The year 2020 will be in the history books for many reasons and the growth and success of cybercrimes should be one of them. The year saw some of the largest data breaches ever recorded, some that the full scope is not yet known, and there are likely thousands if not millions more that went unreported.
The year started with a Microsoft database sitting completely open with no authentication which exposed roughly 250 million. Databases and online data storage proved to be easy targets for cyber-criminals as similar attacks also hit UK-based security company Elasticsearch (050520), the 16th largest bank in the world Santander (050820), App Developer Firebase (051820), San Francisco Employees Retirement System (060820), Cybersecurity firm Keepnet Labs (060920), Travel sites like Booking.com, Expedia, Hotels.com and others (111020), and there were many more both big and small.
Police departments were targets across the globe as BlueLeaks reported a breach of 24 years of history from police departments across the United States. It wasn’t just law enforcement but government agencies from local municipalities, counties, state agencies, federal agencies, and reported data breaches. It is safe to say there was at least one government level cyber-attack in each of the 50 US states.
Universal Health Services, one of the largest healthcare providers and hospital chains in the United States had staff keeping records with pen and paper and rerouted hospitals. The healthcare industry has always been a high risk due to the amount of data that is often collected. BJC Healthcare, UPMC Altoona, Doctors Community Medical Center (050620), Babylon Healthcare Services (061102), even the genealogy site GEDMatch (81320), and again this is just a small sample of the reported cyber-attacks against health services through 2020.
The biggest two stories which are still being uncovered are the cyber attacks on Blackbaud and Solarwinds. Both provided entry points via their application or service into their clients data, and it will likely be a year or more from now until we fully understand the full scope of the attacks.
Blackbaud’s software was connected to over 170 data breach reports and was a sophisticated cyber-attack from May of 2020 via a ransomware attack. Blackbaud produces cloud-based fundraising, marketing, and customer relationship management solutions for educational, non-profits, healthcare providers, and more globally.
Solarwinds is the latest breach that still has people talking, here the Orion platform which is embedded in several Solarwinds products had it’s source code breached and code added to allow the cyber criminals behind the attack access to the end customers. The late 2020 cyber-attack, affected government agencies globally including the US Treasury, Homeland Security, Department of State and many others.
Some 250 government agencies and businesses may have been affected by the breach, including the latest report from Microsoft that the cyber criminals were able to view source code in several source code repositories, but the access was read only.
Closing out 2020 there were attacks on Lake Regional Healthcare, Whirlpool Corporation, City of Cornelia Georgia, Carnival cruise line subsidiaries Aida Cruises and Costa Crociere, IndiGo, and even another T-Mobile Data Breach, it’s fourth in the last 3 years..
As 2020 comes to an end, the promising note is more companies are asking questions about CyberSecurity and how they should protect themselves.
