{"id":2153,"date":"2021-01-08T03:38:29","date_gmt":"2021-01-08T03:38:29","guid":{"rendered":"https:\/\/thenextweb.com\/?p=1333374"},"modified":"2021-01-08T03:38:29","modified_gmt":"2021-01-08T03:38:29","slug":"pardon-the-intrusion-34-cyberbaddies-had-a-field-day-in-2020","status":"publish","type":"post","link":"https:\/\/www.londonchiropracter.com\/?p=2153","title":{"rendered":"Pardon the Intrusion #34: Cyberbaddies had a field day in 2020"},"content":{"rendered":"\n<p><strong><em>Subscribe to this bi-weekly newsletter <a href=\"https:\/\/tnw.to\/newsletter\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">here<\/a>!<\/em><\/strong><\/p>\n<p><span>Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s <\/span><a href=\"https:\/\/thenextweb.us1.list-manage.com\/track\/click?u=22ec88eb9b9d8bc3bcf660787&amp;id=37136e54f1&amp;e=0e200ae170\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">bi-weekly newsletter<\/a> in which we explore the wild world of security.<\/p>\n<p><span>2020 is finally over. The year was already surreal and tough enough, thanks to the pandemic.<\/span><\/p>\n<p><span>But the en masse shift to remote work and the race to find a vaccine <\/span><a href=\"https:\/\/thehackernews.com\/2020\/04\/cronavirus-hackers.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">created unique threats<\/a><span> in cyberspace, allowing criminals and threat actors to mount a variety of attacks, ranging from phishing scams to sophisticated espionage campaigns aimed at <\/span><a href=\"https:\/\/thehackernews.com\/2020\/12\/north-korean-hackers-trying-to-steal.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">stealing COVID-19 research<\/a><span>.<\/span><\/p>\n<p><span>Ransomware attacks exploded in number, with an endless stream of compromises hitting schools, hospitals, government agencies, and private companies.<\/span><\/p>\n<p><span>Attackers not only demanded massive ransoms, but also <\/span><a href=\"https:\/\/thenextweb.com\/newsletter\/2020\/08\/28\/pardon-the-intrusion-25-ransomware-goes-pro\/\" target=\"_blank\" rel=\"noopener noreferrer\">extracted large quantities of sensitive data<\/a><span> and threatened to publish them unless their demands are met. The average ransom payout <\/span><a href=\"https:\/\/thenextweb.com\/newsletter\/2020\/11\/20\/pardon-the-intrusion-31-stop-using-123456-as-your-password\/\" target=\"_blank\" rel=\"noopener noreferrer\">increased<\/a><span> from about $84,000 in 2019 to about $233,000 this year.<\/span><\/p>\n<p><span>2020 was also a great year for data breaches, which became a regular occurrence. Worse, weak or stolen passwords were tied to <\/span><a href=\"https:\/\/enterprise.verizon.com\/resources\/reports\/dbir\/2020\/summary-of-findings\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">37% of the breaches<\/a><span>.<\/span><\/p>\n<p><span>Some of the notable companies that were crippled by data breaches and ransomware attacks include Garmin, Vastaamo, Foxconn, Nintendo, Marriott, EasyJet, Big Basket, Dr. Reddy\u2019s, and Luxottica.<\/span><\/p>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/6dac1a6e-f98b-406d-a68e-7945ddcdb1e7.gif\" width=\"600\" height=\"340\" data-file-id=\"59970\" data-lazy=\"true\"><\/figure>\n<p><span>Web skimming attacks against ecommerce websites to steal credit card information flourished as well. The operators behind the campaigns stepped up their efforts to hide their malicious code inside image metadata and favicon files, and even <\/span><a href=\"https:\/\/thehackernews.com\/2020\/09\/credit-card-telegram-hackers.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">use Telegram messenger<\/a><span> to exfiltrate the data.<\/span><\/p>\n<p><span>Then came the great <\/span><a href=\"https:\/\/thenextweb.com\/newsletter\/2020\/07\/16\/pardon-the-intrusion-22-twitter-just-had-its-most-serious-hack\/\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter hack<\/a><span> in July, when a number of high profile accounts were taken over to advertise a cryptocurrency scam. Subsequent investigation found that the attackers had tricked an employee into clicking on a phishing site that harvested the credentials of its internal systems. They used this administrative password to reset the passwords of the target Twitter accounts and take control.