duping several people into falling for the scam, resulting in the theft of more than $100,000 in Bitcoin.

Avon Leaks 19 Million Document Records

On July 28, 2020, the Safety Detectives team released a report exposing several significant flaws in Avon’s servers. They discovered a leaking database with 7 GB of customer and employee information. The information included everything from their names and GPS coordinates to their email addresses and phone numbers, and it could be accessed by anyone with the server’s IP address. Phishing attacks and identity theft-related crimes may also benefit from such information.

Information about Avon’s internal technological components were also included in the database, including:

  • Account settings information, 11,000+ entries marked as “salesLeadMap,” and Technical server information.
  • Security tokens, SMS authentication service logs, OAuth tokens, 3 million technical log entries, Account settings information, 11,000+ entries marked as “salesLeadMap,” and Technical server information.
  • These details can easily be used by an attacker to launch large-scale cyber attacks against the website or sell the information to rivals or marketers.
  • The leaked database was found by the Safety Detectives squad on June 3, 2020. Fortunately, they contacted Avon before revealing the details to the public, and the company took action to protect it.

New Zealand Experiences a Wave of Cyber Attacks

Okay, we’ve come to the end of our list of 2020 cyber threats. During the month of August, various New Zealand networks and websites were targeted by various 2020 cyber attacks. Cyber attacks, for example, have caused service outages and problems at Westpac Bank, MetService weather news website, Kiwibank, and TSB bank.

The New Zealand Stock Exchange, on the other hand, was one of the most important goals (NZX). The NZX had to halt trading for five days, from August 24 to August 28, due to a strong DDoS attack. At its height, the attack had a magnitude of more than one terabit per second (Tbps). A hacker (or group of hackers) warned NZX about the potential cyber assault in an email sent before the attack. The attackers may have been trying to extort Bitcoin ransom payments to stop the attacks, according to Stuff.co.nz.

The New Zealand Stock Exchange, on the other hand, was one of the most important goals (NZX). The NZX had to halt trading for five days, from August 24 to August 28, due to a strong DDoS attack. At its height, the attack had a magnitude of more than one terabit per second (Tbps). A hacker (or group of hackers) warned NZX about the potential cyber assault in an email sent before the attack. The attackers may have been trying to extort Bitcoin ransom payments to stop the attacks, according to Stuff.co.nz.

Final Thoughts on Cyber-Attacks in 2020

As you can see from the list of 2020 cyber attack incidents above, your data is not safe even with well-known companies and government agencies. Cybersecurity is a never-ending operation, which is why every major corporation has a cybersecurity team dedicated to data security and preventing different forms of cyberattacks. However, startups, small enterprises, and SMBs typically operate on a shoestring budget and cannot always afford to employ cybersecurity experts. However, there are some do-it-yourself cybersecurity tips you can use to improve your company’s cybersecurity posture.

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.