The Top Cyberattacks of July 2020

August 7, 2020
When it comes to ransomware, hackers pulled out all the stops in the most recent data breaches of 2020. Notable cybersecurity incidents targeted some of the world’s largest conglomerates, resulting in devastating losses for several. 
 
The latest security breaches came from all directions.
 
In one series of attacks, virtual assailants targeted self-employed workers via text by posing as Her Majesty’s Revenue and Customs of the UK. Another group maneuvered its way into the fifth-largest global travel agency, CWT. In this attack, hackers successfully stole $4.5 million in total, along with countless gigabytes of sensitive data. 
 
To learn just how extensive these recent breaches were, check out the stories below.

Top Cyberattacks of the Month

5. Lorien Health Services Data Stolen in Netwalker Ransomware Attack: Approximately 50,000 Elderly Residents Affected

Lorien Health Services, a family-owned nursing home with several locations and associated services in Maryland, became the victim of one of the worst hacking incidents of 2020 in early June. Cybersecurity experts working alongside Lorien Health Services first detected signs of the attack on June 6 and immediately launched an investigation. 
 
After four days, it was clear the incident was much worse than anticipated. The experts estimated the Netwalker hackers had accessed residents’ data, including names, addresses, Social Security numbers, dates of birth, and extremely sensitive healthcare documentation. 
 
After Lorien Health Services officials refused to pay the undisclosed ransom demand, the stolen data was leaked online. Presently, 147MB of this personal data, alongside an unlock key dubbed “Part I,” is available via a file-sharing service as a password-protected archive. The victimized company reported the incident to the FBI, coinciding with Netwalker’s declaration of victory against the company on June 16. All individual victims have been provided complimentary credit monitoring and identity theft protection. 
  • Records Exposed/Ransom Paid/Revenue Lost: Names, Social Security numbers, birthdays, addresses, healthcare documentation, employee data; 47,754 people impacted
  • Type of Attack: Ransomware
  • Industry: Healthcare and fitness
  • Date of Attack: June 6, 2020
  • Location: Baltimore, Carroll, Harford, and Howard Counties, Maryland
Key Takeaways
Netwalker typically targets corporate networks that are vulnerable to hacking via desktop approaches. Remain vigilant against such cyberattacks by implementing the following practices:
 
Use Spam Filters
Enable powerful spam filters and use authentication measures to defend against email spoofing. 
Strengthen Your SRPs.
 
Strengthen your company’s software restriction policies (SRPs) 
SRPs keep programs from launching from temporary folders, commonly used browsers, and other standard ransomware locations.
 

4. REvil Ransomware Hackers Commandeer Spanish Railway Company

Another ransomware attack was launched against a state-owned firm with the responsibility of monitoring and maintaining Spanish rail infrastructure. The firm, known as Adif, fell victim to a group that threatened to leak sensitive company data stolen using REvil ransomware (also known as “Sodinokibi”). 
 
The hackers demanded $6 million in return for 800GB of stolen, encrypted data. Yet, Adif officials downplayed the severity of the attack in communications with the International Railway Journal. They deny that personal details were compromised, though the hackers made it abundantly clear that they had stolen sensitive records from the company. 
 
The attackers claimed to have taken “personal information… correspondence, contracts… and accounting” data. They further threatened that, if Adif did not submit to their conditions, then another attack would commence. The outcome of this latest cyberattack is still relatively unclear.
  • Records Exposed/Ransom Paid/Revenue Lost: Emails, professional contracts, and accounting data 
  • Type of Attack: REvil (Sodinokibi) ransomware 
  • Industry: Public services, railways
  • Date of Attack: July 23, 2020
  • Location: Spain
Key Takeaways
Travelex, the London-based currency exchange platform used by Adif, had ignored repeated warnings of weaknesses in its Pulse Secure VPN server, which was exploited in the attack. To protect your firm from such vulnerabilities, take the following tips into account:
 
Update Your Antivirus Software 
Maintain updated firewalls and antivirus software. Ignoring warnings like Adif did can have devastating consequences for your data. 
 
Limit the Use of Your VPN
Restricting VPN access to a select few individuals will significantly decrease the chances of its exploitation or misuse. 

3.Tax-Collection Phishing Scam Targets Self-Employed 

In another cyberattack, hackers posed as HMRC (Her Majesty’s Revenue and Customs) SMS (short message service). They targeted self-employed individuals in the United Kingdom (UK), explaining the victims were owed a tax refund and then directing them to a malicious URL. 
 
For the fortunate few that have cybersecurity products installed on their devices, warnings were displayed showing the site was not secure. Those without such protections, though, weren’t so lucky. The false government website, touting “Coronavirus (COVID-19) guidance and support,” requested credit card numbers and passport information from unsuspecting visitors. 
 
Experts believed those targeted were chosen as the head of their businesses. (Most of the 80 victims contacted were registered directors or owners of accountancy firms.) They were assumed to hold information on employee wages and other sensitive information, making them the perfect gateway to further data exploitation.
  • Records Exposed/Ransom Paid/Revenue Lost: Credit card information and passport numbers belonging to at least 80 people
  • Type of Attack: SMS phishing
  • Industry: Financial services
  • Date of Attack: July 2020
  • Location: United Kingdom
Key Takeaways
The attackers are believed to have specifically used the SMS approach since most companies have measures in place to protect email communications from phishing attacks. Keep this, as well as the tips below, in mind so as not to become a victim:
 
Always Be Critical of Requests 
National governments will never ask their constituents for such sensitive information and nonsecure payments via text. Never engage with such correspondence and be sure to report it immediately.
 
