Throughout 2020 the world saw multiple major hacks and breaches of schools, governments, and private companies as more systems moved online and the world adapted to the coronavirus pandemic — here are five of the most notable hacks and breaches of 2020.
In 2020 many services and companies moved online as the coronavirus pandemic made it increasingly hard to operating normally. Hackers saw this as a fantastic opportunity to make some money (and cause mayhem). Soon multiple companies, governments, schools, and hospitals were subject to data breaches, ransomware attacks, and general hacks.
Here are some of the worst hacks and data breaches that took place in 2020.
1: The SolarWinds Hack — Which Hit the U.S. Government
Breitbart News reported earlier this month that hackers may have gained access to the networks of the U.S. Treasury and Commerce departments by sneaking malware into a recent SolarWinds software update.
SolarWinds CEO Kevin Thompson said in a statement that the company believes that products it released in March and June of this year were modified in a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”
Currently, the FBI and the Department of Homeland Security’s cybersecurity arm are investigating what many experts believe to be a large-scale penetration of U.S. government agencies.
In a recent statement, National Security Council spokesperson John Ullyot stated that the U.S. government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
SolarWinds produces an extremely popular piece of server software used by hundreds of thousands of organizations globally. Most Fortune 500 companies and many U.S. federal agencies utilize the software and will be working hard to secure their networks following news of the hack.
SolarWinds boasts 300,000 customers worldwide including all five branches of the U.S. military including the Pentagon, the State Department, NASA, the NSA, the Department of Justice, and the White House. The 10 leading U.S. telecommunications companies and top five U.S. accounting firms are also SolarWinds customers.
A Microsoft security research blog has since claimed that a second group may have been involved in the hack, stating: “The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor.”
2: Twitter’s Bitcoin Scam Hack
In July, Twitter was subject to a major hack that saw multiple high-profile accounts hijacked and used to spread malicious links as part of a scam to steal Bitcoin. It was later revealed that the hacker was a 17-year-old from Florida.
The accounts hijacked included Joe Biden, Former President Barack Obama, Tesla CEO Elon Musk, Microsoft founder Bill Gates, and the official accounts of ridesharing service Uber and tech giant Apple.
The Daily Mail reported that hackers have received approximately $116,000 worth of Bitcoin (12.8 Bitcoin) from over 300 people. One intelligence official told the New York Times that the idea that hackers could easily gain access to the accounts of world leaders was “scary.”
Alex Stamos, the director of the Stanford Internet Observatory and the former chief security officer at Facebook, commented: “It could have been much worse. We got lucky that this is what they decided to do with their power.”
Kevin Mitnick, a hacker turned security consultant, commented that if hackers gained access to the Direct Messages of world leaders, the information contained in those messages could open up the victims to blackmail causing a threat to national security. “You can imagine if those messages were released or if these hackers threatened to release them,” said Mitnick.
3: Hospital Ransomware Attacks
In July, Breitbart News reported that the University of California, San Francisco (UCSF) was forced to pay a $1.14 million ransom to hackers that had placed an encryption hold on data stored on university servers.
In a statement, the university said that they are working to reinforce their cybersecurity to prevent a similar breach from occurring in the future.
UCSF said in a statement that it was working to improve its cybersecurity in an attempt to prevent another breach in the future. The university said:
While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible. Since that time, we have been working with a leading cyber-security consultant and other outside experts to investigate the incident and reinforce our IT systems’ defenses. We expect to fully restore the affected servers soon.
In September, Universal Health Services, a major hospital system with over 400 locations, faced a major cyberattack that left the computer systems of multiple hospitals unusable.
Computer security engineer Kenneth White said at the time that disabling hospital IT systems can have devastating consequences for patients. “When nurses and physicians can’t access labs, radiology or cardiology reports, that can dramatically slow down treatment, and in extreme cases, force re-routing for critical care to other treatment centers. When these systems go down, there is a very real possibility that people can die.”
4: iPhone’s Remote Hacked — by Google Researchers
In a slightly less serious hack, a Google Project Zero security researcher discovered that he could gain complete access to iPhone’s entirely remotely. The major security failing by Apple allowed hackers to take total remote control of iPhones within WiFi range, allowing the hackers to download all the data on the phone and even activate the phone’s cameras and microphones. The vulnerability was not just a theoretical security flaw but one that a Google security researcher was able to demonstrate by taking full remote control of an iPhone in another room.
The exploit was demonstrated by Google Project Zero security researcher Ian Beer. Project Zero aims to identify and notify developers of vulnerabilities before hackers can discover and exploit them. Project Zero founder Chris Evans told Ars Technica that this security vulnerability was particularly worrying as it did not require any user interaction at all and leaves no clues that the device was accessed by hackers.
Evans stated: “This attack is just you’re walking along, the phone is in your pocket, and over Wi-Fi someone just worms in with some dodgy Wi-Fi packets.” The vulnerability lies in Apple’s Wireless Direct Link (AWDL) which is used by iPhones to send photos or files.
5: Major Robinhood Stock Trading Account Hack
In October, 2,000 Robinhood stock trading accounts were compromised in a hack that stole customer funds. The finding indicates that hacks were more widespread than previously believed. A source with knowledge of the internal investigation provided the estimated figures to Bloomberg.
When the hack was first reported, Robinhood disclosed few details about the extent of the hack. The online brokerage claimed that “a limited number” of customers had been struck by cyber-criminals who accessed user accounts by breaching personal email accounts outside of Robinhood. Some victims so far have acknowledged that their emails were hacked while others deny the claim.
The public reaction to the hack was immediate across social media with investors claiming that they were unable to call the brokerage to gather more details about their accounts. Robinhood now has more than 13 million customer accounts and is now considering adding a customer service phone number.
In March of 2020, Robinhood’s app crashed, preventing customers from executing stock trades for an entire day. As Breitbart Tech reported at the time, “One user wrote: ‘One of the most anticipated trading days and your service is down at market open.’ Another user wrote: ‘What is going on — I can’t do any trades — you will lose me as a customer going forward. This is ridiculous.’”
These are just some of the worst hacks and data breaches of 2020, hopefully 2021 will bring a greater focus on cybersecurity resulting in a tougher time for hackers, whether they are Florida teenagers or hacking teams backed by foreign nations.