The Top Cyberattacks of August 2020

September 4, 2020
Cyberattacks can make for a bad day, week, or month—and recovery can often linger on for much longer. In 2019 alone, it’s estimated that $2 trillion was lost to cybercrime
 
Experts believe this annual amount may skyrocket in the years to come. This year is no exception. In cybersecurity attacks from January through July and now August, ransomware and phishing have been especially popular attack vectors used by threat actors. 
 
These types of attacks are quick to encrypt systems, yet still have a detrimental effect on their victims. And organizations hit by recent security breaches have handled the aftermath in very different ways, all the way from discovery through recovery. 

Top Cyberattacks of the Month

5. Medical Debt Collection Firm R1 RCM Hit by Ransomware

One of the latest network security attacks involving ransomware targeted the large medical debt collections firm R1 RCM. The company stores sensitive personal data for millions of patients, including patient registration, billing, collections, and medical diagnostics. While it’s unknown when R1 RCM’s systems were breached, the ransomware attack came to light in mid-August. 
 
This recent attack played out over the course of a week and abruptly shut down some of the company’s IT systems. There have been reports that the ransomware used in the attack was Defray, which commonly infects systems with malicious Microsoft Word docs used in phishing campaigns. The victims of Defray ransomware are often targeted specifically. Whether that is the case in this instance has yet to be made public.
  • Records Exposed: N/A 
  • Type of Attack: Ransomware
  • Industry: Healthcare
  • Date of Attack: August 2020
  • Location: Austin, TX
Key Takeaways
 
Medical facilities continue to be a popular target for hackers due to the sensitive information and broad range of data stored on their systems. 
 
Routinely Train All Employees to Spot Signs of Phishing 
 
Having periodic company-wide training to spot potential phishing emails reduces the likelihood an employee opens malicious code through a link or attachment. Companies should also have a process in place for reporting suspicious emails. 
 
Notify Potential Victims Promptly
 
Often, few details regarding a breach are released. It’s unknown whether potential victims have been informed in this example, but when breaches occur its imperative to promptly notify those possibly affected due to the sensitive nature of the data. 

4. University of Utah Targeted In $457K Ransomware Attack 

Schools are becoming increasingly common targets in security breaches. Recently, the University of Utah announced they were targeted in a recent ransomware attack. The university, in fact, paid a ransom totaling more than $457,000. 
 
On August 20th the university informed the public that it was attacked on July 19th. During the breach, servers were temporarily taken down and some data was compromised, including the personal information of faculty and students. 
 
Once the attack was discovered, the university took immediate action by contacting the authorities. It’s unclear whether email addresses and passwords were among the leaked data, but the University of Utah did instruct community members to change their passwords following the attack. 
 
No public statements have indicated who carried out the attack and no groups have taken responsibility. After paying the $457K ransom, the University of Utah received a decryption key, although it stated that it was able to recover most of the compromised information from backups.
  • Ransom Paid: $457,059.24 
  • Type of Attack: Ransomware
  • Industry: Education
  • Date of Attack: July 19, 2020
  • Location: Utah
Key Takeaways
 
Schools are far from immune to cyberthreats. But there are best practices they can follow to better protect their data. 
 
Back Up All Systems and Files
 
All systems and files should be backed up. That way, in events where data is stolen or systems go down, backups ensure you’ll have a minimal loss of data.
 
Paying the Ransom Is Not Recommended
 
While it’s important to immediately contact the authorities, victims of ransomware attacks should not pay the ransom. This cyber incident mirrored the June 2020 data breach at the University of California, San Francisco, which paid a ransom of over $1 million.
Scenic view of Utah with mountains and the university in the background.

3. Brookfield Residential Properties Hit by Darkside Ransomware 

Brookfield Residential Properties in Canada (a division of Brookfield Asset Management) suffered a recent ransomware attack as well. On August 24th, a spokesperson for the company announced Brookfield had uncovered a data breach exposing some of its files. It is believed that only internal employee records were impacted by this cyber incident.
 
After discovering the attack, the company sprang into action. Authorities were contacted and the systems that were impacted were restored. The spokesperson added that the company has since taken additional security measures. 
 
Though few details have been released, a group called DarkSide announced it had initiated a ransomware attack on the company the week before. Its ransom demands included the threat of releasing the breached data if it weren’t paid.
  • Records Exposed: Unknown
  • Type of Attack: Ransomware
  • Industry: Financial Services
  • Date of Attack: August 24, 2020
  • Location: Canada
Key Takeaways
 
By taking swift action, systems were quickly restored. New security measures were also implemented. 
 
