Cybersecurity may be far from many of our minds this year, and in light of a pandemic and catastrophic economic disruption, remembering to maintain our own personal privacy and security online isn't necessarily a priority.
However, cyberattackers certainly haven't given anyone a break this year. Data breaches, network infiltrations, bulk data theft and sale, identity theft, and ransomware outbreaks have all occurred over 2020 and the underground market shows no signs of stopping.
As a large swathe of the global population shifted to work from home models and businesses rapidly transitioned to remote operations, threat actors also pivoted. Research suggests[1] that remote workers have become the source of up to 20% of cybersecurity incidents, ransomware is on the rise[2], and we are yet to learn that "123456" is not an adequate password[3].
Many companies and organizations, too, have yet to practice reasonable security hygiene, and vulnerabilities pose a constant threat to corporate networks. As a result, we've seen a variety of cyberattacks this year, the worst of which we have documented below.
January:
- Travelex[4]: Travelex services were pulled offline following a malware infection. The company itself and businesses using the platform to provide currency exchange services were all affected.
- IRS tax refunds[5]: A US resident was jailed for using information leaked through data breaches to file fraudulent tax returns worth $12 million.
- Manor Independent School District[6]: The Texas school district lost $2.3 million during a phishing scam.
- Wawa[7]: 30 million records containing customers' details were made available for sale online.
- Microsoft[8]: The Redmond giant disclosed that five servers used to store anonymized user analytics were exposed and open on the Internet without adequate protection.
- Medical