The Top Cyberattacks of November 2020

Considering the staggering number of data breaches in 2020—and the entire decade before—it comes as no surprise that major cyber incidents continue to make headlines as the year draws to a close.

Where October left off, November picked right up with many major attacks from months before only just now discovered. These recent cyberattacks prove once again that hackers don’t discriminate based on industry or business size.

Where did these recent security breaches occur? In November, educational institutions, healthcare organizations, and government agencies were prime targets as usual. With the ongoing pandemic and November’s national election, it was a critical time for many organizations, as bad actors threatened both operations and data security. 

November 2020 Cybercrime Stats and Notable Breaches

To follow are some key stats and information from some of November’s biggest data breaches.

• Biggest Breach: There were cyberattacks throughout the month of November. Healthcare continued to be hit especially hard. In fact, 30 healthcare organizations reported breaches, which resulted in nearly one million health records compromised.
• Popular Threat: Ransomware continued to be the most common cyberthreat.

5. Ransomware Forces Baltimore County Public Schools to Close

With virtual learning in many school districts throughout the country, it’s disturbing to hear of the recent school breaches. Unfortunately, this is what happened in the Baltimore County School District, forcing remote learning to cease for more than 115,000 students. Students were even asked by the district to refrain from logging into the school’s systems using their district-issued laptops. 

This recent cyber breach was first discovered on November 25th, just before Thanksgiving. The school district announced over that weekend that classes would be canceled on November 30 and December 1. This cancelation allowed time for staff to deal with the aftermath of the breach and continue to work with local and federal authorities. 

Very few details have been released regarding this attack. The details that are known indicate that this was a ransomware attack. Although it was reported that it could take up to several weeks for the district’s systems to be fully restored, classes resumed on December 2nd.

• Records Exposed/Ransom Paid: Not disclosed
• Type of Attack: Ransomware
• Industry: Education
• Date of Attack: November 25, 2020
• Location: Baltimore County, Maryland

Key Takeaways

It’s essential to have protocols in place in the event of a cyber incident. In this case, once the security breach incident was discovered, the school district immediately took planned steps to mitigate the attack.

• Notify Authorities. Always contact authorities once a cyberattack is discovered. After this incident, the school district took the necessary steps and cooperated with local and federal authorities.
• Contact Students. The school district quickly alerted students and their families using social media about the breach, and instructed them to avoid logging into the school’s systems. 

4. U.S. Fertility Clinic Giant Struck by Ransomware, Patient Data Stolen

During November, another data breach from earlier in 2020 came to light. U.S. Fertility, one of the nation’s largest fertility clinic networks, released a statement that it was victimized by a a ransomware attack in September. 

Attackers unleashed the ransomware on September 14, encrypting systems and making them inaccessible, but they had actually breached the system about a month before. In their statement, hackers claimed to have gained access to “a limited number of files.” These files contained personal information, including names, email addresses, addresses, social security numbers, and other personally identifiable data. The hackers also were likely able to access personal health information.

Healthcare systems, ranging from fertility clinics to large hospitals, continue to be a prime target for hacking groups. Many medical systems were successfully attacked as recently as September and October of 2020, and in some cases, daily operations were crippled.

• Records Exposed: An undisclosed number of patient records
• Type of Attack: Ransomware
• Industry: Healthcare
• Date of Attack: September 14, 2020
• Location: United States

Key Takeaways

There are many lessons to be learned from security breaches such as this one. In this case, the fertility network did not immediately release a statement and few details were announced. What actions were taken to mitigate the attack? Was any data lost?

• Timely Notification. It took about two months from the time of the ransomware attack to notify the public. A statement about the breach should have been released shortly following the attack.
• Backup Systems. Routinely back up systems and files. That way, in the event of an attack, systems and data can be quickly restored up to the point of the most recent backup.

3. Delaware County, PA, Pays $500K DoppelPaymer Ransom

On November 21, attackers compromised the network of the local government in Delaware County, PA and forced the county to take some of its systems offline. 

The county hasn’t specifically stated if any data was stolen. However, hackers gained access to systems that contained personal data, such as payroll data and police reports. 

Attackers demanded a ransom of $500,000, which the county claimed was paid. At this point, hackers will hopefully provide a decrypter to unlock the breached systems, but there is no guarantee they’ll follow through.

Who was behind this data security breach? A group called DoppelPaymer appears to have instigated this attack. This group steals unencrypted files during attacks before deploying the ransomware. The name DoppelPaymer is a play on “BitPaymer” which is a known malware often used in ransomware attacks.