<\/span><\/p>\n<p><span>The most <\/span><a href=\"https:\/\/thenextweb.com\/newsletter\/2020\/12\/21\/pardon-the-intrusion-33-solarwinds-unleashes-a-cyber-storm\/\" target=\"_blank\" rel=\"noopener noreferrer\">devastating of the hacks<\/a><span> in 2020 was also saved for the last. Threat actors, likely from <\/span><a href=\"https:\/\/www.cisa.gov\/news\/2021\/01\/05\/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Russia<\/a><span>, compromised a routine software update released by network monitoring software maker SolarWinds, and used it to deliver a backdoored update to as many as 18,000 customers, including FireEye, Microsoft, Cisco, VMware, and more.<\/span><\/p>\n<p>The breach came to light earlier on December after cybersecurity firm FireEye disclosed that it had suffered a breach and hackers had stolen its cache of Red Team tools it uses to assess the security infrastructure of its customers.<\/p>\n<p>What makes the SolarWinds supply chain attack more damaging is the level of sophistication and tradecraft used to stealthily break into the company\u2019s software distribution system as early as October 2019 before making their move in March.<\/p>\n<p><span>Cybersecurity is an endless tussle between digital thieves and defenders. It\u2019s a form of modern warfare playing out across an increasingly advanced threat landscape. And if 2020 is any indication, these attacks will only get more sophisticated.<\/span><\/p>\n<h3 class=\"h2 mso-font\"><span>What\u2019s trending in security?<\/span><\/h3>\n<p><span>US intelligence agencies formally <\/span><a href=\"https:\/\/thehackernews.com\/2021\/01\/fbi-cisa-nsa-officially-blames-russia.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">accused Russia<\/a><span> of orchestrating the SolarWinds supply chain attack, police in Singapore can now <\/span><a href=\"https:\/\/www.cyberscoop.com\/singapore-coronavirus-app-criminal-investigations\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">use data<\/a><span> collected by its COVID-19 contact tracing app to aid criminal investigations, and hackers <\/span><a href=\"https:\/\/www.eduskunta.fi\/EN\/tiedotteet\/Pages\/Cyberattack-against-Parliament-of-Finland.aspx\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">gained access<\/a><span> to the Finnish Parliament\u2019s IT systems.<\/span><\/p>\n<ul>\n<li>\n<span>Law enforcement agencies in Singapore are now authorized to use data collected by its COVID-19 contact tracing app to aid criminal investigations. [<\/span><a href=\"https:\/\/www.cyberscoop.com\/singapore-coronavirus-app-criminal-investigations\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">CyberScoop<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Hackers gained access to the Finnish Parliament\u2019s IT systems in recent months in an incident that allowed them to compromise some emails belonging to members of Parliament. [<\/span><a href=\"https:\/\/www.eduskunta.fi\/EN\/tiedotteet\/Pages\/Cyberattack-against-Parliament-of-Finland.aspx\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">The Parliament of Finland<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Prof. Matthew Green made a great Twitter thread about how law enforcement agencies actually break into locked iPhones. It hinges on your phone being in the \u201c<\/span><a href=\"https:\/\/www.vice.com\/en\/article\/pavwzv\/cops-are-confident-iphone-hackers-have-found-a-workaround-to-apples-new-security-feature\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">After First Unlock<\/a><span>\u201d state, where the phone is locked but was unlocked at least once after it was powered on by the owner. [<\/span><a href=\"https:\/\/twitter.com\/matthew_d_green\/status\/1341746171220537344\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">matthew_d_green<\/a><span> \/ Twitter]<\/span>\n<\/li>\n<li>\n<span>Law enforcement agencies in the US and Europe took down Safe-Inet VPN service for facilitating criminal activity. The UK\u2019s National Crime Agency also <\/span><a href=\"https:\/\/thehackernews.com\/2020\/12\/police-arrest-21-weleakinfo-customers.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">arrested 21 people<\/a><span> for buying breached personal data from WeLeakInfo.com, a now-defunct online service that had been selling access to data hacked from other websites. [<\/span><a href=\"https:\/\/thehackernews.com\/2020\/12\/cybercriminals-favorite-bulletproof-vpn.