2020 didn’t exactly match up to what we imagined it might be like. It was going to be pretty cool, even Jetson-like!
Instead, we got this.
As a result of this dumpster fire of a year with Covid-19 shutdowns, quarantines and the Presidential election, people are tired.
To add insult to injury, 2020 was also one seemingly never-ending cyber attack.
From Twitter and Zoom to MGM and Marriot, hackers had a field day. Worse, they took direct aim at the healthcare industry, attacking hospitals and research institutions worldwide. One person might have even died as a result of one of these attacks in Germany.
There’s an awful lot to cover here. Let’s dive into the year’s most memorable cybersecurity events.
In 2020, the healthcare industry took center stage (for better or worse)
Some of the most concerning – and disturbing – attacks took place in the healthcare and medical sector throughout 2020. Unfortunately, the threat is only increasing. Some of the year’s most noteworthy events:
- The World Health Organization was targeted in March by elite hackers, who activated a malicious site mimicking the WHO’s internal email system.
- The following month, Magellan Health discovered a massive breach to its systems. Months later the tally of affected victims is now said to be around 1.7 million.
- In April, a senior cybersecurity official with the FBI said foreign government hackers broke into the systems of companies conducting research into treatments for COVID-19.
- In early September, Germany’s Duesseldorf University Clinic discovered its systems had been disrupted. The hospital said investigators found that the source of the problem was a hacker attack on a weak spot in “widely used commercial add-on software.” It was widely reported that a woman who needed urgent admission died after she had to be taken to another city for treatment. However, later reports disputed this. Nonetheless, the cyber attack was severe. The clinic’s systems gradually crashed, and the hospital was not able to access data. Add the fact that patients did have to be turned away, the conclusion can only be that this was truly a severe attack.
- Also, in September, computer systems for Universal Health Services, which has more than 400 locations, primarily in the US, began to fail. Some hospitals had to resort to filing patient information with pen and paper. The attack on the major hospital chain may be one of the largest medical cyber attacks in US history.
- In November, two global firms with reported ties to the COVID-19 pandemic response faced cyber attacks. Miltenyi Biotec reported a system outage caused by a malware attack, while cold storage giant Americold, previously in talks to provide storage for the distribution of COVID-19 vaccines, experienced a “cybersecurity incident.” Miltenyi is a global biotech firm based in Germany with offices in 73 countries, including several in the US. The company is responsible for supplying SARS-CoV-2 antigens for research firms tasked with working on COVID-19 treatments.
Naturally, worldwide, civic, and business leaders began calling for a stop to the attacks.
In October, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that hospitals and healthcare facilities must keep an extremely close watch on all their systems.
HIMSS, widely regarded as a top provider of medical industry information and tradeshows, recently revealed results of its 2020 Cybersecurity Survey. Unsurprisingly, it showed that breaches, ransomware and other security incidents are growing larger and more disruptive at healthcare organizations and that scam artists, cybercriminals and even nation-state actors becoming ever more brazen and persistent. The study also showed that phishing remains the most common initial vulnerability, allowing bad actors an entry point from which they can exploit hospital IT systems.
This year, no industry was safe from cyber attack
Unfortunately, cyber attacks know no bounds. And that fact proved to be true especially true this year.
In February, MGM Resorts International confirmed the company was hacked after a report was released detailing information a massive compromise of customer information: More than 10 million former hotel guests.
Shortly after that, ZDNet released a report that revealed 10,683,188 guests were affected after MGM’S cloud server was hacked.
Months later, there was a new discovery of over 142 million guest credentials on the dark web by ZDNet. The new finding came to light after a hacker put up for sale the hotel's data in an ad published on a dark web cybercrime marketplace. According to the ad, the hacker was selling the details of 142,479,937 MGM hotel guests for a price just over $2,900. Not only that, with that huge trove of information it meant the data breach included information not just from the MGM Grand, but from a plethora of MGM Resorts properties. MGM had previously contacted guests that were impacted by the data breach, but these new numbers indicated there may be over ten times as many that were not contacted and are not aware that their personal information has been compromised.
The original MGM breach occurred in the summer of 2019 when a hacker gained access to one of the hotel's cloud servers. The rest, as they say, is history.
Marriot Data Breach
In March, Marriott International announced it would be notifying some of its guests that in February, it identified an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. The activity began in mid-January 2020. Once discovered, Marriott was able to disable the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. At that time, the company said it believed that information for up to approximately 5.2 million guests was compromised.
