The Top 5 Cyberattacks of April 2020

May 11, 2020

April was a tumultuous month, disrupting everyday life and making major changes to the workforce.

With so many people now working and learning from home—or simply reliant on their digital devices to keep them connected and entertained—businesses are more dependent on the internet than ever before. 

Unfortunately, the latest cybersecurity trends show hackers are taking advantage of these troubling times—preying on companies and their data more than ever before. Recent cyberattacks in 2020 have been heavily influenced by malware and ransomware, but over the past few months, other types of attacks have been significant as well. 

Inside of a data server room. See lines of computer servers.

To follow, we’ll cover the latest security attacks from April 2020, including Maze ransomware, Zoom security issues, and leaked WHO credentials. Plus, we’ll provide bonus insights on what can be learned from these attacks. 

1. Zoom Video Meetings Ongoing Saga

The most talked about cybersecurity issue in April 2020 belongs to Zoom Video Communications—just as the video meeting software became a vital tool for daily business operations across industries. 

As stay-at-home orders were put in place across the country to reduce the spread of the novel coronavirus, the need for video conferencing skyrocketed. Although security issues with Zoom began in 2019, the massive increase in use by the general public in April quickly put the spotlight on its shortcomings. 

The most prominent of these is the ease with which almost anyone can get into Zoom meetings that are meant to be private. In an attack called “Zoombombing,” people with bad intentions join meetings and screenshare images of whatever they want, usually something offensive such as adult or shock videos. 

Additional Zoom security concerns are plentiful. The company was forced to update its iOS app to stop sending user data to Facebook. It also rewrote its privacy policy to reveal that user data may be used to target ads. 

To its credit, Zoom’s response has been apologetic and swift. It's working to make the service more secure by default and to offer more security controls for hosts. Still, some schools and many companies have banned the use of Zoom.

  • Revenue Lost: Not yet calculated
  • Industry: Technology
  • Date of Attack: April 2020
  • Location: San Jose, California 

Key Takeaways

The key takeaway from the Zoom security situation is that users should be more vigilant and cautious when it comes to privacy and data. 

If you have to use Zoom, here are a couple tips you can use to stay safe:

Pay Attention to Security Settings

  • Be aware of your security settings before making any calls to avoid Zoombombs and try to avoid using the app for sensitive conversations. 

Choose Mobile Over PC

  • It’s safer to use Zoom on a mobile device than on a PC (both Mac and Windows). Apps on your cell phone or tablet are more restricted and have limited access to your data. 

2. World Health Organization Officials’ Credentials Leaked 

Among the data breaches so far in 2020, leaked credentials from important organizations fighting the coronavirus pandemic is particularly appalling.

On April 19, right-wing activists acquired over 20,000 leaked email addresses and passwords that belonged to the WHO, NIH, and the Gates Foundation. Although the SITE Intelligence Group (which monitors online extremism and terrorist groups) was unable to verify whether or not the information was authentic, the WHO confirmed that a portion of their stolen credentials were

The information was first posted to a site called Pastebin, then circulated on the 4chan message board. It was finally republished on sites like Twitter and far-right channels on the messaging app Telegram. 

According to the Washington Post, “Using the data, far-right extremists were calling for a harassment campaign while sharing conspiracy theories about the coronavirus pandemic.”

At this time, how the user credentials were obtained is unknown. According to Rita Katz, SITE’s executive director, Neo-Nazis and white supremacists “capitalized on the lists and published them aggressively across their venues.” 

Twitter is taking action to remove the posts, while the World Health Organization says none of its exposed credentials were compromised. Although other organizations refused to comment, the WHO has said that hacking attempts against it and its partners have increased since the pandemic began. 

  • Records Exposed: Just under 25,000
  • Type of Attack: TBD
  • Industry: Government
  • Date of Attack: April 19, 2020
  • Location: Worldwide 

Key Takeaways

Cybersecurity incidents involving healthcare organizations during a pandemic reveal the truly exploitative nature of hackers and misinformation. During this difficult time, many people are coming together in solidarity, but hackers are still on the prowl. What can be done?

Beef Up Security 

  • Large agencies like the WHO need to step up their security. While we don’t have the ability to change how they operate, we can change our actions. Being alert, careful with personal information, and aware of privacy policies can quickly improve security. 

Choose Information Wisely

  • For the general public, misinformation was an intended byproduct of this incident. Although it can’t exactly be prevented, it can be combated. Get your news from multiple sources that can be trusted to avoid too much bias in what you read and what you believe. 

3. IT Service Provider Cognizant Hit by Maze Ransomware

On April 18, 2020, Cognizant Technology Solutions Corp was hit by a Maze ransomware attack, which disrupted the company’s service for some clients. 

The Cognizant breach has been confirmed in a brief statement on its website. The company has employed cyber defense companies and engaged with law enforcement in efforts to contain the incident. It also notified clients right away that the company’s data was compromised. It included a list for clients to use to monitor and further secure their systems. 

During a ransomware attack, hackers launch a program to infect a company’s system, steal files, and demand payments from the company to get those files back. The Cognizant Maze ransomware attack was different from usual ransomware attacks because the hackers who use Maze threaten to publish the breached information online if they aren’t paid. 

The Maze operators have not publicly taken responsibility for the Cognizant ransomware attack, but this doesn’t mean they aren’t responsible. It could be that the operators are waiting to release names or publish personal data until negotiation outcomes are complete. 