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">The Hacker News<\/a><span>]<\/span>\n<\/li>\n<\/ul>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/4488ee15-cd00-4db8-a565-77b8a471606a.png\" width=\"600\" height=\"504\" data-file-id=\"59958\" data-lazy=\"true\"><\/figure>\n<\/p>\n<ul>\n<li>\n<span>Certificate authority Let\u2019s Encrypt said it has found a workaround that will extend older Android phones\u2019 compatibility with its certificates by three years. [<\/span><a href=\"https:\/\/letsencrypt.org\/2020\/12\/21\/extending-android-compatibility.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Let\u2019s Encrypt<\/a>]<\/li>\n<li>\n<span>28 shady browser extensions used by more than 3 million users were found to collect their browsing histories, redirect traffic to phishing sites, and download additional malware onto their devices. [<\/span><a href=\"https:\/\/press.avast.com\/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Avast<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Israeli private intelligence firm NSO Group allegedly used location data from thousands of unsuspecting people to pitch its COVID-19 contact-tracing tech to governments and journalists. The company said the \u201cdemo material was not based on real and genuine data related to infected COVID-19 individuals,\u201d but didn\u2019t say where the data came from and how it was obtained. [<\/span><a href=\"https:\/\/techcrunch.com\/2020\/12\/30\/nso-fleming-data-location\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">TechCrunch<\/a><span>]<\/span>\n<\/li>\n<li>I<span>n other NSO Group-related news, at least 36 Al Jazeera journalists had their iPhones targeted with a \u201czero-click\u201d exploit in iMessage that was used to stealthily deliver the company\u2019s Pegasus spyware. The flaw was eventually addressed by Apple in iOS 14. [<\/span><a href=\"https:\/\/citizenlab.ca\/2020\/12\/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Citizen Lab<\/a><span>]<\/span>\n<\/li>\n<\/ul>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/42369104-caf6-4d29-9917-4e0b9d3bd795.jpg\" width=\"600\" height=\"480\" data-file-id=\"59962\" data-lazy=\"true\"><\/figure>\n<\/p>\n<ul>\n<li>\n<span>Ticketmaster will pay $10 million for hacking rival ticket seller CrowdSurge repeatedly between 2013 and 2015 in an attempt to \u201ccut [the company] off at the knees.\u201d [<\/span><a href=\"https:\/\/www.justice.gov\/usao-edny\/pr\/ticketmaster-pays-10-million-criminal-fine-intrusions-competitor-s-computer-systems-0\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">The US Dept. of Justice<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>NBC News\u2019 Olivia Solon goes on a deep-dive into the data that car infotainment systems have on you, and how looser privacy standards are making it a treasure chest of data for law enforcement to solve crimes. [<\/span><a href=\"https:\/\/www.nbcnews.com\/tech\/tech-news\/snitches-wheels-police-turn-car-data-destroy-suspects-alibis-n1251939\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">NBC News<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Motherboard compiled a fantastic list of cybersecurity stories that they wished \u201cwe had reported and written ourselves\u201d in 2020. [<\/span><a href=\"https:\/\/www.vice.com\/en\/article\/4adnjw\/the-cybersecurity-stories-we-were-jealous-of-in-2020\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Motherboard<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>The past fortnight in data breaches, leaks, and ransomware: <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hacker-posts-data-of-10-000-american-express-accounts-for-free\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">American Express<\/a><span>, <\/span><a href=\"https:\/\/threatpost.com\/ransomware-gang-data-blood-testing-lab\/162721\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Apex Laboratory<\/a><span>, <\/span><a href=\"https:\/\/www.zdnet.com\/article\/italian-mobile-operator-offers-to-replace-sim-cards-after-massive-data-breach\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Ho Mobile<\/a><span>, <\/span><a