The Top 5 Cyberattacks of June 2020

July 9, 2020
As we saw in May, cyberattacks are on the rise as remote work requirements and digital communications surge due to the ongoing COVID-19 pandemic. Universities, large corporations, and even national governments are vulnerable in these circumstances and are relentlessly targeted by cybercriminals.  
 
Hackers launched assaults of all kinds in the month of June alone, demanding millions of dollars in ransom, and even launching cyberattacks against potentially lifesaving COVID-19 research. What can be done to stop them? 
 
To follow, we lay out the most prominent cyberattacks of June 2020, and what you can do to prevent them from happening to you. 

5. LinkedIn “Job Offers” Spear Phishing Attacks

One of the most recently disclosed attacks, the LinkedIn spear-phishing incident “Operation In(ter)ception,” targeted unsuspecting employees of European and Middle Eastern aerospace companies. Victims were sent fake job offers from renowned companies in the aerospace sector, namely Collins Aerospace (formerly Rockwell Collins) and General Dynamics. 
 
The attackers posed as human resource employees from these companies. Within the bogus job offer packages were documents designed to install malware, harmful software that can cause breaches exposing data. The attack was carried out using a “living off the land” method, as the assailants abused Windows Task Scheduler (via Command Prompt utility) and Certutil to fly under the radar as they worked. 
 
Present investigations allege that the goal was espionage, but with the discovery of a BEC (business email compromise) incident monetary motives are possible. The attack yielded information on employees and administrative accounts by querying the Active Directory (AD), and recovered both technical and business information about the victim companies. In attempts to identify the suspects, ongoing investigations point to potential links to North Korea’s Lazarus Group due to the nature of the targeting and techniques used in the attack. 
  • Records Exposed: Number currently undisclosed
  • Type of Attack: Spear phishing
  • Industry: Aerospace
  • Date of Attack: September-December 2019
  • Location: Europe, Middle East
Key Takeaways
 
One of the key takeaways here is the reaction of the customer who was urged to pay an invoice in the BEC portion of the attack. They reached out to company officials instead of succumbing to the BEC, enabling them to take immediate action. Individuals in all sectors must be aware of the common signs of phishing attacks in order to react in the same way this customer did. 
 
Quick Tip 1
 
Researchers are warning the public to remain wary of the telltale signs of phishing attacks. These include spelling errors and suspicious email attachments.
 
Quick Tip 2
 
Deploy measures of protection for all electronic communications, such as spam filters, antivirus software, and requirements for encryption in employee communications and company data. 
 
A woman sitting at a table looking at her open laptop while on the phone.

4. Care New England's Data Security Incident

Another major attack occurred on June 16. The website of Care New England (CNE), a Rhode Island healthcare system encompassing Women & Infants, Kent, and Butler Hospitals, was shut down due to an attack that is still under investigation and is not yet specified. Hospital officials have stated that there is currently no reason to believe that patient records were compromised.
 
The website was down for almost an entire week, finally resurfacing when the company confirmed on June 22 that they were, in fact, the victim of a cyberattack. Among the operations impacted by the attack were email services, chemo infusions, and radiology. The relatively swift, six-day resolution period brought all systems back online at full capacity unusually quickly. 
 
The speedy recovery was crucial for the company since the affected operations were critical to patient care and time-sensitive services. CNE is currently working with its IT partners to investigate the matter thoroughly, so healthcare officials are currently unable to disclose further details of the incident. The investigation is still in its early stages, so it may be some time before the public learns the type of attack and details about how the system was infiltrated. 
  • Records Exposed and Revenue Lost: Investigation ongoing
  • Type of Attack: Investigation ongoing
  • Industry: Healthcare
  • Date of Attack: June 16, 2020
  • Location: Providence, RI
Key Takeaways
 
To strengthen cybersecurity posture and prevent attacks such as the one that befell CNE, implement the techniques below.
 
Quick Tip 1
 
Establish a routine cybersecurity training program systemwide. All healthcare staff must know the signs of ransomware, malware, phishing, and other types of cyberthreats, along with how to avoid them.
 
Quick Tip 2
 
Install a firewall and antivirus software on any device that can connect to the internet. (These software defenses must be updated regularly to achieve maximum security.)

3. Australian Government Targeted by State-Sponsored Attack

Outside the steps of the Melbourne Parliament House in Australia.
 
In one of the most extensive recent security breaches, all levels of the Australian government were targeted in an ongoing virtual assault. According to Prime Minister Scott Morrison, these threats are not new but have been increasing in intensity over the last few months. This recent breach reached sectors outside of the political arena, affecting multiple industries including healthcare, education, water supply, and telecommunications.
 
Although Morrison would not confirm the allegations publicly, many sources have concluded that China may be behind the cyberattacks plaguing the Australian government. The Prime Minister would only assert that the attacks were “state-based,” but made no further commentary. Australia’s Council on Foreign Relations holds that China, Russia, and Iran are the top three candidates with the capacity to carry out such an enduring cyberattack.
 
The attackers employed remote code execution techniques to target the vast Australian networks. Three specific systems have been identified as vulnerable to this type of attack: Microsoft Internet Information Services (IIS), SharePoint, and Citrix. Each of these programs is critical to maintaining the security and operations of websites, mobile applications, and cloud-based communications and activity.
  • Revenue Lost: Not yet calculated
  • Type of Attack: Remote code execution
  • Industry: All levels of Australian government and industry
  • Date of Attack: These attacks have been ongoing for several months, however, the Australian government recently issued a statement on June 19, 2020 due to their increasing frequency.
  • Location: Australia, countrywide
Key Takeaways
 
Australian history has a long list of cyberattacks, so it is surprising that they have not yet implemented effective protective measures. The results of surveys administered to businesses nationwide in addition to advice from the Australian government encourage the enactment of the following measures to prevent further harm:
 
Quick Tip 1
 
Use multifactor authentication to secure cloud-based activities and communications, and all devices connected to the internet.
 
