Top 5 Breaches 2020

The Five Biggest Breaches and Hacks of 2020: In a year that saw huge changes to how we live our normal lives, and with many workforces going temporarily or permanently remote, life for many felt very different. What however always remains constant in the business world is the threat of cyber-attacks, data breaches and other threats to our businesses from malicious actors.

Chosen for being notable in terms of the volume of information leaked or stolen, or the financial impact the attack had on the company in question, below are, in no particular order, five of the biggest breaches and hacks of 2020.

 Sopra Steria Ransomware Attack (October)

French IT services organisation Sopra Steria fell victim to the Ryuk ransomware strain on October 20^th, claiming initially that it had the outbreak confined to a small part of its systems and that disruption caused by the attack would prove minimal.

Despite the initially optimistic outlook, Sopra Steria has since announced it estimates the damage caused by the attack will cost the company 50 million Euros, also stating publicly that 30 million Euros will be covered by cybersecurity insurance.

 Nintendo Credit-Stuffing Attack (April)

In April 2020, Nintendo suffered a credential stuffing attack that compromised the details of 160,000 users, with the malicious actors responsible using the compromised accounts to buy items on the online Nintendo store.

Not only were the malicious actors able to purchase items using the accounts, but each also contained the personal information of the user in question, including names, email addresses and dates of birth.

As a result of the attack, Nintendo permanently disabled the ability for customers to sign into accounts using their ‘Nintendo Network ID’, recommending also that users enable the built-in two-factor authentication options in their Nintendo accounts.

Cisco Insider Threat (August)

In August, a former employee of Cisco admitted to illegally accessing the cisco network, deleting 456 virtual machines and causing disruption to 160,000 accounts on popular video conferencing system Cisco WebEx.

The malicious actor, 31-year-old former Cisco engineer Sudhish Kasaba Ramesh, had left his post in April of 2018 but still had the ability to gain access to Cisco’s AWS (Amazon Web Services) environment five months after leaving the organisation, when he deployed code that deleted 456 Webex virtual machines.

This insider threat attack caused the 160,000 WebEx accounts to be deactivated for two weeks, costing Cisco an estimated total of $1.4 million to resolve.

Ramesh was sentenced on December 9^th to two years in prison and a fine of $15,000.

 Travelex Ransomware Attack (January)

In an attack first detected on 31 December 2019, British foreign exchange giant Travelex saw its networks infected by a ransomware strain known as Sodinokibi.

Claiming it first gained access to Travelex’s networks six months prior and possessed 5GB of Travelex customer data (a claim Travelex state as false), REvil, the criminal gang in question initially demanded £4.6 million for the ransomware encryption key.

It is understood that against advice given in the event of attacks, Travelex ultimately paid £2.3m in Bitcoin to the gang in a bid for resolution, believed to be the largest digital ransom ever paid.

Carnival Cruises Data Breach (August)

The largest cruise line operator in the world, Carnival, confirmed in August that the data of customers and crew members of three of its cruise lines were compromised in a ransomware attack.

In a statement regarding the attack, carnival claimed the information may include names, addresses, phone numbers, passport numbers, Social Security numbers, and dates of birth.

How the attackers gained access to the carnival network, and the volume of data compromised in the attack have not been disclosed by Carnival.