href=\"https:\/\/juspayproducts.medium.com\/your-security-is-our-first-concern-8d98c96e5f17\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Juspay<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kawasaki-discloses-security-breach-potential-data-leak\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Kawasaki<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/koei-tecmo-discloses-data-breach-after-hacker-leaks-stolen-data\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Koei Tecmo<\/a><span>, <\/span><a href=\"https:\/\/www.theblockcrypto.com\/linked\/88596\/database-containing-personal-information-of-over-270000-ledger-customers-released-on-raidforums\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Ledger<\/a><span>, <\/span><a href=\"https:\/\/www.zdnet.com\/article\/russian-crypto-exchange-livecoin-hacked-after-it-lost-control-of-its-servers\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Livecoin<\/a><span>, <\/span><a href=\"https:\/\/www.zdnet.com\/article\/nissan-source-code-leaked-online-after-git-repo-misconfiguration\/#ftag=RSSbaffb68\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Nissan<\/a><span>, <\/span><a href=\"https:\/\/www.theregister.com\/2020\/12\/17\/peoples_energy_hacked\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">People\u2019s Energy<\/a><span>, <\/span><a href=\"https:\/\/www.t-mobile.com\/responsibility\/consumer-info\/security-incident\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">T-Mobile<\/a><span>, <\/span><a href=\"https:\/\/techcrunch.com\/2020\/12\/22\/taskrabbit-resets-passwords-suspicious-activity-network\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">TaskRabbit<\/a><span>, <\/span><a href=\"https:\/\/www.bbc.com\/news\/technology-55439190\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">The Hospital Group<\/a><span>, and <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/home-appliance-giant-whirlpool-hit-in-nefilim-ransomware-attack\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Whirlpool<\/a><span>.<\/span>\n<\/li>\n<\/ul>\n<h3 class=\"h2 mso-font\">Data Point<\/h3>\n<p><span>As COVID-19 cases continue to rise, so have the cyberattacks against the healthcare sector, making them the most targeted sector since November 2020.<\/span><\/p>\n<p><span>According to <\/span><a href=\"https:\/\/blog.checkpoint.com\/2021\/01\/05\/attacks-targeting-healthcare-organizations-spike-globally-as-covid-19-cases-rise-again\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Check Point Research<\/a><span>, there has been an increase of over 45% in the number of attacks seen against healthcare organizations globally, compared to an average 22% increase in attacks against other industry sectors.<\/span><br \/><a href=\"https:\/\/blog.checkpoint.com\/2021\/01\/05\/attacks-targeting-healthcare-organizations-spike-globally-as-covid-19-cases-rise-again\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/7270df41-1417-4be1-9441-a4911031039b.png\" width=\"600\" height=\"340\" data-file-id=\"59966\" data-lazy=\"true\"><\/figure>\n<p><\/a><span>Central Europe has been hardest hit in the past two months, with a 145% increase in healthcare-related attacks, followed by East Asia, Latin America, and then the rest of Europe, North America, and South Asia.<\/span><\/p>\n<p><span>Overall, an average of 626 attacks was recorded on a weekly basis against healthcare organizations in November 2020, in comparison to 430 in October last year.<\/span><\/p>\n<p>That\u2019s it. See you all in two weeks. Stay safe!<\/p>\n<p><em>Ravie x TNW (ravie[at]thenextweb[dot]com)<\/em><\/p>\n<p> <a href=\"https:\/\/thenextweb.com\/newsletter\/2021\/01\/08\/pardon-the-intrusion-34-cyberbaddies-had-a-field-day-in-2020\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Subscribe to this bi-weekly newsletter here! Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s bi-weekly newsletter in which we explore the wild world of security. 2020 is finally over. The&#8230;<\/p>\n","protected":false},"author":1,"featured_media":2154,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/2153"}],"collection":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2153"}],"version-history":[{"count":0,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/2153\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/media\/2154"}],"wp:attachment":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2153"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}