2020 Security Roundup: Ransomware And Data Breaches Reigned Supreme

Another year is rolling off the calendar and what a year 2020 has been! The world faced unprecedented challenges, with the global spread of Covid-19 and the unique difficulties it presented. Work paradigms for millions shifted significantly and both individual businesses and the broader infosec community had to deal with new difficulties, innovative attacks and increased risk due to the new way work was conducted.

The discrepancy in security measures and protocols between a more secure office environment compared to working from home on a home connection was one of the driving factors in many of the attacks that took place over 2020.

Ransomware snowball effect refuses to slow down

Some other trends that marked 2020 included ransomware reaffirming its foothold as one of the major threats. During the first wave of lockdowns in 2020, ransomware attacks rose nearly 150%. Ransom demands were climbing as well, and average payment increased by a third on a quarter over quarter basis. The biggest cyber attack of the passing year was a ransomware hit as well.

The biggest cyber attack of 2020 was coincidentally a ransomware hit as well. German software behemoth Software AG was hit by a strain of the Clop ransomware in October 2020. The ransom demand was in line with the company's size and revenue - the criminals demanded over $20 million in ransom. Naturally, the outrageous sum was not paid, but the damage was significant and Software AG took a while to rebuild its damaged internal infrastructure.

In the spring of 2020, another high-profile ransomware attack targeted Fortune 200 IT giant Cognizant. The corporation was attacked by a previously unknown strain of the already dangerous Ryuk ransomware. The estimation of the damage caused by the attack over the next reporting quarter for Cognizant is in the $50 to $70 million ballpark.

Massive data breaches and billions of leaked DB records

Data breaches impacting millions of users and involving billions of leaked database records marked a significant part of 2020. Those incidents spared almost no industry or sector and impacted companies ranging from medium-sized businesses to huge corporations.

2020 started with Microsoft revealing that a misconfiguration of security rules temporarily exposed 250 million entries, but the company reported no evidence of illegal access.

In the summer of 2020 amateur publishing platform Wattpad suffered a major data breach. Nearly 270 million database records were stolen, including considerable amounts of personally identifiable information that included dates of birth, e-mails, IP addresses and hashed passwords. The data was later put up for sale and eventually shared freely on hacker forums.

Chinese giant Weibo suffered a breach in late 2019, with the stolen database records surfacing online in the summer of 2020. The leaked data contained personal information for over 170 million users.

At the head of the list, Cam4, an adult webcam site, had a data leak reported by security researchers. A massive 7 terabytes of user records were stored in a leaky database. The billions of database entries included a host of personally identifiable information such as conversations between users, gender preference and sexuality, real names and e-mail addresses. It takes no great effort to imagine how this sort of information could potentially lead to thousands of ugly cases of extortion and blackmail.

In November 2020, security researchers discovered a poorly secured Amazon server bucket, leaking the names, e-mails and credit card information of users who had used a popular hotel reservation platform. The leaky database contained 24 gigabytes worth of records.

IoT Attacks Keep Growing in Number

2020 was also marked by an increase in attacks targeting IoT devices. Obviously, the increasing number of devices being installed in homes across the world as adoption rates grow also contributed to this. Another contributing factor, as usual, were devices being sold with security loopholes and immediately guessable default credentials that users rarely change.Projections for the adoption of additional IoT devices over the following years show no signs of a slowdown, so this type of attack is expected to continue in 2021.

What the future holds

There is no clear indication on when the world could return back to normal. Cybercriminals are also showing no signs of slowing down their malicious activity in the current situation that is so lucrative for them.

What can regular people do to protect themselves in this situation? The usual best security practices are still as valid as they have ever been. While you cannot guard against a data leak, you can still use strong passwords and always enable two-factor authentication on every service that has that option.

December 9, 2020

Leave a Reply