The Top Cyberattacks of February 2020

March 10, 2020
 
January showed that cyberattacks would ratchet up in 2020, just like they did the year before—and the year before that. What’s more, February provided further indication that this trend will continue well into the future. 
 
The attacks vary in size and severity, but even smaller attacks can cause significant damages. It’s imperative that businesses and organizations take steps to protect their data and the personal information of consumers.
 

February 2020 Cybercrime Stats

Below are a few important attack-related states seen throughout the month:
  • Number of breaches in February: 105
  • Most Popular Threat: Ransomware
  • Biggest Breach: MGM Data Breach
What are some of the recent hacking incidents 2020 has seen? Here’s a rundown of significant cyberattacks we saw in February.

Ransomware Attack Forces Gas Pipeline Shutdown

One of February’s data breaches occurred at a gas compression facility that manages power stations and electrical grids. The incident began when an employee at the facility clicked on a malicious link in an email.
 
This single event gave the hacker access to the IT and operational technology networks where they then installed ransomware—causing some systems and monitors to malfunction.
 
As a result, the pipeline was shut down for two days while the facility raced to restore operations. Though only one facility was the target in this incident, other locations were forced to close as well, resulting in additional revenue loss.
 
The compression facility resumed operations after restoring to the last safe computer configurations and replacing some equipment. The Cybersecurity and Infrastructure Agency (CISA) has not released the organization, location, or date that the attack occurred.
  • Revenue Lost: Unknown
  • Type of Attack: Ransomware
  • Industry: Oil and Gas
  • Date of Attack: February 2020
  • Location: Unknown
Key Takeaways
 
Recent security breaches often bring to light areas in policies and procedures that need improvement. This incident is no different. In fact, the facility’s emergency response plan did not include a plan to address cyberthreats. The company also suffered from a lack of ongoing cybersecurity training.
  • IT Security Training: Ongoing cybersecurity training is essential in the digital age. Ensuring employees stay current on cybersecurity best practices can help prevent breaches caused by clicking malicious links such as in this case. Employees should have the tools to identify and report suspicious emails or activity.
  • Emergency Response Plan: The facility did have an emergency response plan; however, it did not account for cyber threats. The plan should include the six phases: preparation, identification, containment, eradication, recovery, and lessons learned.

Office meeting going over IT security.

MGM Hotel Guest Information Published

The personal information of 10.6 million guests who had stayed at MGM Resorts was leaked on a hacking forum in February. This included the names, addresses, phone numbers, birth dates, and email addresses of individuals ranging from tourists, celebrities, tech CEOs, and government employees.
 
Although personal information was leaked, credit card numbers and password data were not breached.
 
In this case, the incident actually began in the summer of 2019. That summer, MGM employees discovered there had been unauthorized access to a server. Since that breach, the stolen information has been shared in several hacking forums. 
 
Immediately following the discovery of the incident, MGM notified impacted individuals. In February 2020, the data breach came back to light after it was published again in a more public and accessible forum. The hacker behind the ransomware attack is suspected to be associated with the hacking group Gnostic Players. This group is known to have published more than one billion records during 2019 alone.
  • Records Exposed: 10.6 Million
  • Type of Attack: Cloud Misconfiguration (Vulnerability Hack)
  • Industry: Hospitality
  • Date of Attack: Initial incident occurred in Summer 2019, but the guest information was re-released on a forum the week of February 17.
  • Location: United States
Key Takeaways
 
Once personal data is hacked and released, it’s on the internet forever. The personal information of these 10.6 million hotel guests will likely continue to be passed from forum to forum. MGM handled the aftermath of the incident well by immediately notifying those impacted once the breach was discovered.
 
But what can businesses and corporations do to help deter cybersecurity attacks?
  • Strengthen Policies: Information security policies and an incident response plan should be put into place and periodically reviewed with employees. 
  • Training: Provide ongoing security training on a routine basis. Technology changes quickly and  so do the tactics that hackers may use. Just for starters, employees should understand how to identify suspicious emails and links.

Government of Puerto Rico Victimized by Phishing Scam

One of the more recent cyber breaches occurred at the government level. On February 12, Puerto Rico announced that an industrial company it owned fell victim to a phishing scam in an attempt to steal over $4 million. This started in December 2019 when a hacker compromised an employee’s credentials during a phishing attack. The hacker then posed as the employee and sent emails stating there had been a change in bank accounts. 
 
Two agencies fell victim to the phishing scam with the industrial development company paying out more than $2.6 million in January alone. The scam was uncovered by an employee in the finance department who questioned why they hadn’t been receiving payments. $2.9 million has been frozen by authorities, but the amount the hacker was able to obtain has yet to be released.
  • Revenue Lost: $2.6 million
  • Type of Attack: Phishing
  • Industry: Government
  • Date of Attack: Scam reported to officials on February 12
  • Location: Puerto Rico
Key Takeaways
 
Phishing attacks are increasingly common and each one gives valuable lessons to learn and apply in the future. In this case, sensitive data was not verified. The hacker had sent emails posing as an employee and providing new bank information. Had the recipients attempted to verify the requests initially, revenue may not have been lost. 
 