Prepare Yourself for Threats 
The victims who proceeded to the website either ignored warnings or did not have the software to protect them from the nonsecure site. Employ web security software to protect against such events. 

2. Travel Management Giant CWT Pays $4.5M Ransom

Business-to-business travel management company Carlson Wagonlit Travel (CWT) was also targeted by a vicious ransomware data breach in July 2020. After booting 30,000 of the international company’s computers offline and launching additional attacks, the hackers demanded $4.5 million. Going against experts’ advice, CWT conceded. 
 
The hackers had substantial motivation to target CWT instead of other travel agencies in the Ragnar Locker ransomware attack. The company is ranked as one of the top-5 most profitable travel agencies, and includes one-third of all S&P 500 corporations among its consumer base. 
 
The ransomware targeted Microsoft Windows, malware detection, and defense software. CWT paid the sum of $4.5 million after the cybercriminals initially demanded $10 million. The money, in bitcoin form, reached the hackers’ digital wallet on July 28. 
  • Records Exposed/Ransom Paid/Revenue Lost: $4,500,000 
  • Type of Attack: Ragnar Locker ransomware
  • Industry: Travel
  • Date of Attack: July 28, 2020
  • Location: Minnesota (CWT Headquarters)
Key Takeaways
CWT owns offices located around the globe. This means that some of its sensitive data would be shared and/or stored in the cloud. Here are two ways to protect yourself from incidents involving the cloud:
 
Enable Two-Step Authentication
This way, even if a hacker manages to acquire corporate passwords, they will not have access to the second layer of security, and therefore, cannot bypass it. 
 
Limit Access to Sensitive Company Information
Not all employees need to have the same extent of clearance to certain data; too much access will endanger its security.

1. Garmin Receives Decryption Key for WastedLocker Ransomware Following $10 Million Demand

Another on the list of corporate giants that suffered a breach in July is tech gadget manufacturer Garmin. In one of the worst cybersecurity breaches in 2020 thus far, WastedLocker Ransomware operators forced Garmin to shut down its services for millions of customers worldwide. Services that could not be accessed included Garmin Connect and flyGarmin, among others. 
 
Accordingly, Garmin employees powered down all connected computers and learned of a $10 million ransom demand. Given that the conglomerate’s IT department later acquired a flawless decryption key, it is assumed they paid the ransom. Garmin officials refused to comment on the matter.
 
WastedLocker is only partially confirmed as responsible for the incident, since the decryptor referenced Emsisoft and Coveware. The cybercriminal group is thought to be rooted in Evil Corp. Since Evil Corp is included in the U.S. sanctions list, submitting payment in response to ransomware attacks may result in severe fines. 
  • Records Exposed/Ransom Paid/Revenue Lost: $10,000,000 (allegedly)
  • Type of Attack: Ransomware
  • Industry: Technology
  • Date of Attack: July 23, 2020
  • Location: Kansas (Garmin Headquarters)
Key Takeaways
WastedLocker is known specifically for targeting enterprises. If your business fits that category, follow these tips for maximum protection:
 
Always Encrypt and Back up Your Data
Along with limiting physical access, this renders data useless when accessed by an unauthorized party.
 
Keep Unused Devices Offline
Instead of waiting until there’s an attack to power down, set all unused devices to automatically “lock” or “sleep” after 5 idle minutes, preventing unwanted access.
 
The Next Attack
The recent cybersecurity breaches were particularly hard-hitting due to the widespread economic harm wrought by the ongoing COVID-19 pandemic. With more businesses now transitioning to remote work, the threat of cyberattacks grows along with the ever-expanding “attack surface.” So, if you’re ever wondering, “Has there been a cyberattack today?”, odds are that there has.
 
Experts predict that IoT (Internet of Things) problems will worsen with continual development of 5G technology, and they believe critical infrastructure will be targeted with increasing frequency. For these reasons, it is important to take the appropriate precautions so as not to experience damages such as those characterizing the worst cyberattacks of 2019.

Stay Ahead of Cyberthreats

Cybersecurity incidents keep trending upward and there’s no end in sight. With this in mind, security is more important than ever. All companies and government agencies risk being attacked, especially if they don’t continue to raise their cybersecurity posture.
 
Need advice on cybersecurity? The Arctic Wolf Concierge Security® Team can help you improve your security and protect your business. Request a demo or get in contact with us today.  
 
Previous Article
A Simplified Regulatory Checklist for Financial Institutions
A Simplified Regulatory Checklist for Financial Institutions

Data breaches continues to grow for financial institutions, resulting in untold damage. Start improving you...

Next Article
CyberWins: Arctic Wolf Locks Down and Secures Remote Workers of a Healthcare Customer
CyberWins: Arctic Wolf Locks Down and Secures Remote Workers of a Healthcare Customer

The second edition of Cyberwins highlights a healthcare company incurring an isolated incident that could h...

×

Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Company
Country
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!