The past 12 months have seen an unprecedented surge in cyber criminal activity, with two key trends explaining much of the increase – the Covid-19 pandemic introduced new attack surfaces and opportunities for malicious actors, while new developments in ransomware extortion tactics saw millions lost to operators such as Maze, Sodinokibi, Egregor and others.
Here are Computer Weekly’s top 10 cyber crime stories of 2020:
Foreign exchange company Travelex is facing demands for payment to decrypt critical computer files after it was hit by one of the most sophisticated ransomware attacks, known as Sodinokibi, which disabled its IT systems on New Year’s Eve.
The company, which has operations in 70 countries, has faced days of disruption after criminal hackers penetrated its computer networks and delivered a devastating attack timed to hit the company when many of its staff were on holiday.
According to security specialists, criminals are demanding a six-figure sum to supply Travelex with decryption tools that will allow it to recover the contents of files across its computer network that have been encrypted by the virus.
The UK’s National Trust has joined a growing list of education and charity organisations to have had the data of their alumni or donors put at risk in a two-month-old ransomware incident that occurred at US cloud software supplier Blackbaud.
According to the BBC, the Trust, which operates hundreds of important and historical sites across the country, including natural landscapes and landmarks, parks, gardens and stately homes, said that data on its volunteers and fundraisers had been put at risk, but data on its 5.6 million members was secure.
The organisation is conducting an investigation and informing those who may be affected. As per the UK’s data protection rules, it has also reported the incident to the Information Commissioner’s Office, which is now dealing with a high volume of reports, including Blackbaud’s.
Cognizant has warned that a cyber attack by the Maze ransomware group has hit services to some customers.
The IT services company, which has a turnover of over $16bn and operations in 37 countries, said the attack, which took place on Friday 17 April, had caused disruption for some of its clients.
Cognizant, which supplies IT services to companies in the manufacturing, financial services, technology and healthcare industries, confirmed the attack in a statement on Saturday 18 April.
Customers of Lloyds Bank are being targeted by a phishing scam that is currently hitting email and text message inboxes.
Legal firm Griffin Law has alerted people to the scam after being made aware of about 100 people who have received the messages.
The email, which looks like official Lloyds Bank correspondence, warns customers that their bank account has been compromised. It reads: “Your Account Banking has been disabled, due to recent activities on your account, we placed a temporary suspension untill [sic] you verify your account.”
The total volume of phishing emails and other security threats relating to the Covid-19 coronavirus now represents the largest coalescing of cyber attack types around a single theme that has been seen in a long time, and possibly ever, according to Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.
To date, Proofpoint has observed attacks ranging from credential phishing, malicious attachments and links, business email compromise, fake landing pages, downloaders, spam, and malware and ransomware strains, all being tied to the rapidly spreading coronavirus.
“For more than five weeks, our threat research team has observed numerous Covid-19 malicious email campaigns, with many using fear to try to convince potential victims to click,” said DeGrippo.
Cyber gangsters have attacked the computer systems of a medical research company on standby to carry out trials of a possible future vaccine for the Covid-19 coronavirus.
The company, which carried out tests to develop the Ebola vaccine and drugs to treat Alzheimer’s disease, performs early clinical trails of drugs and vaccines.
The attack is understood to have impacted the back-end systems used by its famous sales representatives in multiple countries besides the UK, including Poland and Romania, which are now back online. This has left people unable to place orders with the company.
Avon disclosed the breach in a notification to the US Securities and Exchange Commission on 9 June 2020, saying it had suffered a “cyber incident” in its IT environment that had interrupted systems and affected operations.
The criminal group responsible for the cyber attack that has disrupted high-street banks and the foreign currency exchange chain Travelex for more than three weeks has launched what has been described as a “massive cyber attack” on a German automotive parts supplier.
Parts manufacturer Gedia Automotive Group, which employs 4,300 people in seven countries, said today that the attack will have far-reaching consequences for the company, which has been forced to shut down its IT systems and send staff home.
The 100-year-old company, which has its headquarters in Attendorn, said in a statement posted on its website that it would take weeks or months before its systems were fully up and running.
Cruise ship operator Carnival Corporation has reported that it has fallen victim to an unspecified ransomware attack which has accessed and encrypted a portion of one of its brand’s IT systems – and the personal data of both its customers and staff may be at risk.
Carnival, which like the rest of the travel industry has been stricken by the Covid-19 pandemic – it also operates Princess Cruises, owner of the ill-fated Diamond Princess, which found itself at the centre of the initial outbreak – reported the incident to the US Securities and Exchange Commission on 17 August.
In its form 8-K filing, the company said the cyber criminals who accessed its systems also downloaded a number of its data files, which suggests it may be at imminent risk of a double extortion attack of the sort perpetrated by the Maze and ReVIL/Sodinokibi groups.
The cyber criminal gang behind the ReVIL or Sodinokibi ransomware attack on New York celebrity law firm Grubman, Shire, Meiselas and Sacks (GSMS) have doubled their ransom demand to $42m and threatened to publish compromising information on US president Donald Trump, according to reports.
In a statement seen by entertainment news website Page Six, the Sodinokibi group – which has also gone by the name Gold Southfield – said they had found “a ton of dirty laundry” on Trump.
The threat reportedly reads: “Mr Trump, if you want to stay president, poke a sharp stick at the guys [GSMS], otherwise you may forget this ambition forever. And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president. The deadline is one week.”