April 9th, 2020
Responsible for a staggering 95,000 deaths around the globe as of April 9th, the COVID-19 crisis continues to disrupt the global economy in a manner that hasn’t been witnessed since the Second World War. Like other catastrophes, the pandemic has also led to a dramatic increase in cyber attacks. Cyber-criminals are attempting to take advantage of this global health crisis by using phishing attacks that can help them steal sensitive data or infect a user’s device with ransomware. According to a report, the global cost of cyber-crime is likely to amount to US$ 6 trillion by 2021. In this article, we look at five recent cyber attacks in 2020 that have occurred across various industries amid the pandemic.
1. Hackers Attempt to Access Marriott’s Database
On March 31st, Marriott announced that hackers managed to breach through its security systems to access an internal database. The database carried personal information of over 5.2 million customers. It is believed that the hackers used the login credentials of 2 employees that worked at the hotel franchise. According to Marriott, the hackers were able to steal guest information including names, gender, age, addresses, email addresses, and phone numbers. Other information that was stolen included their Loyalty account information, hotel preferences, employer information, and information on affiliations like airline loyalty programs. However, financial information such as credit card numbers was not accessed.
2. Mongolia’s Public Sector Targeted
Another cyber attack was reported in Mongolia, where employees who worked in the country’s public sector were targeted. The attack was carried out by distributing official-looking emails from the Mongolian Ministry of Foreign Affairs. Each email carried a word document discussing the spread of the Coronavirus.
Once the recipients opened the files, a malicious payload was executed on the victim’s computer. This allowed hackers to gain remote access to the victim’s device and steal sensitive information. They also used the opportunity to direct further attacks on other devices.
3. Ransomware Attack on Medical Firm in the UK
Many healthcare institutions in the US and the UK have also been subject to cyber attacks in 2020. Recently, Hammersmith Medicines Research became the victim of a ransomware attack carried out by a group of hackers called The Maze.
The hackers were able to breach the company’s database and accessed sensitive information of more than 2,300 patients. This included their passport copies, medical forms, national insurance numbers, and other personal information. The hackers made a ransom demand, which the organization refused to pay. Consequently, the hackers published this information on the internet.
It is unclear how the hacker group was able to breach the organization’s database. In the past, this group has utilized phishing emails and exploit kits and we can assume that a similar method was used.
4. Hackers Attack Czech Hospital Forcing a Tech Shutdown
Earlier in March, the Brno University Hospital in the Czech Republic was also hit by a cyber attack that led to a complete shutdown of the hospital’s IT network. At the time of the attack, the hospital was one of the primary testing facilities for the Novel Corona-virus. While hospital officials did not disclose how the security breach took place, the cyber attack was apparently so severe that the hospital had to cancel urgent surgeries. The hospital was forced to transfer new patients to a nearby hospital for treatment, as well.
When the attack was discovered, hospital personnel were told to shut down their computers immediately. Besides other things, the cyber attack severely compromised the hospital’s databases forcing medics to rely on manual methods for recording and storing data. Give how even a minor delay can potentially endanger a patient’s life; the cyber attack forced other nearby hospitals to re-evaluate their security systems, as well.
5. Hackers Launching Dozens of Email Scams Everyday
While they haven’t targeted one organization or industry in particular, hackers are launching dozens of Corona-virus-themed email campaigns every day. According to a security company, 80 percent of scam emails are using pandemic-related themes. The company reported witnessing nearly 140 malicious email campaigns. These contained over 300,000 infected links and 200,000 malicious attachments.
The email campaigns were being used to launch online scams, phishing attacks, and malware attacks. Some aimed at stealing log-in credentials, others asked recipients to donate to fake fundraisers, while still others carried malicious attachments that appeared to have been sent by the WHO. Opening these attachments could lead to malware or ransomware attacks and allow hackers to steal valuable information.
To make matters worse, security researchers have also discovered a new type of COVID-19-themed malware that can erase all your hard drive data and rewrite your system’s masterboot data record (MBR). If allowed access to an organization’s computer network, this malware could cripple your operations and erase months and years of essential data.
The Time to Invest In Data Security Measures is Now
Pandemic or not, hackers continue to wreak havoc across industries by penetrating organizational security systems and taking advantage of pandemic-related fears. Things are only going to get worse and we can expect the number of cyber-attacks in 2020 to continue rising.
Given the situation, organizations must adopt increasingly stringent measures for data security and backup. We are living in unprecedented times, and if you are not careful, your organization may become the victim of a cyber-attack as well.