With a handful of biological and political challenges, as well as a long list of the worst cybersecurity attacks in recent history: 2020 was undeniably a difficult year
The global economy made a downturn that hit impactfully the digital realm, noticeable in the many data breaches, brand’s reputational damage, and bankruptcy declarations.
So much has happened over the past twelve months, that it’s important to not forget. Instead, take a look back and learn, to be much more prepared for the upcoming decade.
Cybersecurity Attacks of JANUARY, 2020:
- Travelex: Services went offline due to malware infection. Every business connected to the currency exchange platform was affected.
- IRS tax refunds: Leaked information from data breaches were used by US resident to file $12 million worth of fraudulent tax returns
- Wawa: 30 million records from the platform’s customers were leaked and sold online, later on.
- Laundry’s: Restaurant conglomerate got hit by POS attack, taking customer’s payment card data.
- Poloniex: Credentials from users of the cryptocurrency exchange firm were leaked across social media.
- Microsoft: Five servers (storing anonymized user analytics) were exposed online.
- Peekaboo Moments: An Elasticsearch server hosted a database of the social media for parents and their children, which was left exposed.
- Hanna Andersson: A big (but undisclosed) number of shoppers from the children’s clothing retailer had their payment information exposed.
Cybersecurity Attacks of FEBRUARY, 2020:
- Fifth Third Bank: A former employee from the financial institutions present in 10 states was responsible for a data breach.
- Estée Lauder: A middleware security failure left 440 million internal records exposed.
- Helix: The Bitcoin mixing services laundered an estimated $300 million.
- DOD DISA: The Defense Information Systems Agency (DISA) revealed that employee’s records were compromised in data breach.
- UK Financial Conduct Authority (FCA): The FCA released sensitive information of 1,600 consumers by accident (due to an FOIA request).
- IOTA: The foundation shut down the network after a vulnerability found in IOTA wallet app was exploited.
- Clearview: The entire list of clients was stolen through a software vulnerability.
- General Electric: Workers of the company received warnings of security failure with Canon Business Process Service that let unauthorized individuals in.
Cybersecurity Attacks of, MARCH 2020:
- T-Mobile: A bad actor got its way into the email accounts of employees, compromising overall inner data (including customers and employers).
- Marriott: The chain of hotels was hit by cyberattack and email accounts of over 5.2 million guests were impacted.
- CAM4: Data belonging to the adult live-streaming website and Irish company Granity Entertainment was leaked.
- UK Home Office: The handling of the Home Office’s EU Settlement Scheme (GDPR) was breached one hundred times.
- Bill Gates YouTube Scam: A Ponzi cryptocurrency scam was promoted with hacked YouTube accounts.
- Virgin Media: An open marketing database of the company let data from 900,000 users, exposed.
- Sina Weibo: Personal data from +538 million users from the Chinese social media platform went for sale online.
- Walgreens: An error within the mobile app messaging feature of the 2nd largest US pharmacy chain exposed sensitive, personal information.
Cybersecurity Attacks of APRIL, 2020:
- Beaumont Health: 112,000 employees and patients got their personal and medical information accessed through a compromised email account.
- Lendf.me: $25 million in cryptocurrency was taken out from the platform. The domain is currently parked and its social media accounts went offline since then.
- Facebook: Over 267 million Facebook profiles were listed for sale at $600 on the Dark Web.
- Key Ring: Data of 14 million users of this digital wallet app was left stored in an unsecured database.
- Mathway: +25 million users from the calculator all had their login credentials exposed and sold.
- Nintendo: Around 160,000 users had their accounts hijacked by NNID legacy login system.
- Paay: 2.5 million card transaction records from this payment processor startup were made available to the public (without passwords).
- Zoom: Over 500,000 accounts from the teleconferences platform were listed for sale for as little as $0.02/ each.
Cybersecurity Attacks of MAY, 2020:
- Mitsubishi: The automobile company suffered a data breach that got confidential design stolen.
- Toll Group: Logistics giant suffered a 2nd ransomware attack in three months.
- Home Chef: Database of home meal delivery service app was let open. Data from 8 million users was stolen and sold.
- Supercomputers: Powerful European machines were hacked to mine cryptocurrency.
- Fresenius Group: A Ransomware attack was targeted at one of the largest dialysis equipment providers, harming worldwide operations.
- Pakistani mobile users: Over 44 million Pakistani civilians had their mobile data leaked online.
- Wishbone: The ShinyHunters hacking gang published records of 40 million users online.
- Dating Apps Leakage: researchers Noam Rotem and Ran Locar discovered a total of 845 gigabytes of user data from nine specialized dating apps: 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, and GHunt.
Cybersecurity Attacks of JUNE, 2020:
- Australia vs China: Scott Morrison (Australian prime minister) announced on-going cyberattacks that have been affecting the country’s public and private sectors, with China as likely responsible.
- AWS: A 2.3 Tbps DDoS attack hit AWS but it was rapidly mitigated.
- BTC-e: New Zealand froze $90 million in BTC-e assets for money-laundering investigation.
- CryptoCore: $200 million were stolen by the hacking group from online exchanges.
- NASA: IT contractor’s networks were breached by DopplePaymer ransomware gang.
- Claire’s: Card-skimming Magecart infection hit the accessories company.
- Charming Kitten: Iran-linked actor APT 35, aka Charming Kitten, unsuccessfully launched phishing attacks against President Donald Trump’s reelection campaign.