• Ransom Paid: $500,000 
• Type of Attack: Ransomware
• Industry: Government
• Date of Attack: November 21, 2020
• Location: Delaware County, PA

Key Takeaways

After discovery of the breach, Delaware County gave in to the hacking group’s ransom demands to regain access to its systems. Is this the right thing to do? See below.

• Don’t Pay Ransom! For several reasons, most cybersecurity professionals advise against paying a ransom. One reason is that there is no guarantee that the hackers will provide instructions for decrypting the systems or delete stolen data.
• Change Passwords. Hackers often gain access to systems through malicious links and attachments in emails. Passwords and any breached login credentials should be changed immediately following an attack.

2. IOT Manufacturer Hit With $14M Ransomware Demand

While organizations in government, healthcare, and education have become increasingly popular targets to hacking groups, incidents at other businesses both large and small are also more common. One example is a recent attack that occurred at Advantech, a large IOT manufacturer. 

The breach was discovered on November 26, when Advantech received a ransom request for 750 bitcoin (valued higher than $14 million). In return for the ransom, attackers promised to delete stolen data and decrypt all affected systems. 

How much data did the attackers steal? Well, they claimed that the data they published on their leak site, which was over 3GB, was only about two percent of the total data they had. Advantech would not comment on whether the ransom was paid, but stated that it was in the process of recovering from the breach and that operations were returning to normal.

• Ransom Demanded: $14,000,000+
• Type of Attack: Ransomware
• Industry: Manufacturing
• Date of Attack: November 26, 2020
• Location: United States

Key Takeaways

Attacks such as this are perfect examples of why cybersecurity preparation and planning for are vital to any business. A $14 million loss affects even the largest enterprises, not to mention the breach of its data. What can organizations do to protect themselves?

• Incident Response Plan. An incident response plan is important for businesses of every size. It should include a list of roles and contacts for when an incident occurs, as well as a plan for manual operations in the event of compromised systems.
• Training. Routine employee training—such as identifying malicious emails or links, and routinely changing passwords—can help thwart cyberattacks.

1. Medical Billing Co. Data Breach Affects 100,000+ Students

Many recent cybersecurity incidents have been ransomware attacks, and a medical billing firm in Iowa was yet another in a long list of unsuspecting victims. Timberline Billing Service LLC provides services to about 190 schools in Iowa. In late October 2020, the company began contacting students to inform them of a prior breach. 

Between February and March, the company was hit with ransomware. During the attack, hackers removed information, and encrypted files, making them inaccessible to employees. 

While it isn’t clear what information was stolen, it is believed that up to 116,000 individuals may be impacted. This number includes both current and former students at the schools Timberline services. The breached data included Medicaid ID numbers, names, and billing information. 

After contacting students in October, the company has since set up a call center to help support affected students. It also has made internal changes to bolster security. Systems were upgraded, backups were created, and password policies were put into place.

• Records Exposed: About 116,000
• Type of Attack: Ransomware
• Industry: Financial Services
• Date of Attack: February – March 2020
• Location: Des Moines, Iowa

Key Takeaways

What can be learned from this 2020 security breach? To avoid the same fate as Timberline, organizations must take actions to protect themselves. While they may not be foolproof, they will help deter attacks and prevent any damages.

• Update Systems and Software. Systems, servers, firewalls, and other software should be kept up to date. Patches for bugs and vulnerabilities in software are regularly released by publishers.
• 24×7 Monitoring. Cybercriminals are active all time and can strike from anywhere around the globe. That’s why companies need around-the-clock monitoring, detection, and response to better protect themselves from possible attacks.

The Next Attack…

Cyber attacks occur everywhere, every day. To learn more about prominent attacks in 2020,  take a look at Arctic Wolf’s previously published monthly recaps:

• Top Cyber Attacks of January
• Top Cyber Attacks of February
• Top Cyber Attacks of March
• Top Cyber Attacks of April
• Top Cyber Attacks of May
• Top Cyber Attacks of June
• Top Cyber Attacks of July
• Top Cyber Attacks of August
• Top Cyber Attacks of September
• Top Cyber Attacks of October

Stay Ahead of Cyberthreats

Recent security breaches have shown that staying ahead of cyberthreats is the best way to avoid a major breach and irreparable damage. Is your company in need of a cybersecurity solution? Learn more about the solutions that make Arctic Wolf the leader in security operations.  Get in contact with us today. 

Additional Resources

• Join the conversation with Arctic Wolf on Facebook, Twitter, LinkedIn, and YouTube
• Visit arcticwolf.com to learn more about our security operations solutions
• If you’re ready to get started, request a demo or get a quote today