Cyber security news: 2020 hacks and attacks

2020 has been a hectic year by all accounts, and it feels like data breaches are constantly being reported in the news (on top of everything else).

That’s because breaches and cyber attacks are constantly happening, with numbers going through the roof as many moved to remote work.

We’ve been keeping a running tally of what’s hit the news, so we thought we’d share for your reference. All headlines link to an in-depth article; just click through to read more.

For the latest cyber news and tips on protecting your business, subscribe to our fortnightly newsletter here.

October

27th: Enel Group hit by ransomware again, Netwalker demands $14 million (Bleeping Computer)

After being hit in June,  multinational energy company Enel Group have been targeted again. The culprits are asking for a whopping $14 million ransom to share the decryption key and not spread several TB of stolen files.

27th: Steelcase furniture giant hit by Ryuk ransomware attack (Bleeping Computer)

The world’s largest office furniture manufacturer has been forced to shut down their networks to contain a Ryuk ransomware attack.

22nd: French IT giant Sopra Steria hit by Ryuk ransomware (Bleeping Computer)

IT company Sopra Steria have also been infected by Ryuk ransomware, admitting it will take “weeks” for business operations to return to normal.

21st: Japan will take steps to guard against Olympics cyber attacks (ITNews)

21st: UK Says Russia was preparing cyber-attacks against the Tokyo Olympics (ZDNet)

20th: Darkside ransomware donates $20K of extortion money to charities (Bleeping Computer)

10th: Tyler Technologies paid ransomware gang for decryption key (Bleeping Computer)

One of the largest tech companies in North America has had to pay a hefty ransom for a decryption key following an attack last month.

It’s estimated it’ll take 30 days for Tyler Technologies to fully recover, and there are still concerns about stolen information from governments and school districts being leaked.

9th: NSW govt blasted for failing councils on cyber security (ITNews)

8th: PwC Australia creates central cyber security, digital trust team (ITNews)

7th: Ransomware: Surge in attacks as hackers take advantage of organisations under pressure (ZDNet)
Cyber attacks have significantly increased over the past few months following the rapid switch to working from home. As organisations face increased pressure they can be left vulnerable to phishing emails and ransomware attacks, especially on home networks that likely aren’t as secure as enterprise environments.

September

29th: WA govt creates first cyber security operations centre (ITNews)

29th: Swiss watchmaker Swatch shuts down IT systems to stop cyber attack (Bleeping Computer)

29th: Ransomware hits US-based Arthur J. Gallagher insurance giant (Bleeping Computer)

28th: All four of the world’s largest shipping companies have now been hit by cyber-attacks (ZDNet)

28th: UHS hospitals hit by reported country-wide Ryuk ransomware attack (Bleeping Computer)

26th: Tyler Technologies warns clients to change remote support passwords after ransomware attack (Bleeping Computer)

24th: Two arrested over large-scale SMS phishing scam (IT News)

Two Sydney men have been arrested over their alleged involvement in a large-scale SMS phishing scam that targeted the personal and financial information of tens of thousands of Australians.

The Australian Federal Police arrested the men on Tuesday following a year-long investigation, codenamed Operation Genmaicha, by its cybercrime operations teams and NSW Police.

24th: SMS phishing scam pretends to be Apple “chatbot” – don’t fall for it! (Naked Security by Sophos)

17th: German hospital hacked, patient taken to another city dies (Security Week)

German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.

16th: Cyber attacks boom in 2020 – there have been more attacks in the past 6 months than in all of 2019 (Information Age)

2020 has seen a huge boost in cyber activity with security firm Crowdstrike finding the number of potential intrusions detected in just the first half of this year eclipsed the total for all of 2019.

12th: Razer data leak exposes personal information of gamers (Bleeping Computer)

Gaming hardware manufacturer Razer has suffered a data leak after an unsecured database for their online store was exposed online.

8th: Netwalker ransomware hits Pakistan’s largest private power utility (Bleeping Computer)

7th: Service NSW reveals hackers stole 738GB of data in email compromise (ITNews)

Details of an April attack against a NSW government agency have just emerged, with birth certificates, financial details and medical records of 186,000 customers stolen.

Cyber criminals compromised the inboxes of 47 Service NSW employees, collecting 735GB of data in total – that’s a whopping 3.8 MILLION documents.

The agency announced that they were “working to notify customers who had personal information in the breach”, with a four-month investigation responsible for the delay.

6th: Netwalker ransomware hits Argentinian government, demands $4 million (Bleeping Computer)

2nd: Phishing scam uses Sharepoint and One Note to go after passwords (Naked Security by Sophos)

August

18th: US liquor giant hit by ransomware – what the rest of us can do to help (Naked Security by Sophos)

American beverages company Brown-Forman Liquor has followed in the footsteps of Aussie-owned Lion, suffering a ransomware attack earlier this month. With up to a terabyte of data being compromised, it’s a massive hit to their business.

