With so much of the world transitioning to working, shopping, studying, and streaming online during the coronavirus pandemic, cybercriminals now have access to a larger base of potential victims than ever before.
“Zoombomb” became the new photobomb—hackers would gain access to a private meeting or online class hosted on Zoom and shout profanities and racial slurs or flash pornographic images. Nation-state hacker groups mounted attacks against organizations involved in the coronavirus pandemic response, including the World Health Organization and Centers for Disease Control and Prevention, some in an attempt to politicize the pandemic.
Even garden-variety cyber attacks like email phishing, social engineering, and refund theft took on a darker flavor in response to the widespread economic precarity brought on by the pandemic.
“Hackers were mostly trying to take advantage of people’s fear by offering medical equipment like thermometers and masks for cheap, low-rate loan offers and fake government emails,” said Mark Adams, a cybersecurity analyst and subject matter expert for Springboard’s new Cyber Security Career Track. “You know, the kinds of emails that say you owe X amount in back taxes and you will be arrested if you do not respond to this email today!”
Here’s a closer look at some of the biggest cyberattacks of 2020.
Attack 1: Fraudulent unemployment claims rise in response to the pandemic
Unemployment claims soared to a record high of nearly 23 million claims filed in May, shortly after most U.S. states instituted lockdowns to prevent the spread of the coronavirus. Two months later, the FBI reported a spike in fraudulent unemployment claims from hackers who had stolen taxpayers’ personally identifiable information and filed for unemployment insurance while impersonating the victim.
“Tax scams tend to rise during tax season or during times of crisis, and scam artists are using the pandemic to try stealing money and information from honest taxpayers,” IRS Commissioner Chuck Rettig said in a statement.
Criminals steal this information in different ways, such as purchasing stolen personal data on the dark web, sending email phishing scams, cold-calling the victims in an impersonation scam by pretending to be an IRS agent or bank representative, or accessing the data from a previous data breach or computer intrusion.
Each year, the IRS publishes a list called the Dirty Dozen, enumerating tax- and non-tax-related scams taxpayers should watch out for. In January, a U.S. resident was jailed for using information leaked through a data breach at a payroll company to file a fraudulent tax return worth $12 million.
For national security reasons, government agencies tend to be less forthcoming about data breaches than private companies, said Adams.
“If people think your agency is vulnerable then more people will try [to hack you],” said Adams. “It only takes one massive event to make it look like you don’t have your act together.”
Attack 2: T-Mobile breach exposes sensitive customer data—twice
In December, T-Mobile revealed that it had been hacked once again, the fourth incident in three years.
Companies that are repeat offenders for weak cybersecurity infrastructure often make a conscious choice to forgo extra protections because it’s more cost-effective to pay the fines levied by the Federal Trade Commission in the event of a breach, according to Adams. It’s unclear if T-Mobile is one of them.
“Some companies, including banks, do a cost/benefit analysis,” he said. “In some cases, it’s cheaper to take the hit. Slap us on the wrist so we can move on.”
The first T-Mobile attack of 2020 was confirmed in March 2020, when a cybercriminal gained access to employee email accounts and stole data on T-Mobile employees and some of its customers. For some users, “social security numbers, financial account information and government identification numbers” were stolen, while others simply had their account information seized.
The second attack was limited to what the FCC regards as “customer proprietary network information,” such as phone numbers, the number of lines associated with the account, and information about calls placed. T-Mobile was careful to mention that the breach affected just 0.2% of its 100 million-strong customer base, which still equates to about 200,000 people. Stealing customer metadata (information about a customer’s transaction history that doesn’t personally identify them) does not enable a hacker to steal your identity or seize money from your bank account, but they can use this information in conjunction with another scheme.
For example, they can launch coordinated phishing attacks and phone scams. Social engineering refers to the practice of using verbal manipulation to coerce a victim into divulging their personal information. These methods become more convincing when a hacker has detailed information on you, such as your transaction history, making them seem like a legitimate call center representative.
Attack 3: Hackers try to meddle with the coronavirus pandemic response
In April, hackers targeted top officials who were working on the global response to the pandemic. While the World Health Organization itself wasn’t hacked, employee passwords were leaked through other websites. Many of the attacks were phishing emails to lure WHO staff into clicking on a malicious link in an email that would download malware onto their device.
Users of internet forum 4chan, which is now a breeding ground for alt-right groups, circulated over 2,000 passwords they claimed were linked to WHO email accounts, according to Bloomberg. Details spread to Twitter and other social media sites, where far-right political groups claimed the WHO had been attacked in a bid to undermine the perceived veracity of public health guidelines.
“There is definitely a political aspect to many [cyberattacks] and they will sometimes do it to gain a political advantage or send a message to an adversary,” said Adams. “Or maybe it’s just to put that adversary on the defensive to see how they behave.”
In another example of hackers seizing upon the pandemic zeitgeist, some sent phishing emails impersonating the WHO and urging the general public to donate to a fictitious coronavirus response fund, not the real COVID-19 Solidarity Response Fund.
Attack 4: The FireEye attack that exposed a major breach of the U.S. government
When California-based cybersecurity company FireEye discovered that over 300 of its proprietary cybersecurity products had been stolen, it uncovered a massive breach that had gone undetected for an estimated nine months.
That breach extended to over 250 federal agencies run by the U.S. government, including the U.S. Treasury Department, Energy Department, and even parts of the Pentagon.
But the breach didn’t start with FireEye. The attack began when an IT management software company called SolarWinds was hacked, causing some of its most high-profile customers to be breached, including Fortune 500 corporations like Microsoft, Intel, Deloitte, and Cisco. This domino effect is known as a “supply chain” attack, where the infiltration of one company’s cybersecurity defenses renders all of its customers vulnerable to attack.
Hackers also monitored the internal emails of the U.S. Treasury and Commerce departments, according to Reuters, which broke the news of the cyberattack in mid-December. Government officials and cybersecurity experts say that Russia’s Foreign Intelligence Service, known as SVR, is behind the attacks. Investigators are still piecing together the details of the breach to surmise the hacker’s intentions.
Software companies are prime targets for cyberattacks for two reasons. First, they’re under immense pressure to release new iterations and updates ahead of their competitors, which can mean cutting corners on cybersecurity protections.
“This is something that has plagued the software industry in general for the last twenty to thirty years,” said Adams. “If there are delays in getting that next product or update out it just doesn’t look good because that’s revenue sitting on the table.”
Secondly, attacking a software company enables hackers to breach more victims than if they targeted a single company or government entity. When a software company is hacked, and the breach goes undetected, hackers need only infect a new software update or patch to breach the company’s customers. When the company unwittingly ships the infected software, all of its customers who download it inadvertently install the hacker’s malware onto their systems.
With Springboard’s comprehensive Cyber Security Career Track, you’ll work 1:1 with an industry-mentor to learn key aspects of information technology, security software, security auditing, and finding and fixing malicious code. Learning units include subject-expert approved resources, application-based mini-projects, hands-on labs, and career-search related coursework. Learn more about Springboard’s Cyber Security Career Track here.