The end of 2020 is finally approaching. Looking back, it was a tumultuous, yet transformative year in the field of cybersecurity.
Amidst the backdrop of an ongoing pandemic, many organisations have been forced to move to remote working arrangements, and cybercriminals didn’t hesitate to exploit the rising uncertainty and accompanying cyber risks. We saw cybercrime become more opportunistic, targeted and sophisticated than ever. Security experts & law enforcement agencies, including Microsoft and the FBI, reported an 800% surge in cyber-attacks since the advent of COVID-19, with 4,000 attacks a day. My team at MailGuard intercepted various COVID-19 themed phishing emails. There was a rise in ransomware attacks targeting corporate giants & government agencies, along with numerous Business Email Compromise (BEC) attacks that crippled companies.
In case you missed them, here’s a quick summary of some notable cyber-attacks that occurred in 2020. While this list isn’t comprehensive (there have been many other cyber incidents), it serves as a good summary that you can share with your clients to broaden their awareness of the different ways their business’ can get compromised, and what steps they can take to boost their cyber defences as they enter the new year.
Toll Group
How it happened: The Australian logistics giant was hit by two separate ransomware attacks this year. In January, the company discovered it had been infected with Mailto ransomware – an attack which disrupted operations for weeks. News of the second attack came in May, when the company confirmed it had fallen victim to a ransomware known as Nefilim.
What was affected: The company’s systems were down for weeks following both attacks. In addition, some of the stolen data was published on the dark web after the second attack. A total of 220GB was stolen, including financial reports and invoices.
When it was reported: January & May 2020
General Electric
How it happened: General Electric (GE) disclosed a data breach after one of its service providers suffered a cyber-attack. Canon Business Process Services, an IT service management company that works with GE, learnt that a third-party fraudulently gained access to an employee’s email account.
What was affected: From the compromised email account, cybercriminals accessed data relating to “certain GE employees, former employees and beneficiaries entitled to benefits that were maintained on Canon’s systems.” The wealth of data exposed included driver’s licenses, passports, birth certificates, marriage certificates and more.
When it was reported: March 2020
Service NSW
How it happened: The New South Wales’ government agency, Service NSW, was hit by an email compromise attack. The email accounts of 47 staff members were impacted, with reports stating hackers also illegally accessed the data of customers served by those staff members.
What was affected: Hackers stole 738GB of data, including the personal information of 186,000 customers, from the compromised email accounts. Data included handwritten notes and forms, scans and records of transaction applications. Service NSW later pegged the cost of the attack at $7 million.
When it was reported: May 2020
How it happened: In what has been labelled as “the biggest known Twitter hack of all time”, cybercriminals took over the Twitter accounts of major public figures and corporations, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple. Attackers reportedly infiltrated Twitter’s network through social engineering, specifically through a phone spear-phishing attack that targeted company employees. Cybercriminals then sent out tweets from these compromised Twitter accounts as part of a Bitcoin scam, promising to "give back" to the community by doubling any Bitcoin sent to their address.
What was affected: Hackers targeted about 130 accounts, tweeted from 45, accessed the inboxes of 36, and were able to download Twitter data from seven.
When it was reported: July 2020
Blackbaud
How it happened: One of the largest data breaches this year was the result of a cyber-attack on a third-party vendor. Cloud software provider Blackbaud, which provides services for many corporations, charitable foundations, education institutions and healthcare entities, was hit by a ransomware attack.
After the company’s self-hosted environment was infected with malware, its cybersecurity team was able to stop the attackers from encrypting the entire network. However, the hackers did manage to steal a subset of data prior to deploying the ransomware payload, including data belonging to Blackbaud’s customers.
What was affected: Reports state approximately 200 organisations and millions of individuals may have been impacted by this data breach.
When it was reported: July 2020
Manchester United
How it happened: Manchester United disclosed a security breach this year, saying its network had been breached in a cyber-attack. Describing the attack as a “sophisticated operation by organised cyber criminals,” the club shut down impacted systems immediately in order to contain it. Reports stated there was also a ransom demand made by the unknown hackers.
What was affected: While the attack was by nature disruptive, Manchester United stated it was not aware of any fan data being compromised.
When it was reported: November 2020
Levitas Capital
How it happened: Levitas Capital, a Sydney hedge fund, was forced to shut down after hackers sent $8.7 million worth of invoices from the fund manager’s email account. A fraudulent Zoom invite was opened by one of the company’s co-founders, which then planted malicious software on the Levitas network. This enabled hackers to take over the company’s email systems and send off the bogus invoices.
What was affected: Levitas Capital’s largest institutional client, Australian Catholic Super, pulled a planned $16 million investment following the cyber-attack, triggering the closure of the fund.
When it was reported: November 2020
European Medicines Agency (EMA)
How it happened: Following a string of attacks and warnings about hacking threats against COVID-19 vaccine-makers and public health bodies, the European Medicines Agency (EMA) disclosed it had been hit by a cyber-attack towards the end of the year. At the time of writing, no further details had been provided about the nature of this attack or who was behind it.
What was affected: Some “documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate” were illegally accessed in the attack. Experts stated this data could be extremely valuable to other countries and companies rushing to develop vaccines
When it was reported: December 2020
In each of these instances, regardless of the size or value of the information leaked, the destructive potential is immense. The damage sustained by companies as a result of cyber-attacks goes far beyond the immediate financial losses, especially in a year of business disruptions and economic uncertainty.
2020 was a year many of us would like to forget, but it also provided an opportunity to reflect on our security choices at a time when it was needed the most. As a new year beckons, let’s use this renewed enthusiasm around cybersecurity as a chance to revisit conversations with our customers about reviewing and enhancing their cyber defence strategies, so we can help them become more cyber resilient than ever.
Wishing you all a cyber-safe and happy 2021, everybody!
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us how we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
We’re on Facebook, Twitter and LinkedIn.
