The Top Cyber Attacks of March 2020

Share :

Social distancing, as a global response to the COVID-19 pandemic, has driven people to work from home and shop online in ways no one could have imagined just a month or two ago. And with this boom in online activity comes even more online security risks.

Making things worse, the most recent data breaches of 2020 continue to see government and healthcare organizations as prime targets, even amid a pandemic. Hackers are ruthless.

In fact, many scams and fake Covid-19 websites have appeared in an effort to trick consumers. And organizations have faced attacks like phishing and distributed denial of service (DDoS), in particular, over the past month.

Piling on to the dozens of recent security breaches this year in January and February, the number of attacks has continued to skyrocket throughout March, 2020. These incidents are just a sample of the cyber security breaches in 2020 so far.

March 2020 Cyber Crime Stats

Below are some key stats from the recent hacking incidents in March.

  • Breaches Reported: 67
  • Most Popular Threat: Ransomware
  • Biggest Breach: The Dutch government revealed the loss of hard drives containing the personal info of 6.9 million organ donors.

DDOS Attack on the U.S. Department of Health & Human Services

One of the most recent data breaches was an alarming attack on the U.S. Department of Health and Human Services on March 15.

At first, the agency noticed an increased amount of activity was hitting their servers. In a matter of hours there were millions of hits. While this number of hits was significant, the attackers did not succeed in taking down, or even significantly slowing down, the department’s systems.

The Department of Health and Human Services remained fully functional as they investigated the incident. While it hasn’t yet been confirmed, this DDoS attack is suspected to have been orchestrated by a foreign state. There was no indication that a breach occurred; only attempts to overload the systems.

  • Type of Attack: DDOS
  • Industry: Government
  • Date of Attack: March 15, 2020
  • Location: Washington, D.C.

Key Takeaways:

DDoS attacks can go on for multiple hours (and, in some cases, for days). While the department fortunately didn’t notice any significant slow-downs or outages, this could have been catastrophic for them without proper security measures. Here are several takeaways:

  • Invest in reliable security tech. Strong firewalls and similar technologies to prevent DDoS attacks can make organizations and businesses a difficult target. Technology changes quickly and with that IT security must evolve too.
  • Stay ahead of attacks with a security operations center. A security operations center provides monitoring and alerting. Threats such as DDOS attacks can be caught swiftly, alerting the right resources to restore operations.

Phishing Attack on the World Health Organization (WHO)

Hackers targeted the World Health Organization (WHO) in another attempted data breach. In this phishing incident, attackers created a fake website to imitate a login screen used by WHO employees. The attack to steal employee passwords was unsuccessful the website was exposed as fraudulent right after it went live on March 13.

Cybersecurity experts suspect the attack was organized by a hacking group called DarkHotel. A cyber-espionage group, DarkHotel saw WHO as a desirable target, especially in the midst of a pandemic. WHO has played a vital role in the pandemic and has research, reports, and other sensitive data that are crucial in responding to the pandemic and other health crises. The incident makes it clear just how ruthless hackers can be when it comes to choosing their victims.

  • Records Exposed: N/A
  • Type of Attack: Phishing
  • Industry: Healthcare
  • Date of Attack: March 13, 2020
  • Location: Worldwide

Key Takeaways

These cybersecurity incidents demonstrate the total absence of boundaries that attackers have when it comes to their targeted victims or the timing of their attacks. Recent cyberattacks in 2020 clearly indicate that organizations should take additional steps to protect themselves, their data, and consumer information.

  • Communicate cybersecurity best practices: In this case, researchers from security and technology firms caught this attempted attack shortly after the site went live. Sharing information and technology tips can help organizations bolster their own security processes for a fast and impactful response.
  • Constantly monitor for suspicious activity: In light of today’s threats, 24×7 monitoring is crucial to alert for suspicious behaviors and attempted attacks.

Ransomware Strike on the Fort Worth Independent School District

Data breaches can impact any individual, business, or public entity. School districts, like the Fort Worth Independent School District, are no exception. The school district found this out the hard way during first week of March when they were hit with a ransomware attack.

The attack caused employee computers to stop working and triggered issues with the district’s website. A ransom has been demanded, but the school district reported it has no plans to pay.

Up to this point, there is no indication the hackers obtained anyone’s personal information or financial data. During the attack, however, the district did lose some of its own materials and data, including course synopses. The school district is currently collaborating with technology firms in attempts to retrieve the lost information. Thousands of other devices that connected to the district’s network were checked to ensure that ransomware wasn’t installed.

