Cyberbaddies had a subject day in 2020

Subscribe to this bi-weekly newsletter here!

Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security.

2020 is finally over. The year has already been surreal and tough enough thanks to the pandemic.

But the mass shift to remote work and the race for a vaccine unique threats created In cyberspace, criminals and threat actors can carry out a wide variety of attacks, ranging from phishing scams to sophisticated espionage campaigns Theft from COVID-19 research.

The number of ransomware attacks has skyrocketed and there have been endless compromises by schools, hospitals, government agencies and private companies.

Attackers not only demanded massive ransom, but also Extracts large amounts of sensitive data and threatened to publish them if their demands are not met. The average ransom payout increased from about $ 84,000 in 2019 to about $ 233,000 this year.

2020 was also a great year for data breaches, which were a regular occurrence. Worse, weak or stolen passwords were tied 37% of violations.

Some of the notable companies crippled by data breach and ransomware attacks are Garmin, Vastaamo, Foxconn, Nintendo, Marriott, EasyJet, Big Basket, Dr. Reddys and Luxottica.

Web skimming attacks against ecommerce websites designed to steal credit card information have also flourished. The campaigners have stepped up their efforts to hide their malicious code in image metadata, favicon files and even Use the Telegram Messenger filter the data.

Then the big one came Twitter hack in July, when a number of high profile accounts were taken over to promote a cryptocurrency scam. Subsequent investigation revealed that the attackers tricked an employee into clicking a phishing site that was collecting credentials from their internal systems. They used this admin password to reset the passwords of the target Twitter accounts and take control.

The most devastating hacks in 2020 was also saved for the last one. Threat actor, probably from Russiacompromised a routine software update from network monitoring software maker SolarWinds, providing a backdoor update for up to 18,000 customers including FireEye, Microsoft, Cisco, VMware and others.

The breach became known in early December after cybersecurity firm FireEye announced it had suffered a breach and hackers stole its cache using Red Team tools that were used to assess its customers’ security infrastructure.

What makes the attack on the SolarWinds supply chain even more damaging is the level of sophistication and craftsmanship that was secretly breaking into the company’s software distribution system as early as October 2019, before making its move in March.

Cybersecurity is an endless argument between digital thieves and defenders. It is a form of modern warfare that takes place in an increasingly advanced threat landscape. And if 2020 is a sign of that, these attacks will only get more sophisticated.

What’s hot in security?

US intelligence formal accused Russia The Singapore police can now coordinate the attack on the SolarWinds supply chain Use data Collected by the COVID-19 contact tracking app to aid criminal investigation and hacking Get access to the IT systems of the Finnish Parliament.

  • Law enforcement agencies in Singapore are now authorized to use the data collected by their COVID-19 contact tracing app to aid criminal investigations. [CyberScoop]
  • Hackers have gained access to the Finnish Parliament’s IT systems in the past few months, which has enabled them to compromise some MPs’ emails. [The Parliament of Finland]
  • Prof. Matthew Green made a great twitter thread about how law enforcement actually breaks into locked iPhones. It depends on whether your phone is in the “After the first unlock”State in which the phone is locked but has been unlocked at least once after being turned on by the owner. [matthew_d_green / Twitter]
  • Law enforcement agencies in the US and Europe have discontinued the Safe-Inet VPN service to facilitate criminal activity. So did the UK National Crime Agency 21 people arrested for purchasing breached personal data from, a now defunct online service that sold access to data hacked from other websites. [The Hacker News]

  • Let’s Encrypt certification authority came up with a workaround that extends the compatibility of older Android phones with their certificates by three years. [Let’s Encrypt]
  • 28 dodgy browser extensions used by more than 3 million users have been found to collect their browsing history, redirect traffic to phishing sites, and download additional malware onto their devices. [Avast]
  • Israeli private intelligence company NSO Group allegedly used location data from thousands of unsuspecting people to introduce governments and journalists to its COVID-19 contact tracing technology. The company said the “demo material was not based on real data from infected COVID-19 people,” but did not say where the data came from or how it was obtained. [TechCrunch]
  • IIn other news related to the NSO group, at least 36 Al Jazeera journalists had targeted their iPhones with a “zero-click” exploit in iMessage that was used to secretly deliver the company’s Pegasus spyware. The bug was finally fixed by Apple in iOS 14. [Citizen Lab]

  • Ticketmaster pays $ 10 million for repeatedly hacking rival ticket seller CrowdSurge between 2013 and 2015 in an attempt to “cut [the company] get on your knees. ” [The US Dept. of Justice]
  • NBC News’ Olivia Solon delves into the data car infotainment systems have on you and how tougher privacy standards are making it a treasure trove of data for law enforcement agencies to solve crimes. [NBC News]
  • Motherboard put together a fantastic list of cybersecurity stories that they wish we’d gotten in touch with and written ourselves in 2020. [Motherboard]
  • The last 14 days of data breaches, leaks and ransomware: American Express, Apex Laboratory, In mobile, Juspay, Kawasaki, Koei Tecmo, Ledger, Livecoin, Nissan, The energy of the people, T-Mobile, TaskRabbit, The hospital group, and Whirlpool.

Data point

As COVID-19 cases continue to rise, so do cyberattacks against the healthcare sector, making it the hardest hit sector since November 2020.

According to Check Point ResearchThe number of attacks on health organizations worldwide has increased by over 45%, compared with an average increase in attacks against other industries of 22%.
Central Europe has been hardest hit in the past two months, with healthcare attacks increasing 145%, followed by East Asia, Latin America and the rest of Europe, North America and South Asia.

In total, there was an average of 626 attacks per week against health organizations in November 2020, compared to 430 in October last year.

That’s it. I’ll see you all in two weeks. Stay safe!

Delighted x TNW (enthusiastic[at]the next web[dot]With)

Comments are closed.