Additionally, this scam began in December 2019 and was not discovered for nearly two months. A couple of key takeaways from this latest cyberattack are: 
  • Verify Financial Requests: Before updating banking or other sensitive information, verify the details of the request, including the email address and website URL. Verify details of the request by calling or meeting with the requestor. 
  • Don’t Click Links: Never click links without first verifying the sender and checking the URL. The web address can be viewed without clicking the link by hovering the cursor over it. When in doubt, go directly to the sender’s website without using links provided in the email.

White House Communications Breach

Government agencies are high-profile targets in the sights of cybercriminals. In mid-February the U.S. Department of Information Systems Agency (DISA)—part of the Department of Defense that secures and manages white house communications—learned it had been hacked. As a result, personal information of employees was released.
 
Additionally, the breach led to concerns of the security of data communications within the country’s highest offices, especially as the 2020 election looms before us. 
 
DISA began notifying affected individuals that their personal information, including their social security number, may have been compromised in February 2020. Though these individuals weren’t notified until recently, the data breach occurred from May to July 2019. It is believed to have affected the records of up to 200,000 people. 
  • Records Exposed: around 200,000
  • Type of Attack: Unclear/Possibly Spear-phishing
  • Industry: Government
  • Date of Attack: Attack occurred between May and July 2019. Potential victims were notified in February 2019.
  • Location: Washington D.C.
Key Takeaways
 
High-profile agencies, celebrities, and CEOs are a frequent target of attacks. This is just one example of the latest security breaches exposing prominent entities. From this incident it’s important to note the length of time that passed from the discovery to when the victims were notified. 
 
Victims should be notified soon after the breach is discovered and contained. Hackers can do significant damage with personal information that is stolen during an attack. Below are a couple of takeaways from this attack.
  • Incident Response Plan: Incident response plans should be developed, practiced, and reviewed on a routine basis. Employees should also be aware of their roles in the plan and understand signs of unusual activity.
  • Notify Potential Victims: Nearly nine months had passed from the timeframe the breach took place to when the victims were notified. In the event of a data breach, victims should be notified as quickly as possible to ensure they can monitor their accounts, credit, and take extra measures to protect themselves.

Stethoscope on top of a computer keyboard.

Ransomware attack on NRC Health

During February there was a ransomware attack on NRC Health, a healthcare company that works with about 75% of the 200 largest hospitals in the United States. On February 11, after the attack became apparent, the company shut down its systems, including client-facing portals in an attempt to prevent a data breach. The data stored by NRC includes information such as doctor salaries, bonuses, and reimbursement information from programs such as Medicare. 
 
It is not believed that confidential patient or client information was compromised.
 
Few details have been released about the ransomware attack, but the company claims there is no evidence of a data breach affecting patient data. NRC Health collects data from over 25 million patients per year and provides software to 9,000 organizations.
  • Records Exposed: Unknown
  • Type of Attack: Ransomware
  • Industry: Healthcare
  • Date of Attack: February 11, 2020
  • Location: United States
Key Takeaways
 
Since 2016, attacks like this have cost the healthcare industry over $157 million. From the few details that have been shared, NRC Health took a precautionary response in shutting down its systems. When handling sensitive data from both clients and consumers, it’s important to ensure your organization takes an appropriate approach in keeping data safe.
  • Information Security Policy: An information security policy should be implemented and used when handling sensitive data. This could include limiting access levels, policies for how long and where data is stored, and a response plan in the event of a data breach.
  • Communication: While it’s important to release necessary details, in this case very few details were shared. NRC states that patient data was not compromised, but releasing further details about the origin of the attack and what specific data might have been breached could help relieve concerns.
The Next Attack
 
As we’ve already seen in 2020, cyberattacks show no sign of slowing down. No matter your company size, any breach can do damage. This means it's important to ensure policies and training are in place to not only help prevent attacks but also put you in stronger position to respond to incidents that will inevitably occur.
 
Stay Ahead of Cyberthreats
 
As recent headlines indicate, cyberattacks continue to impact businesses, agencies, and consumers. Consider investing in a security operations center (SOC)-as-a-service provider for your company, such as Arctic Wolf. These services provide round-the-clock monitoring, alerting, and reporting, and can provide your team with key insights into your security posture, as well as areas of operational improvement and training. 
 
 
Previous Article
NedBank's Data Breach Highlights the Importance of Vetting Your Vendors’ Security Protocols
NedBank's Data Breach Highlights the Importance of Vetting Your Vendors’ Security Protocols

As NedBank's data breach showed, if third-party vendors lack proper cybersecurity measures, they can damage...

Next Article
The SOC-as-a-Service ROI Calculator
The SOC-as-a-Service ROI Calculator

Building your own SOC is expensive. Find out how much your organization can save by using a SOC-as-a-Servic...

×

Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Company
!
Thanks for subscribing!
Error - something went wrong!