  • Records Exposed: Unknown
  • Type of Attack: Ransomware
  • Industry: Education
  • Date of Attack: March 3, 2020
  • Location: Fort Worth, TX

Key Takeaways

What was learned from this data breach? Well, several things come immediately to mind when considering this incident and breaches like it.

  • Organizations must plan ahead: The plan should span across the company’s need to prevent and recover from cyberattacks. This plan should include training, ways to elevate security posture, and processes for backing up files.
  • Train staff on sniffing out suspicious emails: Though the cause of this ransomware infection is unknown, the most common way ransomware can infect a system is by downloading a malicious attachment or clicking on an unknown link. Staff should be taught how to identify suspicious emails at a minimum.
  • Keep backups up to date: Backing up systems and files can help prevent loss of files and other digital materials. Keep in mind, though, backups must also put in place protections against cyberattacks.

Employees in an office meeting to over their security plan.

City of Torrance Systems Compromised

In the early morning hours on March 1, 2020, the city of Torrance, California, fell victim to a  cyberattack. Servers were impacted, which caused hours-long interruptions in computer access to several departments throughout the city. Access to email was lost, credit cards couldn’t be processed, and the website completely lost its functionality.

This caused a headache not only for those who worked to restore the city’s servers and data, but also for other employees who had to use temporary email accounts in order to perform some of their core job functions. The attack caused quite a disruption and took plenty of extra work to get systems back up and running.

Although the attackers were able to take down the city’s systems, it’s believed that no personal data was compromised during this incident. Torrance did not disclose whether a ransom had been demanded by the attackers.

  • Records Exposed/Ransom Paid/Revenue Lost: Unknown
  • Type of Attack: Ransomware/Malware
  • Industry: Government
  • Date of Attack: March 1, 2020
  • Location: Torrance, CA

Key Takeaways

Among the most recent cyberattacks in 2020, ransomware/malware is the most common. While attackers always find new ways to fly under the radar, there are several ways a company can protect itself from attacks.

  • Train employees to spot phishy emails: Businesses should train employees on how to identify potential phishing emails. This will reduce the chances of them clicking on a malicious link or attachment.
  • Partner with a dedicated IT security force: Investing in IT security services for monitoring and alerting can help spot malicious behaviors early—and can help thwart attackers.

Data Breach at Medical Research Center

Cyberattacks continue to increase in healthcare, even in the midst of a pandemic. A recent target was Hammersmith Medicines Research, which was recently designated to test potential COVID-19 vaccines.

IT and security teams discovered the attack while it was still in progress, which helped minimize its impact. Nonetheless, the attackers were able to obtain data that included patient records. This is one of the latest cyberattacks where stolen information has since been published online.

The incident was likely committed by Maze Ransomware, a group notorious for threatening to release confidential data unless a ransom is paid. The research center victimized in this incident have reported no intention to pay a ransom for the stolen data.

Just days after this attack, those behind Maze Ransomware made a promise to not attack healthcare services. Time will tell if they’ll hold true to this promise.

  • Records Exposed: Unknown
  • Type of Attack: Ransomware
  • Industry: Healthcare
  • Date of Attack: March 14, 2020
  • Location: London, U.K.

Key Takeaways

Cybersecurity experts say to never pay a ransom demand, which this research center has no plans to do. By refusing to pay, they reduce the risk of another attack from this group, especially if they ratchet up their security posture with new technologies, skilled expertise, and resources. But what else can be done to prevent incidents like this?

  • Craft a containment and recovery plan: Healthcare organizations and other businesses should plan by putting an incident response plan into place. The plan should detail potential risk as well as containment and recovery.
  • Update your security tech: Technology evolves quickly. Especially software, and security software can become outdated before you know it. Bolster firewalls and email security with the latest and most advanced products to help mitigate attacks such as this.

The Next Breach

The question shouldn’t be when will the next breach occur. Instead, given the number of cyberattacks this year constantly increasing, we should ask: “Has there already been a breach today?”

What’s more, the increase in cyberattacks over the last decade reveals the importance of preparation when it comes to IT security. These latest attacks indicate that cybercriminals show no sign of slowing down despite the pandemic. To the contrary, they are ramping up their devious strategies as they continue to hit organizations and businesses both large and small.

Stay Ahead of Cyberthreats

As we’ve seen so far in 2020, security breaches are trending north with no signs of slowing down. So, consider implementing a security operations center (SOC)-as-a-service from cybersecurity professionals such as Arctic Wolf to protect your customers and your business.

With the help of experts, you’ll effectively bolster your security to improve overall operations in areas such as monitoring, detection, and reporting. Request a demo or contact us to learn more.

Picture of Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Subscribe to our Monthly Newsletter