It was a massive amount of data including contact details (e.g., name, mailing address, email address, and phone number), loyalty account information (e.g., account number and points balance, but not passwords), additional personal details (e.g., company, gender, and birthday day and month), partnerships and affiliations (e.g., linked airline loyalty programs and numbers), preferences (e.g., stay/room preferences and language preference).
According to the Marriot, hackers might have obtained credentials of their employees either by credential stuffing or phishing. Previously, the hotel giant announced a data breach in late 2018 in which up to 500 million guests were impacted.
The popularity online communication tools skyrocketed not long after the pandemic reared its ugly head. Overwhelmed with new site traffic – read: unsuspecting consumers – it’s no wonder hackers set their sights on Zoom.
In April, word got out that 500,000 stolen Zoom passwords were up for sale. That included account credentials, usernames and passwords, all of which were made available on a dark web crime forum. According to Forbes, some were given away for free while others were sold for as low as a penny each.
At that time, Zoom released a statement that the company had “already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”
And update their security protocols they did. But how did the hackers obtain so much personal information to begin with? Threat intelligence provider IntSights cracked the case.
It was a four-step process which involved:
- Collecting databases from a variety of online crime forums and dark web supermarkets containing usernames and passwords compromised from various hack attacks dating back to 2013.
- Writing a configuration file for an application stress testing tool, which was then pointed at Zoom.
- Employing a credential stuffing attack to avoid the same IP address being spotted across multiple Zoom accounts. Lags between attempts were also introduced.
- And finally, taking all the valid credentials and collating them, thus creating a new database for sale.
In May, budget European airline EasyJet announced it suffered a major cyber attack from what it described as a “highly sophisticated” source. As part of the disclosure, it revealed the unauthorized access to its systems had been closed off. But the company had known about the hack since January.
An investigation by the airline revealed that approximately nine million customers had their email addresses and travel details accessed, while 2,208 customers had their credit card details exposed.
The attack was reportedly conducted by the same group of Chinese hackers responsible for other attacks on other airlines.
In a statement, EasyJet CEO Johan Lundgren said the company takes the cyber security of its systems seriously, “however, this is an evolving threat as cyber attackers get ever more sophisticated.” He added that the company will continue to invest in protecting its customers, systems and data and that, “we would like to apologize to those customers who have been affected by this incident.”
Within a month, 10,000 people joined a class-action lawsuit. The suit was filed by the law firm PGMBM, who released this statement: “This is a monumental data breach and a terrible failure of responsibility that has a serious impact on EasyJet’s customers, who are coming forward in their thousands,” Tom Goodhead, PGMBM’s managing partner, said in a statement. “This is personal information that we trust companies with, and customers should expect that every effort is made to protect their privacy.”
What is in store for 2020? It is unlikely the attacks will significantly slow down anytime soon unless hackers suddenly gain a conscience. But the silver lining is that governments, companies, and citizens are more aware than ever of the threat of attacks, fake apps and sites. People are finally taking cybersecurity more seriously. Knowing that everyone is in this together in the fight against hacking can (hopefully) make us sleep a little better.
Garmin suffered from a major ransomware attack during the summer that was described as devastating and horrifying.
Its website was crippled and customer support was disrupted. The attack caused a five-day outage for the company, during which time, users feared that the hackers might have also stolen their personal details along with geolocation history from the Garmin's servers. Fortunately, it appears that Garmin user data is safe.
Garmin is most commonly known for its fitness tracking capabilities in the form of GPS wearables, but the corporation also operates in the aviation space. Consequently, some planes whose aviation infrastructure relies on Garmin technology were also affected by the hack.
The flyGarmin and Garmin Pilot apps both suffered days-long outages, hindering some Garmin hardware used in planes, including flight-planning mechanisms and the ability to update mandatory FAA aeronautical databases. Its ActiveCaptain maritime app may have also suffered outages.
Hackers deployed the ransomware tool WastedLocker, which encrypts key data on a company’s digital infrastructure. Garmin’s website functions, customer support, and user applications were all affected. WastedLocker renders programs useless until decrypted and then the attackers demand a fee for the decryption key. It is believed that Garmin paid a whopping $10 million ransom.
Ready or not, the future is already here
What is in store for next year? It is unlikely the attacks will significantly slow down anytime soon unless cyber criminals suddenly gain a conscience. But if there’s any silver lining, it is that all of these events are wake up calls to the many threats that cyber attacks pose and cybersecurity is finally being taken more seriously. Knowing that everyone is in this together in the fight against hacking can (hopefully) make us sleep a little better. And while 2021 is sure to bring its own set of challenges, there is no doubt we will collectively take steps toward a safer online world.