Advisory

High-profile cyber-attacks in 2020

11 September 2020

High profile cyber attacks in 2020

There have been a number of high-profile cyber-attacks in 2020, including:

Ransomware attack on global car manufacturer

Hacker’s launched a ransomware attack affecting the organisations ability to access its computer systems. Resulting in disruption to production and manufacturing processes at some plants around the world. Highlighting the operational impact cyber-attacks can have.

Large telecom provider fails to sufficiently protect customer database

A telecommunication company's database containing customers personal contact information was embarrassingly left unsecured and accessible online for over 10 months. In a reminder of the importance of appropriate training and procedures.

Social media giant hacked in Bitcoin scam

Twitter was the subject of a hack that many people have labelled the ‘worst security breach in history’. Resulting in many celebrity accounts tweeting a Bitcoin scam to followers. The ramifications of this attack are extremely serious and has put social media platforms security procedures under the microscope.

Local council suffers huge losses in ransomware attack

A local council suffered a ransomware attack that left 135,000 residents without public access. The attack reportedly cost the council over £10million. This attack showcased the vulnerability of outdated systems and the potentially severe operational and financial impact cyber criminals can have.

American GPS and fitness tracking company suffer ransomware attack

Using a virus known as WastedLocker, hackers locked the company out of some of their systems. Owners of the company’s products were unable to access their data, as well not being able to access customer support and website functions. Some reports suggest the company paid a multi-million-pound ransom to regain control.

Ransomware attack on software provider majorly impacts customers

A global education, administration, fundraising and financial management software provider was the victim of an attack. Data relating to the organisations that operated the providers software was stolen, forcing those organisations to inform their customers of a breach. Highlighting how a breach not only impacts the targeted organisation but those organisations in the supply chain. 

Ransomware attack on global car manufacturer

What happened?

Hackers launched a cyber attack on a global car manufacturer’s network. Designed to attack industrial control systems networks, the organisation believed it to be a ransomware attack.

Impact

The attack affected the organisation’s ability to access its computer systems, use email, and use its internal systems. There was also an impact on some production systems outside of Japan. Production and manufacturing at some overseas plants had to be temporarily suspended. No data had been breached and the organisation claimed it had a minimal impact on business operationally.

Response

The organisation notified customers over social media that they were ‘suffering from technical difficulties’ before later confirming it had been the result of a cyber-attack on their network. There is no mention of the attack or a change in cyber-attack prevention on their website.

 

Large telecom provider fails to sufficiently protect customer database

What happened?

A telecommunication company’s database containing the phone numbers and home and email addresses of 900,000 people was left accessible online for almost a year. As far as the organisation is aware, the information was accessed on at least one occasion by an unknown user.

This was the result of a member of staff incorrectly configuring the database, rather than a cyber-attack.

Impact

Minimal impact on business operations but embarrassing from a reputational perspective.

Response

The organisation informed the ICO and launched a forensic investigation. The issue was immediately resolved by shutting down access to the database. The company set up a page on their website addressing what had happened and re-assured their customers it had been taken care of and that no passwords or financial details were in the database. The page also answers a number of FAQs regarding the incident. 

 

Social media giant hacked in Bitcoin scam

What happened?

130 celebrity Twitter accounts were targeted by a major cyber-attack. Accounts that were seized and controlled by the attacker tweeted a Bitcoin scam to millions of followers. Attackers were able to bypass account security because they gained access to Twitter’s own internal administration tools.

Impact

The messages had a reach of at least 350 million people. Despite the scam being obvious to some, the attackers received hundreds of transfers worth more than £80,000 within the few hours the scam was active. The attack raised plenty of questions about Twitter’s cyber security given the impact content posted from high-profile figures can have, with past posts moving financial markets and even causing diplomatic incidents. This has had a major impact on Twitter’s reputation, with many people calling it the worst security breach in history. Reputational impact is one thing, but Twitter could also face legal consequences. Fines could also be passed down if they are found to not have appropriate levels of security in place.

Response

Twitter tried to contain the attack by temporarily preventing all verified (blue tick) users from tweeting. Twitter also released the following statement: ‘We detected what we believe to be a co-ordinated social-engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.’

Twitter conducted a thorough investigation into what was accessed and what else could have been accessed, with direct messaging being an initial focus. There is no mention of the incident on Twitter’s home webpage.

Comments

This attack has exposed weaknesses in the defences of social media platforms. Perhaps resilience and awareness of threats through this medium is not as high as it could be.

 

Local council suffers huge losses in ransomware attack

What happened?

A borough council’s computers and website were subject to a ransomware attack.

Impact

More than 135,000 residents were left without public access for over three weeks. Online appointment bookings, planning documents, social care advice, and council housing complaints systems are just some of the services that were taken offline. The cost of the attack apparently sits at around £10.4 million. This will include recovery or replacement work to the IT infrastructure and systems, the cost to individual departments, and a loss of income and collection levels for council tax and business rates.

Response

The incident was reported to the National Cyber Security Centre (NCSC), who sent a team of experts to help deal with the attack. The council have since upgraded their systems and enrolled in the SCSC scheme, which has helped ensure their cyber-defences are far more advanced than most similar government organisations.

 

American GPS and fitness tracking company suffer ransomware attack

What happened?

An American GPS and fitness tracking company were subject to a ransomware attack that encrypted some of their systems. The virus is known as WastedLocker.

Reports suggested that the company had been asked for over £7.5million to regain control of their systems, although this has not been confirmed.

Impact

Owners of the company’s products were unable to access services including website functions, customer support, and customer facing applications. Customers were unable to log in to record and analyse their health and fitness data. There was no indication that customer data, including payment information, had been accessed.

Response

The organisation is now recovering, and systems access has been restored. It is unclear whether the organisation paid the ransom to the attackers, but some reports suggest they must have, given the apparent lack of weaknesses in the WastedLocker virus. What is clear is that the organisation found the decryption key in order to release their systems and begin recovery.

 

Ransomware attack on software provider majorly impacts customers  

What happened?

An education administration, fundraising, and financial management software provider was held to ransom by a cyber-attack.

Impact

Over 20 universities in the UK, US, and Canada were impacted. Additional charities and educational organisations may have been affected as well, although it is unclear how many. Data relating to those organisations that use this software was stolen including phone numbers, donation history, and events attended. In some cases the personal details were limited to those of former students, who had been asked to financially support the organisations from which they had graduated. But in other cases it extended to staff, existing students, and other supporters. No credit card or payment information appears to have been exposed.

Response

The attack was reported to the UK’s NCSC who were working with partners in the UK and internationally in response. The affected organisation paid an undisclosed ransom demand against the advice of numerous law enforcement agencies including the FBI, NCA, and Europol. This organisation has also faced criticism for the length of time it took to inform customers of the attack. All customers and institutions affected by the hack have sent letters and emails apologising to those members of compromised databases.