The Top Cyberattacks of January 2020

February 5, 2020
Already in the new year we've seen a surge in news about cybersecurity breaches worldwide. Cyberattacks continue without pause from where 2019 left off.
 
The latest round of data breaches are further proof that strong security has become an absolute necessity for institutions across all sectors. These breaches reveal that no business is spared from the wrath of hackers. The onus falls on each organization to become more vigilant of cybersecurity tactics, techniques, and procedures in order to avoid becoming one of this year’s victims.
 
To follow, we recap the most recent cyberattacks in 2020—with bonus tips on how to detect threats used in these recent hacking incidents. 
Blue background with hacker icons "Top Cyberattacks of 2020" written in middle of the screen

1. Tampa Bay Times Ransomware Attack

On January 23, 2020, the Tampa Bay Times was victimized in one of the first ransomware attacks of the year. It isn’t yet clear how the attack was carried out, but it appears that the news organization wasn't specifically targeted.
 
The ransomware used in this case was developed from a strand of the “Ryuk.” And was utilized by a state-sponsored cybercriminal group named “Wizard Spider” to target large businesses and government agencies. This particular strand of ransomware code was adapted to disrupt the printing and publishing systems of the Tampa Bay Times.
 
According to the news agency, the attack affected no sensitive information, such as customer addresses and payment cards. The publication has recovered the majority of its affected hosts and network system via data backups. And there is no confirmation of the ransom amount requested by the intruders—however, the average ransom demanded in typical Ryuk ransomware incidents is $780,000.
  • Ransom Demanded: Undisclosed. 
  • Type of Attack: Ransomware
  • Industry: News Media Agency
  • Date of Attack: January 23, 2020
  • Location: Florida, USA

What are the key takeaways from this cyberattack?

Routine System Checks Are Critical: At all times, you must conduct constant checks on your computers to determine the activities running within each system. Routine system checks help identify rogue system activities, such as malware, and ensures that all security software is up to date. 
 
As your digital computer appliances age, they become more susceptible to attacks. You will need to conduct frequent checks to identify potential threats, vulnerabilities, and risks that could be exploited.
 
Leverage Security Operations Center (SOC) Services: Unfortunately for the Tampa Bay Times, its IT systems weren’t entirely secure. A partnership with a managed services provider with security expertise could have strengthened its network, and delivered frequent updates concerning the security posture of operational systems on the network. 
 
A trusted provider, equipped with a robust security operations center (SOC) will be able to ensure you leverage comprehensive cybersecurity features and capabilities so that your critical systems are closely monitored, threats are detected, and responses are quickly taken when necessary.
 
Develop a Culture of Robust Cyber Resiliency: A robust culture of cyber resilience must be implemented across the organization, with the mindset that every individual is vulnerable to the tactics and techniques of malicious individuals. An occasional security awareness training workshop is crucial to maintain a solid security posture. 
 
These training workshops help inform and educate employees about the evolving dangers of cybersecurity attacks and gives employees insight into the common attack vectors for ransomware incidents.
 
Be Cautious on Social Media Networks: It is vital to be security-conscious while on social media, too. There are numerous tricks and schemes employed by malicious actors to lure users via phishing techniques. Be mindful of the external links you interact with and the responses you provide across all social media networks.

2. Tillamook County, Oregon Ransomware Attack

In one of the latest cyberattacks on a local government, Tillamook County, Oregon systems were compromised on January 22. Attackers infiltrated the county’s computer and telephone systems with encryption malware. No ransomware not was discovered.
 
The malware shut down all workstations and servers, and the Tillamook County Sheriff’s Office phones and email systems were also affected. However, their ability to respond to emergency calls was not interrupted. Additionally, the Tillamook County Emergency Communications dispatch and 911 services were not affected.
 
Following the Tillamook County attack, county systems were expected to be down for 24-72 hours or more. With the assistance of the FBI cybercrime unit and private forensic experts, county officials were able to resume operations on a manual level until all malware scrubbing procedures were completed. Although no sensitive information was reported stolen or corrupted, this event disrupted local government services and forced officials to return to paper and pen.
  • Records Affected: 250 county employees and 25,000 citizens.
  • Type of Attack: Ransomware
  • Industry: County Government
  • Date of Attack: January 22, 2020
  • Location: Tillamook, Oregon

What are the key takeaways from this cyberattack?