  • Ransom Paid: Not yet disclosed
  • Type of Attack: “Maze” ransomware
  • Industry: Tech and consulting
  • Date of Attack: April 17, 2020
  • Location: Teaneck, New Jersey

Key Takeaways

Maze ransomware attacks are on the rise, but there are some helpful strategies you can use to prevent incidents like this in the future.  

Security, Security

  • Companies should always run the most up-to-date security solutions. And it’s crucial to make sure computer networks and systems are protected with current patches against the latest vulnerabilities. 
  • Use complicated passwords to protect data, as well as employ multi-factor authentication to provide an extra layer of protection against hackers

Don’t Forget About Employees 

  • One security measure that often gets overlooked is ongoing employee training. Staff should receive updated education on the risks and methods cybercriminals use to get into organizations. 

4. Mediterranean Shipping Company (MSC) Malware Attack

On April 9, 2020, Mediterranean Shipping Company (MSC) fell victim to a malware attack, which caused a data center outage and shut down its primary customer websites for five days. 

The company determined that “it was a malware attack based on an engineered targeted vulnerability.” Some servers were targeted by file-encrypting malware at the Geneva headquarters, but MSC has not been able to identify any lost or compromised information. The company hasn’t reported any lost revenue related to the incident. 

MSC has openly complied in sharing the details of the attack so that others in the industry can learn from what happened. The company says it has updated all security measures and conducts regular cybersecurity training for all employees. At this time, MSC ensures customers that it’s safe to communicate with the company via email. 

This was another 2020 data breach likely leveraged by implications of the coronavirus. Officials warn that malware and ransomware attacks are on the rise as hackers take advantage of the less tech-savvy industries, such as transportation. 

  • Revenue Lost: N/A
  • Type of Attack: Malware
  • Industry: Shipping 
  • Date of Attack: April 19, 2020
  • Location: Geneva, Switzerland

Key Takeaways

Recent cyberattacks have highlighted what companies often do wrong. The MSC malware attack, on the other hand, show how a company can mitigate the most severe impacts of a breach when it reacts promptly and appropriately.

MSC’s Commendable Response 

  • It’s important to note that MSC is doing everything right. It remains updated on security measures, educating its employees, and is operating under safe practices. Thanks to its responsible practices, the impact was relatively minimal.

Industry Disadvantage

  • Certain industries like shipping and manufacturing are simply more susceptible to cyberattacks, especially during times of crisis like the current pandemic. In the shipping industry, especially, that often lacks around-the-clock monitoring, attacks can operate in the background and go undetected for many months. 

5. Ragnar Locker Ransomware Hits Portuguese firm EDP with $10.9M Demand

A multinational energy company based in Lisbon, Portugal, Energias de Portugal (EDP) faces one of the most financially catastrophic cyberattacks in recent months. 

EDP was successfully targeted with Ragnar Locker ransomware. The attackers demanded the company pay a $10.9 million ransom in exchange for the return of 10 TB of data, which contains confidential details concerning billing, contracts, transactions, clients, and partners. In the ransom note, the hackers claimed that if the ransom goes unpaid, all of this information will be published. At this time, EDP has not indicated they will pay the ransom. 

Rangar Locker ransomware infects a system in a way that prevents detection. Although it has not affected the company’s energy supply, the EDP ransomware attack has the potential to severely damage the organization’s infrastructure. EDP remains tight-lipped on what steps it’s taken to investigate and whether or not security measures have been put in place in an attempt to mitigate the damage. 

  • Ransom Demanded: $10,900,000 
  • Type of Attack: Ransomware
  • Industry: Energy
  • Date of Attack: April, 2020
  • Location: Lisbon, Portugal

Key Takeaways

The $10.9 million ransom figure is shocking, but EDP’s refusal to pay the ransom should help it in the future. When a company refuses to pay a ransom and tightens up security, it decreases its risk of being attacked again. 

Back It Up

  • An incredibly valuable tactic for a company is to keep backups of all important data. While ransomware hackers could still release sensitive data, at least your organization retains access to everything it needs.

Identify Risk and Recovery 

  • If you can’t back up your data, at least create a plan for risk and recovery in case your company experiences a ransomware attack. With a plan in place, you’ll be better prepared to weather a cybersecurity storm. 

The Next Attack

Recent breaches highlight that cyberattacks are on the rise in 2020, but it’s also true that cybercrime has continuously transformed and increased over the last decade.  The ever-upward trend may be disconcerting, but there is a silver lining. 

Because we do our best to document these threats and detail what happened, we can learn from them. Staying informed on cybersecurity issues as they evolve is how we can intelligently combat future attacks and enhance and strengthen our own security solutions. 

Stay Ahead of Cyberthreats

Cyberthreats are everywhere and, ultimately, breaches are inevitable. However, Arctic Wolf provides critical threat hunting and detection to safeguard you from complex threats and damaging data breaches. Learn more about what we do and the services we provide today. 

Previous Article
COVID-19 Weekly Threat Roundup: May 15
COVID-19 Weekly Threat Roundup: May 15

The May 15 COVID-19 Weekly Threat Roundup highlights recent cyberattacks, featuring information on IOCs, at...

Next Article
COVID 19-Weekly Threat Roundup: May 8
COVID 19-Weekly Threat Roundup: May 8

×

Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Company
!
Thanks for subscribing!
Error - something went wrong!