Quick Tip 2
 
Approximately 44% of employees put their employers at risk by opening links from questionable emails and ignoring software updates. Do not engage with unverified sources and keep security software updated.

2. Carmaker Honda Targeted in Ransomware Attack

Honda, one of the world’s leading automobile manufacturers, fell victim to another cyberattack in June 2020 that halted standard operations in multiple plants. It’s believed this attack was specifically designed to affect Honda’s internal systems, as the hackers demanded a ransom from IT managers in exchange for the restoration of the system’s full functionality. 
 
In early June, representatives revealed that the attacks were hindering access to computer services, disrupting email communications, and posing significant challenges to the use of many internal systems. Plant production outside of Japan took a significant hit, impacting sales and development processes. The automotive manufacturing giant has noted that, when compared to the same quarter in 2019, Honda has seen a 25% uptick in cyberattacks, specifically ransomware targeting its systems. 
 
Several investigators determined that Ekans ransomware (also known as “Snake ransomware”) is the key mechanism at play. The attack was launched after malware, designed for file encryption, was uploaded to an analysis service known as VirusTotal. The sample contained references to a Honda internal subdomain, mds.honda.com. Fortunately, Honda confirmed that there were no data leaks and the overall impacts to the business were minimal. 
  • Revenue Lost: Not yet calculated
  • Type of Attack: Ransomware
  • Industry: Automotive
  • Date of Attack: June 7, 2020
  • Location: Global
Key Takeaways
 
To prevent further attacks such as this in the future, Honda must pay better attention to segmentation within its networks. The scale of this attack indicates that its network is not segmented in a manner that prevents jumping between business operations. 
 
Quick Tip 1
 
Perform annual IT risk assessments and penetration tests to identify weaknesses in the network and understand potential threats. 
 
Quick Tip 2
 
Implement network segmentation by either:
  • Developing demilitarized zones and gateways with varying security requirements
  • Using IPsec (Internet Protocol Security) to isolate servers and domains

1. California University Pays $1.14 Million Ransom

The University of California, San Francisco (UCSF) recently fell victim to a ruthless ransomware attack where Netwalker hackers demanded—and received—$1.14 million. It paid the ransom due to the sensitivity of the information encrypted in the attack. UCSF’s School of Medicine has worked adamantly on the development of antibody testing for COVID-19, and the data encrypted was directly related to this work. 
 
Hackers penetrated the university’s system in an opportunistic fashion, using malware that ultimately encrypted multiple servers. Major services of UCSF’s School of Medicine were hindered, while the broader campus network, operations related to patient care, and COVID-19 research were able to progress, generally uninterrupted. Numerous IT systems within the school’s network have been quarantined as a safety precaution, but the incident was entirely isolated from the UCSF network core. 
 
In a statement released by the university, officials said that no particular area was targeted in the attack. They currently do not believe that patient records were compromised. Fortunately, their development progress was not significantly impeded, and they are working with an undisclosed team of cybersecurity experts to restore full functionality to affected servers. 
  • Ransom Paid: $1.14 million 
  • Type of Attack: Ransomware
  • Industry: Education
  • Date of Attack: June 1, 2020
  • Location: University of California, San Francisco
Key Takeaways
 
Experts advise against paying ransom in these circumstances, and stress the importance of caution when encountering suspicious webpages. 
 
Quick Tip 1
 
Upon the first alert of a ransomware attack, notify the authorities. Never pay the ransom demanded, as this encourages the criminals to continue their harassment.
 
Quick Tip 2
 
Back up all critical systems, both in the cloud and locally. This way, sensitive information will be kept in an area where it cannot be easily accessed by hackers and the system under attack can be wiped clean upon the first alert of the assault. 
 
The Next Attack
 
2020 cyberattacks keep growing in frequency as people become increasingly reliant on online solutions amid the novel coronavirus pandemic. Cybercriminals are intent on exploiting weaknesses in developing technology and targeting valuable data in all industries. 
 
The breaches of 2020 show that hackers’ strategies are evolving from those used in the biggest cybersecurity incidents of 2019. Companies must do all they can to protect their systems and ensure they aren’t the next one to suffer a breach. 
 
Stay Ahead of Cyberthreats with Arctic Wolf: The Leader in Security Operations
 
Cybersecurity incidents keep trending upward and there’s no end in sight. With this in mind, security is more important than ever. All companies and government agencies risk being attacked, especially if they don’t continue to raise their cybersecurity posture.
 
Need advice on cybersecurity? The Arctic Wolf Concierge Security® Team can help you improve your security and protect your business. Request a demo or get in contact with us today.  
Previous Article
The Need for Security Effectiveness in the Cloud
The Need for Security Effectiveness in the Cloud

IT budgets spent on the cloud are rising rapidly, presenting new issues for teams to deal with. Learn what ...

Next Article
The Honda Cyberattack Highlights Growing Problems for Manufacturers
The Honda Cyberattack Highlights Growing Problems for Manufacturers

The Honda Cyberattack highlighted the growing need for manufacturing companies to improve their cybersecuri...

×

Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Company
Country
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!