Always Backup Systems: It is puzzling that Tillamook County didn’t take sufficient steps to ensure business continuity via the implementation of redundant measures, such as system backups, establishment of warm and cold sites, or the availability of RAID systems. 
 
To ensure business continues without a hitch, it’s critical for any large organization to be fully equipped with the proper tactics, tools, and techniques required to carry on with business functions during an attack.
 
Boost Regular Authentication: It’s important to engage in the use of two-factor authentication. This makes it difficult for hackers to gain access into the network of your IT systems, even when employee credentials have been compromised.
 
Guard Against Harmful Websites: Malicious actors can smuggle malware from rogue websites onto corporate networks. To forestall this, you should block access to certain websites within your business network. It’s wise to monitor the cyber activities of your employees to flag any of them who visit such harmful websites.
A lock next to a url with "unsafe website" written in the search bar

3. Trend Micro Antivirus Zero-Day Used in Mitsubishi Electric Hack

Mitsubishi Electric disclosed the most recent data breach to their systems on January 20. The breach began months earlier, on June 28, 2019. This system intrusion was detected when one of the officials of the company found a suspicious file on the server. 
 
Later, it was traced to a compromised employee account. The unauthorized access originated in China, via Mitsubishi’s affiliates, and then made its way to the parent company in Japan.
 
This cybercrime incident occurred due to a zero-day vulnerability in Trend Micro Officescan, which allowed malicious actors to access the initial entry point. The perceived intent was to get access to about 14 Mitsubishi departments, including sales and administrative office departments. 
 
The Japanese automobile giant did not comment on who the perpetrators of this cybercrime were. However, several security professionals claim that the network intrusion was orchestrated by a Chinese state-sponsored cyber espionage group known as Tick – a group known to carry out malicious campaigns against critical targets all over the world.
  • Records Lost: 200 MB of files
  • Type of Attack: Network Intrusion
  • Industry: Automotive 
  • Date of Attack: January 20, 2020
  • Location: China

What are the key takeaways from this cyberattack?

Update Antivirus Software: The hackers in this attack used a zero-day vulnerability to get access to departments with the company. Although most businesses use highly protected antivirus software to encrypt their data, they can reveal flaws at times. To cope, antivirus software needs to be continuously updated. 
 
From small to large, public and private, all businesses need to ensure they use only the latest and most recently updated software from their antivirus provider.
 
Security course class. Woman presenter is in front of a screen with a lock icon on it
 
Employees Security Training and Awareness: A single company owner cannot perform every task, so employees are often hired to offset the workload. As employees are the first and last in the line of defense, they are the backbone of critical systems and hold direct access to sensitive data of any company. Employees can be targeted by a multitude of cyberattacks, so it is helpful to acknowledge the accuracy of work as well as the possibility of unauthorized access.
 
Always Keep Backup Systems: Cyberattacks in 2020 show that most of the companies don’t have the back-up for their software. Hackers have become very strong these days. Make sure to keep a back-up for the software you use in your office as there is an obvious chance of getting hacked at any time.

4. Iranian Government Website Intrusion Against U.S. Government Websites

On January 6, 2020, an Iranian-sponsored threat actor hacked a U.S. federal government library depository website to display messages vowing to avenge the killing of top Iranian military general, Qasem Soleimani. Following this web server intrusion, the website displayed an image of President Trump being punched in the jaw with a bloody face. 
 
As one of the major cyber breaches of 2020 so far, the intrusion was made in an attempt to show Iran’s strong technological advancements and serve as a message to its potential to carry out future attacks. In fact, the disruptive web server intrusion left behind a pro-Iran message, which warned: “This is only a small part of Iran’s cyber ability.”
 
With this move, Iran suggests it could shift from directly targeting diplomatic or public entities to focusing on personal targets, such as civilian organizations and small businesses with interesting ties.
 
Records Affected: 1,100 U.S. libraries
Type of Attack: Server Intrusion
Industry: Federal Government
Date of Attack: January 6, 2020
Location: Iran

What are the key takeaways from this cyberattack?

Increase Cyber Hygiene: This attack was carried out as a display of force in cyberspace. But, as one of the biggest attacks in 2020 already, U.S. officials demand that companies with critical infrastructure fortify their cyber systems. 
 
