Reflecting back on 2020, the main story is — of course — the COVID-19 pandemic and how the world adapted.
The sheer scale of economic impact will be felt for years to come, across industries.
During the lockdowns and work-from-home directives, cybercriminals pivoted to take advantage of the new landscape. Finding new ways to attack, infiltrate and extort was just a matter of changing strategies.
Below is a review of the top breaches of the year and the impact of the criminal actions.
COVID-19 scams play on fear and run rampant in 2020
Malwarebytes’ 2021 State of Malware Report describes how hackers shifted from industries that contracted during the pandemic, like manufacturing and automotive, to agriculture and other essential industries like IT and healthcare.
“We saw malicious phishing campaigns that fraudulently posed as health advisories, PPE order forms, and donation requests from charities, including UNICEF.”
In April 2020, Google reported it was blocking 18 million spam emails related to COVID-19 per day.
The report shows that Adware, Trojans, and RiskwareTools (like cryptocurrency miners) experienced a significant decline from the previous year — down -23%, -13% and -13% respectively. However, MalwareBytes saw huge spikes in HackTools, Spyware, and other software meant to compromise security and/or collect information on the victim — up 147%, 24% and 110% in those areas.
The Cybersecurity and Infrastructure Security Agency (CISA) has also launched a huge educational campaign against ransomware.
“Malicious actors continue to adjust and evolve their ransomware tactics over time, and CISA analysts remain vigilant in maintaining awareness of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world.” Learn more about how to protect against it at the CISA ransomware page.
2020 cyberattacks on government agencies
The Department of Homeland Security and Treasury Department were part of the huge breach by the SolarWinds hack brought to light at the end of 2020.
SolarWinds then (exactly as the hackers planned) unknowingly sent out software updates to its customers that included the hacked code.
Up to 18,000 of its customers installed updates that left them vulnerable to hackers.
US agencies — including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury — were attacked.
So were private companies, like Microsoft, Cisco, Intel, and Deloitte, and other organizations like the California Department of State Hospitals, and Kent State University, the Wall Street Journal reported.
Experts disagree about how much the cleanup from the SolarWinds hack could cost, with estimates from $500,000 to $5 million per company. Collectively, it could be up to $25 million to $1 billion, based on the investigation of how many clients were affected.
2020 cyberattacks on healthcare organizations
The 2021 Netwrix Cloud Data Security Report found that in 2020, the most common incidents that healthcare institutions experienced in the cloud were phishing (44%), ransomware (39%) and data theft by insiders (35%).
“”An explosion of telehealth services and the shift of non-clinical employees to WFH increased the need for cloud technologies in the healthcare sector. As a result, new avenues for cyber threats opened up. Moreover, because hospitals and health systems are dealing with high caseloads caused by the pandemic, the threat to care delivery remains extremely high,” said Ilia Sotnikov, VP of Product Management at Netwrix.
- UVM Health Network shut down its IT system after identifying an Oct. 28 cyberattack. The health system has not released details about the attack, which infected 5,000 network computers. On Dec. 8, UVM Medical Center President and COO Stephen Leffler, MD, said the health system is losing $1.5 million per day in revenue and extra expenses; the health system expects the entire incident will cost more than $63 million by the time it resolves next year.
- Ryuk ransomware hit six hospitals in the U.S. over a 24-hour period beginning Oct. 26. The federal government reported the hit in an advisory on Oct. 28, noting a list of 400 targeted hospitals had circulated among Russian hackers.
- King of Prussia, Pa.-based Universal Health Services experienced a massive IT network outage beginning Sept. 27.
- Nebraska Medicine in Omaha reported a computer network outage on Sept. 20 because of a security incident. The health system reverted to paper records during the outage, which lasted several days.
- More than 46 hospitals and health systems had patient information exposed in a security breach at Blackbaud, a company that stores donor information for organizations, including health systems. The breach occurred Feb. 7 to May 20 and the company notified organizations of the breach in July.
2020 cyberattacks on learning institutions
As learning shifted in 2020 to online platforms, there was a sharp rise in attacks against universities.
Analysis of ransomware campaigns against higher education found that attacks against universities during 2020 were up 100% compared to 2019, and that the average ransom demand now stands at $447,000.
Ransomware represents the number one cybersecurity threat for universities, according to the research by tech company BlueVoyant.
According to the report, more than 75% of the universities studied had open remote desktop ports, and over 60% had open database ports – both of which provide cyber attackers with an entry point into networks and a means to eventually deliver and execute ransomware attacks.
What to watch in 2021
In their 2021 Cybersecurity Trends Report, InfoSys suggests these key areas to watch:
- Cloud native security
- Zero trust framework
- Hyper automation
- Intelligent devices security
- Digital acceleration
- Advanced threats
- Geopolitical tensions
- Supply chain security
As 2021 rolls on, businesses and organizations will be reevaluating their cybersecurity strategies as we adjust to remote work and hybrid solutions. Most will be adopting more flexible operating models.
The 2021 cybersecurity environment will be shaped by how technology evolves right now.
If you’d like more information about how to keep your business safe, contact us today for an expert consultation.