Current reports suggest Brown-Forman are handling the breach well, with two key points being:

1. They caught the attack early and prevented their files from being scrambled (aka encrypted)
2. They’ve also supposedly told the criminals to bugger off, and are refusing to pay the ransom – helping to break the cyber crime cycle.

Sophos explains more about what this attack involved, and how the so-called “new wave” of ransomware operators” are choosing to do things here.

18th: Cruise operator Carnival hit by ransomware (IT News)

As if a global pandemic wasn’t bad enough for business, cruise line giant Carnival has now fallen victim to ransomware.

IT systems have been encrypted and guest and employee personal data has been taken. The full extent isn’t yet known, but Carnival may end up facing legal action – yikes.

17th: Ritz London suspects data breach, fraudsters pose as staff in credit card data scam (ZDNet)

2nd: Telstra DNS falls over after denial of service attack (ZDNet)

There’s nothing more frustrating than an internet outage, but often we don’t question the cause. Telstra was the victim of a denial of service (DoS) attack in early August, with the bad guys working to overwhelm the network and bring traffic to a standstill.
End-user personal info wasn’t compromised in the attack, but it was certainly an inconvenience. 

July

30th: Business technology giant Konica Minolta hit by new ransomware (Bleeping Computer)

23rd: Garmin coughs up millions in ransom to get services back online (Gizmodo)

Experienced issues with your Garmin devices in July, or know someone who did? A huge cyberattack was behind the outages, crippling services for days.

The company was hit by WastedLocker ransomware, requiring all of the company’s computers and factories to be shut down until it could be resolved. To complicate things further, paying the $10 million ransom involved sidestepping US sanctions against the perpetrator, meaning Garmin could now find themselves in some serious legal trouble.

There’s no evidence to say that customer data’s been compromised yet, but if you own any Garmin products, now’s as good a time as ever to reset your passwords.

Sophos is rolling out a patch to protect users against this particularly nasty ransomware at the moment, so now’s a great time to speak to us about how strong your antivirus software is.

21st: Minor allegedly involved in Western Australia’s medical record data breach (9 News)

The WA Government was in the spotlight this week for a massive data breach, with patient health records and other confidential comms all visible on an unencrypted system. “How this antiquated paging service was dealing with such sensitive information is one thing; why no one in government stopped to think about this as a security issue is another.”

Tech debt and legacy systems like the paging service associated with this breach present significant risks to not only government agencies and large corporations, but to small businesses too.
The person responsible for the hack is a teenager from Mandurah, which goes to show that you never know who’s poking around in the back end of your systems and looking for an ‘open door’.

Check out our #ExplainIT episode on tech debt for more info about the risks to your business and how you can best mitigate these.

 

20th: More than 20 million VPN users warned of massive data breach (9 News)

Reports have emerged of a data breach affecting millions of free virtual private network (VPN) users after researchers found an unsecured server.
The data exposed includes personal information, browsing activities, passwords and more, putting users at risk of phishing, fraud, or worse.

June

19th: China believed to be behind major cyber attack on Australian governments and businesses (ABC News)

Federal Government agencies believe that China is the nation behind ongoing cyber attacks on Australian institutions, including hospitals and state-owned utilities, in recent months.

15th: ‘Whistleblower’ accuses Noni B of mass privacy breach (National Cyber Security News Today)

9th: Drinks maker Lion shuts IT systems after ‘cyber incident’ (ITNews)

The distributor of Masters, XXXX, Yoplait and more has shut down its IT and halted manufacturing after a cyber attack on Monday. 

9th: Avon cosmetics suffers “cyber incident” – but was it ransomware? (Naked Security by Sophos)

Yet another headline, this time from global cosmetics giant, Avon. The nature and extent of the attack haven’t yet been confirmed, but ransomware is suspected – and personal data has potentially been compromised.

7th: Honda hit with EKANS ransomware that targets Industrial Control Systems (techAU)

Sources have confirmed that the ransomware used in the June attack on Honda is called “EKANS”. It’s notorious for seeking out backups and deleting them before running its course, highlighting the importance of a strong backup strategy.

May

14th: BlueScope Steel hit by cyber attack causing worldwide system shutdown of operations (ABC News)

BlueScope Steel has been forced to revert to manual processes after a ransomware attack shut down much of their operations. They haven’t yet confirmed whether it was due to an employee clicking on a phishing email.

9th: MyBudget blames ransomware hack for system outage affecting thousands of customers (ABC News)

April

14th: 500,000 Zoom Account Breaches Reminds Us Not To Be Sloppy With Passwords (Gizmodo) 

March

4th: Fears private details of Defence Force members compromised in database hack (ABC News)

February

19th: Details of 10.6 million MGM hotel guests posted on a hacking forum (ZDNet)

January

31st: Toll Group confirms “targeted” ransomware attack (IT News)

27th: Perth Mint visitor data stolen after feedback survey company hacked (WA Today)

15th: WA’s P&N Bank hit by data breach (IT News)

3rd: Mark McGowan’s office targeted in cyber-espionage attempt (The New York Times)

1st: Travelex website was hit by Sodinokibi ransomware (TechRadar)