An incident like this could be prevented by installing an automated buffer overflow guard, flood guard, and performing robust value checks on web servers. Additionally, ensuring that system patches have been installed can help avoid similar attacks.
 
Understand the Capabilities and Arsenals of the Adversary: In the future, this incident can be handled better by understanding the technical capabilities of attackers, analyzing past incidents, reverse-engineering adversarial techniques, and staying abreast with current cybersecurity trends and news. These efforts help to educate system users and security administrators in advance.
 
Social and cultural events tend to carry over into cyberworld. Remember: if a government website can be hacked, then your personal data is most likely at risk, too. Keep yourself educated about cyberattacks in 2020 because the latest security breaches are only a sign of more to come.
 
Restrict Unnecessary Access: Access to private information must be guarded with several authentication and authorization controls, all of which are necessary to withstand malicious activities in real time. Websites that expect thousands of visitors must ensure that entry pages and forms are scrubbed of malware strands that may target hosts via drive-by download techniques. 
 
Only give access to users when it is absolutely necessary, and on a need-to-know basis when accessing certain sensitive information. In the future, such incidents can be avoided by employing a zero-trust framework whereby every access request or input is strictly analyzed, tested, and challenged prior to authentication and authorization of requested data assets.

5. Greenville Water—Target of an International Cyber-Attack

Greenville Water, a popular water utility company that services nearly 500,000 residents in the upstate region of South Carolina, was a victim of an international cyberattack on January 22. The incident began with minor technical difficulties to the company’s network connectivity, which then escalated to include servers, desktop computers, and phone systems used to communicate with customers and vendors.
 
As a major water treatment and maintenance company, Greenville took measures to ensure business had procedures in place and was prepared to combat, which was a distributed denial-of-service attack aimed at overwhelming its servers and network with insurmountable traffic. 
 
According to company officials, business operation redundancy controls helped the company to return to operational levels within 24-hours. Vital information was forwarded to law enforcement agencies to better understand how the attack occurred and to identify the next possible target.
  • Records Affected: 500,000 service residents
  • Type of Attack: Denial of Service (DoS)
  • Industry: Water Utilities
  • Date of Attack: January 22, 2020
  • Location: Greenville, South Carolina, USA

What are the key takeaways from this cyberattack?

Keep your IT Systems Updated and Patched: The lack of IT system updates and patches is one of the most common reasons behind the incidents we hear about in the media today. Because malware is capable of gaining access to a multiple ranges of data files, ensuring that security controls are fully operational is pivotal to the overall security posture of an organization.
 
This is why you must remain aware of patch releases and update notifications on your system. Ignoring these critical items will increase your vulnerability.
 
Build a Firewall Architecture: Authorities need to have greater protection over their relevant data. For this purpose, they need to build a firewall that doesn’t allow attackers sending malicious traffic to gain a foothold into their network. In addition, cybersecurity experts on the IT team can recognize DOS attacks in their infancy and help lead an effective response.
 
The Next Attack
 
As technology evolves, the next attack will most likely be elementary in nature because low hanging fruits are easily acquired. It’s imperative to maintain basic cybersecurity hygiene and train yourself to recognize risks that could become a prelude to an attack, including ransomware, man-in-the-middle, and system intrusions. Whatever the case, ransomware and phishing attacks are bound to continue dominating cyberspace in 2020.
 
Stay Ahead of Cyberthreats
 
Recent security breaches prove that companies and organizations can face great challenges when conducting business online. Most of these challenges include assuring the safety and resilience of computer networks from known and undiscovered threats. 
 
Malicious actors constantly engineer new ways to steal, corrupt, and disrupt business operations through unauthorized access to sensitive data. It is crucial for companies to have a compliance cybersecurity strategy for detecting, analyzing, and remediating potential vulnerabilities and threats to their business.
 
Implementing SOC-as-a-service from a renowned company, such as Arctic Wolf, provides a centralized security knowledge base of trained experts working around the clock to monitor your network, generate risk reports, and defend your company from cybersecurity threats capable of hampering your operations. Explore our blog to learn more or request a demo today.
Previous Article
How FS-ISAC Threat Intelligence Ramps Up Financial Services Security
How FS-ISAC Threat Intelligence Ramps Up Financial Services Security

Next Article
Legalweek 2020 Recap
Legalweek 2020 Recap

×

Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Company
!
Thanks for subscribing!
Error - something went wrong!