As another year wraps up, we must look back on the many cybersecurity stories that have shaped the world we live in today. 2020 was a year of change for many folks, and while numerous things in our daily lives have changed, for better or worse, the march of time pushes us onward into the prospect of a new year’s worth of opportunities. In 2020 we saw a global pandemic, several ransomware groups ceased their nefarious operations, and all too many corporations and organizations fell victim to data breaches. Here are some of the top cybersecurity stories that left their mark in 2020:
850 Wawa Stores Affected by Card-skimming
Nearly every one of Wawa’s 850 stores in the US were found to be infected with a payment card-skimming malware for roughly 8 months before the company discovered it. It appears that Wawa only found out about the problem after Visa issued a warning about card fraud at gas pumps using the less-secure magnetic strips and has since begun offering credit monitoring to anyone affected. In Wawa’s statement, they mention skimming occurring from in-store transactions as well, so using a card chip would only be effective if the malware had been at the device level, rather than the actual transaction point. Nearly a month later, a data dump titled “BIGBADABOOM-III” was found with roughly 30 million payment card records was discovered for sale on a major dark marketplace. With the massive impact of this attack, over 850 individual stores, this could very well be the largest payment card breaches in recent memory.
Estee Lauder Leaves Massive Database Unprotected
Earlier this week, researchers found an unsecured database containing over 440 million records belonging to Estee Lauder, a major make-up manufacturer. Though the company has confirmed that no customer data was stored in that specific database, they are still unsure on how long it was left exposed for, as it did still contain plenty of sensitive information regarding the company. Estee Lauder was able to properly secure the database on the same day that the initial researcher reached out to them.
Malicious Coronavirus Mapping Apps Spreading More than Misinformation
Many malware authors have been capitalizing on the recent Coronavirus(COVID-19) epidemic by way of phishing campaigns and newly renamed ransomware variants. Their latest endeavor has produced an app used to reportedly “track” the spread of Coronavirus across the globe, but instead has been dropping malicious payloads on any unsuspecting victim’s device. Some of these apps can lock devices and demand a small ransom to unlock it, while others deliver full ransomware payloads that can encrypt and upload any files to another remote server. Fortunately, researchers worked quickly to engineer up a decryption key for anyone unlucky victims.
Decryption Keys for Shade Ransomware Made Available
After nearly 5 years of operation, the creators of Shade ransomware have decided to close shop and give out nearly 750,000 decryption keys, along with an apology for any harm done. While most ransomware variants tend to purposely avoid Russia and Ukraine, Shade focused specifically on these two countries during its run. Though the many decryption keys and master keys have been made public, the instructions for recovering the actual files are not the most user-friendly, and sadly a full decryption tool hasn’t been developed.
New COVID-19 Tracker Drops [f]Unicorn Ransomware
Following in the latest trend of capitalizing on the public’s pandemic fears, a new fake COVID-19 tracing app has been targeting system in Italy and dropping a new ransomware variant, dubbed [f]Unicorn. The malicious payload itself comes disguised as a file from the Italian Pharmacist Federation which directs the victim to a beta version of the Immuni tracing app that hasn’t yet been released but shows a fake tracing dashboard while the encryption process begins. Additionally, the ransomware only demands a 300 Euro payment and displays an invalid email address, so users will be unable to send proof of payment to the attackers even if they did choose to pay.
Two Decades of Police Records Leaked
A massive data dump has been discovered to contain upwards of 269GB of stolen police records dating back nearly 24 years and covering some 200 departments and police organizations across the world. In what is being called ‘BlueLeaks’, researchers have been able to identify highly sensitive personal information from bank account numbers to Social Security Numbers for thousands of officers and suspects. It is still being debated if the breach started with the software developer Netsential, who is readily denying any data breach, or through another entry point.
Garmin Hit with WastedLocker Ransomware
Nearly a week after the company announced they had suffered a system outage, Garmin has finally revealed that they fell victim to a ransomware attack, likely from the WastedLocker variant that has risen in popularity. As is the norm for WastedLocker, the attack was very specific in its targeting of the company (even mentioning them by name in the ransom note) and took many of their services offline. Though Garmin has confirmed that no customer data was affected, they are still unsure when all their services will return to full functionality.
Multiple Individuals Charged for Twitter Hack
Three people have been identified and charged with the Twitter hack that occurred last month, that generated over $100,000 in bitcoin, through hijacking high-profile accounts. Of the 130 accounts that were used to spread the Bitcoin scam, some major names included Elon Musk and Bill Gates, who have been portrayed in similar scams in the past. It appears that the FBI was able to identify the perpetrators through a known hacking forum that offered up Twitter account hacking services for a fee.
Ryuk Shuts Down Universal Health Services
Following an attack by the Ryuk ransomware group every computer system for all 400 of Universal Health Services’ facilities around the globe. Ryuk is known for targeting large organizations, but healthcare is a rather new industry that has been gaining popularity due to the high volume of sensitive information coupled with a typically low level of security. It has yet to be confirmed if the healthcare firm has paid the ransom for the encrypted data, or if they have resolved to restoring their systems from any available backups.
Adobe Flash No Longer Allowed on Windows Systems
Following an announcement back in September, Microsoft has finally pushed out the update that removes Adobe Flash from all Windows 10 systems and stops the program from being installed again. It should be noted, however, that this update only removes the version of Adobe Flash that comes bundled with Windows 10. Internet browser extensions and stand-alone installs of the software will remain unaffected by this update as well. Should the user want to re-install Adobe Flash on a system that has already been updated, they will have to either revert to a point before the update or do a fresh install of Windows 10.
Maze Ransomware Group Ends Operations
Earlier this week, a press release was issued that announced the end to the Maze ransomware group’s data theft operations. In the release, the Maze authors revealed their motives behind one of the most successful ransomware campaigns to date, and why they chose to finally shut down their massive project. It also came to light that the team behind Maze was working to expose the major security holes that many industries allow to persist in our ever-evolving technological world, though their methods left many victims in their wake.
Ransomware Strikes City of Independence, Missouri
Officials for the City of Independence, Missouri have been working for the past two weeks to recover from a ransomware attack that forced them to take several essential services offline. Fortunately, there were some recent file backups that are being used to restore some of the encrypted systems to normal functionality. At this point, officials are still uncertain if any customer or employee data was stolen during the attack, and no ransomware group has come forward to take credit for the attack or post stolen data for sale.