Ready Your Response Plan 
 
It’s important to have an incident response plan with tasks for specific individuals and teams. This ensures that in the event of a cyberattack there will be a quick response in system restoration and it will help the success of the investigation. 
 
Keep Firewalls and Tools Updated
 
Ensuring that network security is up to date can help prevent breaches. While not foolproof, ensuring that firewalls and other tools are updated regularly decreases vulnerability.

2. Tesla Seeks Helps from the FBI to Thwart Million-Dollar Attack

Some cybersecurity incidents are laid to rest before they can cause serious damage. In this instance, a ransomware attack was attempted on Tesla earlier this month. This attack could have resulted in a major data breach and millions of dollars lost.
 
A worker at the Tesla Gigafactory in Sparks, Nevada was contacted by Egor Igorevich Kriuchkov with a proposal. Kriuchkov offered to pay the Tesla worker $1 million to install malware in the factory’s computer systems. The employee then informed Tesla and the authorities were contacted. Kriuchkov was arrested during an FBI sting operation.
 
During the investigation, the FBI learned about previous attacks committed by Kriuchkov and his circle. Had the Tesla employee followed through with the proposal to install the malware, the system would have been compromised and Tesla could have suffered a significant data loss. The hackers would have then held this data for a huge ransom, potentially costing the company many millions of dollars.
  • Ransom Paid: N/A
  • Type of Attack: Ransomware
  • Industry: Auto
  • Date of Attack: August 22, 2020
  • Location: Sparks, Nevada
Key Takeaways
 
Having well trained and quick-thinking employees can prevent data breaches.
Make It Easy for Employees to Report Incidents
 
Organizations should implement a policy for easily reporting suspicious behavior. Had this Tesla employee not had a clear path to the correct teams to report this incident, it could have been disastrous for the company.
 
Limit Access to Elite Systems 
 
High-profile companies are common targets in recent breaches. These companies must limit access to systems to only those who really need it.

1. SANS Cybersecurity Training Firm Falls for Phishing Attack 

Even cybersecurity organizations themselves aren’t immune from the latest attacks. One of the most recent data breaches happened at SANS Institute, a cybersecurity research and training firm. 
 
On August 6th, SANS learned a breach within the organization led to the compromise of 28,000 records—including personally identifiable information (PII) such as names, phone numbers, addresses, companies, job titles, and email addresses. Passwords and payment card numbers were not compromised during this attack. 
 
How did the firm discover this cyber incident? During a routine review of email configurations, a suspicious email forwarding rule was found as well as a malicious O365 add-in. This rule affected one individual account, which then forwarded 513 emails to an external email address. 
 
Aside from this one email account, there is no evidence that any other systems were infected with malware. After their discovery and investigation, SANS Institute identified the compromised accounts and contacted the victims, although they did not report the incident to the authorities.
  • Records Exposed: 28,000
  • Type of Attack: Phishing
  • Industry: Cybersecurity
  • Date of Attack: August 6, 2020
  • Location: Maryland
Key Takeaways
 
Even those that seem the most prepared can become a high-profile victim of a data breach.
 
Contact Authorities Sooner Rather Than Later
 
Security professionals agree that the authorities should be contacted immediately after discovering a security breach. Authorities can conduct their own investigation and operations to determine who is responsible.
 
Prompt a Password-Change
 
Contact any potential victims after the discovery of a cyberattack, regardless of the type of data that was stolen. Ask that they change their password and ensure that the new password is a strong one.
 
The Next Attack
 
Cybersecurity breaches in 2020 aren’t slowing down. So if you ever find yourself asking, “Has there been an another attack today?”, odds are that there has. As we further navigate down the path of digital transformation, cybercrimes are only projected to increase. 
 
Ransomware is one of the leading types of security breaches we see. It’s effective and quick to encrypt files and even take down entire systems. What can your business do? Well, always ensure software is up to date, systems are backed up, and procedures are in place in the event that a cyberattack occurs.
 
Stay Ahead of Cyberthreats
 
Does your company need a cybersecurity solution? From the recent hacking incidents 2020 has suffered, it’s apparent that cybercriminals show no sign of stopping—and even businesses that are well-versed in best cyber practices can become a target.  
 
Learn how Arctic Wolf solutions for monitoring and managing cyberthreats protect your organization against breaches so that you can rest easy. 
Previous Article
Insight From The K-12 Cybersecurity Checklist
Insight From The K-12 Cybersecurity Checklist

Next Article
COVID Threat Roundup: August 2020
COVID Threat Roundup: August 2020

The August Covid Threat Roundup highlights a phishing attack imitating major companies, business ID thefts,...

×

Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Company
Country
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!