At first glance, most organizations are improving their cybersecurity and getting better at defending direct cyberattacks. However, in this shape-shifting space of cybersecurity, hackers have already shifted to indirect targets. This situation makes new battlegrounds for businesses even before they’ve mastered the battle in their own backyard. Meanwhile, the cost of cybersecurity is reaching an unsustainable level and often the security investments fail to deliver a better result.
Cyber threats are always costly and became the most common issues in 2020 as cybercriminals stepped up to take advantage of Covid-19 confusion.
Among the cybersecurity threats, Malware stands as the #1 cyber threat with a rise in identity theft, phishing, and ransomware. Monetization holding its position as hackers’ top motivation. Covid-19 environment fuels the attacks on businesses, governments, homes, and critical infrastructure. As a result, several organizations faced a tipping point in 2020.
To help CIOs, CISO, CSO, and other business executives to strengthen their cybersecurity solutions, this blog details the top 7 of the most massive cyberattacks of 2020.
Top 7 Recent Cyberattacks 2020
- Twitter Cryptocurrency Attack
The popular social media company, the Twitter account was compromised in July of 2020 through a social engineering attack and used to illegitimately tweet about Bitcoin. Dozens of high-profile accounts like Barack Obama, Elon Musk, Kim Kardashian, and Bill Gates were hacked. The threat actor used those accounts to request Bitcoin from the followers, fraudulently promising double in return. Though the Bitcoin scan was live only for a short time, it earned Bitcoin worth over $100,000.
Later Twitter issued a statement, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.”
Two weeks after the massive cyberattack, the DoJ (Department of Justice) accused three suspects, including 17-year-old Graham Ivan Clark, the mastermind of this embarrassing incident.
- Toll Group
Toll Group occupies the leading position in the list of recent cyberattacks 2020 as it encountered ransomware attacks twice in 3 months. On February 3, 2020, the company announced on social media channels that it had endured a cyberattack and decided to shut down some of its systems as a precautionary measure.
Many of their customer-facing apps are distributed because of this cyber incident. Toll Group tweeted on Twitter as resuming their service to the customers as soon as possible is their immediate priority.
- Zoom App
With the sudden shift to working from home due to the Covid-19 pandemic, the video-conferencing solution skyrocketed across organizations worldwide. Zoom App enhanced as the big brand for the virtual meeting. As to be expected with such exponential growth, the app has been continuously targeted by cyberattacks.
In April 2020, it did experience a data breach where more than 500,000 passwords of Zoom accounts were stolen and made available for free or sale across dark web forums. As most of the users tend to reuse their old passwords, this password stuffing attack impacted everything from individuals to educational and financial organizations. Login credentials, personal meeting HostKeys, and URLs of the victims were released.
As a response to these recent data breaches 2020, Zoom company later enhanced the security of their Zoom meeting app and updated their iOS app to stop sharing user data to Facebook.
- World Health Organization (WHO)
Among the massive cyberattacks 2020, stealing information from the companies who are working to fight the COVID-19 pandemic is exceptionally shocking. On April 19, around 25,000 email addresses, as well as passwords of significant organizations like WHO, the CDC (the US Centers for Disease Control and Prevention), NIH, and the Gates Foundation was exposed online.
WHO openly states that some of their staff’s credentials were leaked, but the data exposed was not belonging to a recent account; hence, the breach didn’t constitute any risk to them. As a response to the data breach, WHO migrated the affected systems to a more authenticated and secure one.
- Marriott International
This popular hotel chain heads the list of recent data breaches 2020 list. Marriott, the largest hotel brand with 7300 resort and hotel properties in 134 countries. The attacker often targets hotel chains to steal the personal information of guests or track the travel details of business leaders and government officials with security clearance.
On March 31, Marriott disclosed that the personal details of 5.2 million guests were accessed through the login credentials of two employees at their franchise property. The hackers stole personally identifiable information including, names, phone numbers, addresses, birth dates & airline loyalty information.
Upon the discovery of the incident, they disabled the login credentials and immediately started an investigation, also implemented monitoring as well as proper resources to alert and inform their hotel guests.
- Cognizant Technology Solutions Corp
On April 18, CTS experienced a service disruption of clients as a result of a massive ransomware cyber-attack. Generally, in a ransomware attack, attackers demand the victims pay ransom to restore the stolen data. However, this ransomware deviates from the recent data breaches 2020 and threatens the company that they will reveal the stolen information online if they fail to pay the ransom. The company paid $50 – $70 Million for ransom to restore their client services.
Let’s explore our next item in the list of recent cyberattacks 2020. On Jan 12, 2020, the database of MobiFriends, a popular dating website, was compromised. The hacker revealed the personal details of over 3,688,060 MobiFriends users on a web hacking forum. The database contains information like Usernames, email addresses, encrypted passwords, Dates of birth, mobile numbers, genders, and many more.
The stolen data comprises corporate email addresses of companies like Experian, AIG (American International Group), Walmart, and Virgin Media. In case, any of the users are using the breached password to login with their email address, their corporations can be at risk of BEC (Business Email Compromise).
Enhance Your Security
These recent cyberattacks 2020 warn that there is a long way ahead for organizations to reach a more secure environment. Cyber attackers love crises. Due to the changes in working patterns caused by the remote working culture, you should reform how you protect your web application.
Check out cybersecurity solutions like from Indusface, which offers web application protection against data breaches, DDoS attacks, and botnet attacks while ensuring zero false positives and 24*7 threat monitoring.
Its industry-leading fully managed web application firewall AppTrana offers a comprehensive vulnerability assessment and provides detailed reporting to enhance your cyber maturity, especially, boosting the sophistication of your security controls, keeping you more prepared for future incidents.
The more you prepared in advance, the better you equipped to deal with cyber incidents!