- Wattpad:268.745.495 million records from the user-generated stories website were exposed (initially sold for over $100,000, then published on forums for free).
Cybersecurity Attacks of JULY, 2020:
- Avon: The Personally Identifiable Information(PII) of 19 million customers and employees of the cosmetic company got exposed.
- CouchSurfing: 17 million records of platform’s users were found on underground forums.
- SigRed: Microsoft patches a 17-year-old exploit that hackers could use to hijack Windows Servers.
- MGM Resorts: Records of 142 million guests were stolen and put for sale online.
- Promo.com: 22 million customers of the video creation platform had their personal information exposed after a third-party data breach.
- Twitter: Profiles belonging to high-figures like Bill Gates, Jeff Bezos, and Elon Musk were hijacked for a cryptocurrency scam.
- BlueLeaks: Anonymous promoted a portal hosting 269 FB in stolen files from the US police departments after the murder of George Floyd.
- EDP: Ragnar Locker ransomware stole +10 TB in business records from the energy provider.
Cybersecurity Attacks of AUGUST, 2020:
- Cisco: Cisco Networks received massive damage from a former engineer, costing $2.4 million to fix.
- Canon: Ransomware gang Maze attacked the photography corporation.
- LG, Xerox: Maze, once again, published data from companies that failed on securing blackmail payments.
- Intel: 20GB of corporate data from Intel was leaked online.
- Freepik: 8.3 million users of the free stock-photos platform were disclosed after a data breach.
- Experian: A data breach from its South African branch impacted 24 million customers.
- Cruise Lines: Carnival, Seabourn, and Holland America cruise operators received ransomware attacks.
- Ukraine Crypto Laundering: Suspected members of a gang laundering $42 million in crypto were arrested by Ukraine law enforcement.
Cybersecurity Attacks of SEPTEMBER, 2020:
- Activision: Accounts from +500,000 Call of Duty players were hit by a credential stuffing attack.
- NS8: Investors were defrauded of over $123 million by the CEO of the fake startup.
- KuCoin: Around $150 million stored in hot crypto wallets got stolen by hackers.
- Telmate: Over 1 million inmates had their credentials exposed due to an insecure database of the prison phone service.
- Cerberus: Developers of the banking Trojan released the source code of its malware for free.
- BancoEstado: Chilean bank was forced to close down branches due to ransomware.
- Eterbase: Unknown attackers stole $5.4 million from wallets belonging to the cryptocurrency exchange
- Razer: Database with purchase information of 100,000 gamers was found unprotected online.
Cybersecurity Attacks of OCTOBER, 2020:
- Amazon insider trading: A former finance manager (along with his family) was charged for running a $1.4 million scam.
- Barnes & Noble: The bookseller company received a cyberattack that got their records stolen and leaked online as proof.
- Broadvoice: An exposed cluster of databases from the VoIP vendor was discovered. It contained records from over 350 million customers.
- Google: One of the largest DDoS attacks ever recorded (2.54 Tbps) hit Google.
- Harvest Finance: $24 million were stolen by hackers, of which $2.5 were later returned.
- Dickey’s: The BBQ restaurant chain suffered a POS attack that affected 3 million customers (card details were posted online).
- Pfizer: Data leak exposed both personal and medical information of patients out of the pharma corporation databases.
- Ubisoft, Crytek: Information from the gaming giants was publicly released by the Egregor ransomware gang.
Cybersecurity Attacks of NOVEMBER, 2020:
- Manchester United: European football club had its internal security systems down after the incident.
- Campari: Italian beverage vendor has gone offline after a ransomware attack.
- $100 million botnets: Bank accounts turned victims of a Russian hacker who was jailed for draining $100 million with a botnet.
- Capcom: Ragnar Locker ransomware disrupted the internal systems of a Japanese video game company.
- Home Depot: The US retailer agreed to pay a $17.5 million settlement after a 2014 malware infection that affected millions of customers.
- GoDaddy: Domain registrars Liquid.com and NiceHash were hit by a social engineering campaign starting on GoDaddy’s email and DNS records.
- Silk Road: $1 billion in Bitcoin from the former illegal marketplace was seized by the US Justice Department.
- Operation Egypto: Law enforcement from both the US and Brazil seized $24 million in cryptocurrency criminals connected to an online fraud scam.
Cybersecurity Attacks of DECEMBER, 2020:
- Absa: A rogue employee of a South Africa-based bank leaked a customer’s personally identifiable information.
- SolarWinds Hack: IT management company suffered one of the largest attacks in history. Total damages are yet to be known.
- Leonardo SpA: 10 GB of Italian corporate and military data was stolen. The suspect was shortly arrested
- Compounder Finance: $11 million were stolen out of the DeFi project.
- Flight Centre: 2017 hackathon was found to be the source of credit card records and passport numbers from 7,000 victims.
- CEO Global: Chinese law enforcement captured formed cryptocurrency exchange’s founders for holding a private key of cold wallet storage.
- Vancouver TransLink: Compass metro cards and ticketing kiosks were disrupted for days after a ransomware attack.
- HMRC: 11 serious data of 24,000 victims occurred to the “incompetent” UK tax office.
We haven’t got a break from this year.
2020 was full of data breaches, data and identity theft, ransomware, and targeted attacks… But we have made it so far.
Unfortunately, there are no signs of stopping any time soon.
The good news is, you can make something to make it stop (or at least, to prevent it for your own business).
Do you want to know how to protect yourself and keep your peace of mind?