The Top 5 Cyberattacks of August 2020
September 9th, 2020 by admin
We talk about cybersecurity all the time because it's the #1 concern of our clients. That's why we partner with smart cybersecurity solution firms like Arctic Wolf to deploy the best tools available for our clients. Our Arctic Wolf offerings for managed services clients include managed detection and response, managed cloud monitoring, and other server-based and endpoint-based solutions that detect an attack early and prevent intrusion into your valuable data. We like to explain that SOC-as-a-Service (Security Operations Center as a Service) is like the shark net of your organization – it's always there to watch for incoming concerns, alert us to take action when necessary, and lockdown and protect your data. Arctic Wolf offers a cool ROI calculator so organizations can check how much they are making my protecting their digital environments with this protection. Check it out now. According to Cybersecurity Ventures, cybercrime will cost $6 trillion dollars by 2021. Now that you know, here are the latest notable cybersecurity attacks Arctic Wolf compiled in just August 2020.
Cyberattacks can make for a bad day, week, or month—and recovery can often linger on for much longer. In 2019 alone, it's estimated that $2 trillion was lost to cybercrime.
Experts believe this annual amount may skyrocket in the years to come. This year is no exception. In cybersecurity attacks from January through July and now August, ransomware and phishing have been especially popular attack vectors used by threat actors.
These types of attacks are quick to encrypt systems yet still have a detrimental effect on their victims. And organizations hit by recent security breaches have handled the aftermath in very different ways, all the way from discovery through recovery.
5. Medical Debt Collection Firm R1 RCM Hit by Ransomware
One of the latest network security attacks involving ransomware targeted the large medical debt collections firm R1 RCM. The company stores sensitive personal data for millions of patients, including patient registration, billing, collections, and medical diagnostics. While it's unknown when R1 RCM's systems were breached, the ransomware attack came to light in mid-August.
This recent attack played out over the course of a week and abruptly shut down some of the company's IT systems. There have been reports that the ransomware used in the attack was Defray, which commonly infects systems with malicious Microsoft Word docs used in phishing campaigns. The victims of Defray ransomware are often targeted specifically. Whether that is the case in this instance has yet to be made public.
- Records Exposed: N/A
- Type of Attack: Ransomware
- Industry: Healthcare
- Date of Attack: August 2020
- Location: Austin, TX
Key Takeaways
Medical facilities continue to be a popular target for hackers due to the sensitive information and broad range of data stored on their systems.
4. The University of Utah Targeted In $457K Ransomware Attack
Schools are becoming increasingly common targets in security breaches. Recently, the University of Utah announced they were targeted in a recent ransomware attack. The University, in fact, paid a ransom totaling more than $457,000.
On August 20th, the University informed the public that it was attacked on July 19th. During the breach, servers were temporarily taken down, and some data was compromised, including the personal information of faculty and students.
Once the attack was discovered, the University took immediate action by contacting the authorities. It's unclear whether email addresses and passwords were among the leaked data, but the University of Utah did instruct community members to change their passwords following the attack.
No public statements have indicated who carried out the attack, and no groups have taken responsibility. After paying the $457K ransom, the University of Utah received a decryption key, although it stated that it was able to recover most of the compromised information from backups.
- Ransom Paid: $457,059.24
- Type of Attack: Ransomware
- Industry: Education
- Date of Attack: July 19, 2020
- Location: Utah
Key Takeaways
Schools are far from immune to cyberthreats. But there are best practices they can follow to better protect their data.
Back-Up All Systems and Files
All systems and files should be backed up. That way, in events where data is stolen or systems go down; backups ensure you'll have a minimal loss of data.
Paying the Ransom Is Not Recommended
While it's important to immediately contact the authorities, victims of ransomware attacks should not pay the ransom. This cyber incident mirrored the June 2020 data breach at the University of California, San Francisco, which paid a ransom of over $1 million.
3. Brookfield Residential Properties Hit by Darkside Ransomware
Brookfield Residential Properties in Canada (a division of Brookfield Asset Management) suffered a recent ransomware attack as well. On August 24th, a spokesperson for the company announced Brookfield had uncovered a data breach exposing some of its files. It is believed that only internal employee records were impacted by this cyber incident.
After discovering the attack, the company sprang into action. Authorities were contacted, and the systems that were impacted were restored. The spokesperson added that the company has since taken additional security measures.
Though few details have been released, a group called DarkSide announced it had initiated a ransomware attack on the company the week before. Its ransom demands included the threat of releasing the breached data if it weren't paid.
- Records Exposed: Unknown
- Type of Attack: Ransomware
- Industry: Financial Services
- Date of Attack: August 24, 2020
- Location: Canada
Key Takeaways
By taking swift action, systems were quickly restored. New security measures were also implemented.
Keep Firewalls and Tools Updated
Ensuring that network security is up to date can help prevent breaches. While not foolproof, ensuring that firewalls and other tools are updated regularly decreases vulnerability.
2. Tesla Seeks Helps from the FBI to Thwart Million-Dollar Attack
Some cybersecurity incidents are laid to rest before they can cause serious damage. In this instance, a ransomware attack was attempted on Tesla earlier this month. This attack could have resulted in a major data breach and millions of dollars lost.
A worker at the Tesla Gigafactory in Sparks, Nevada, was contacted by Egor Igorevich Kriuchkov with a proposal. Kriuchkov offered to pay the Tesla worker $1 million to install malware in the factory's computer systems. The employee then informed Tesla, and the authorities were contacted. Kriuchkov was arrested during an FBI sting operation.
During the investigation, the FBI learned about previous attacks committed by Kriuchkov and his circle. Had the Tesla employee followed through with the proposal to install the malware, the system would have been compromised, and Tesla could have suffered a significant data loss. The hackers would have then held this data for a huge ransom, potentially costing the company many millions of dollars.
- Ransom Paid: N/A
- Type of Attack: Ransomware
- Industry: Auto
- Date of Attack: August 22, 2020
- Location: Sparks, Nevada
Key Takeaways
Having well trained and quick-thinking employees can prevent data breaches.
Limit Access to Elite Systems
High-profile companies are common targets in recent breaches. These companies must limit access to systems to only those who really need it.
1. SANS Cybersecurity Training Firm Falls for Phishing Attack
Even cybersecurity organizations themselves aren't immune from the latest attacks. One of the most recent data breaches happened at SANS Institute, a cybersecurity research, and training firm.
On August 6th, SANS learned a breach within the organization led to the compromise of 28,000 records—including personally identifiable information (PII) such as names, phone numbers, addresses, companies, job titles, and email addresses. Passwords and payment card numbers were not compromised during this attack.
How did the firm discover this cyber incident? During a routine review of email configurations, a suspicious email forwarding rule was found as well as a malicious O365 add-in. This rule affected one individual account, which then forwarded 513 emails to an external email address.
Aside from this one email account, there is no evidence that any other systems were infected with malware. After their discovery and investigation, SANS Institute identified the compromised accounts and contacted the victims, although they did not report the incident to the authorities.
- Records Exposed: 28,000
- Type of Attack: Phishing
- Industry: Cybersecurity
- Date of Attack: August 6, 2020
- Location: Maryland
Key Takeaways
Even those that seem the most prepared can become a high-profile victim of a data breach.
Use ICX to Stay Ahead of Cyberthreats
Does your company need a cybersecurity solution? From the recent hacking incidents 2020 has suffered, it's apparent that cybercriminals show no sign of stopping—and even businesses that are well-versed in best cyber practices can become a target. Request a consultation to improve your security posture with our Arctic Wolf solutions today.