Select your country

Not finding what you are looking for, select your country from our regional selector:


2020: Cyber Highlights

2020 turning 2021


2020 was rich in cyber news. Discover the facts that interested us the most. 

January: Hit by ransomware on New Year’s Eve

On the verge from 2019 to 2020, the international currency exchange company Travelex was struck by a ransomware attack. The attackers asked for $3 million of ransom to unlock the company’s critical systems whilst threatening to release personal customer data. The company paid $2.3 to recover their files.

February: And so it begins … COVID themed campaigns

Coronavirus spreading across the globe has inspired many malware authors to make use of uncertainty and fear. In Japan, a variant of Emotet was seen attempting to scare victims into opening malicious email attachments, which will infect the recipient with Emotet if macros are enabled. Similar campaigns have been observed globally.

March: ZoomBombing

As many employees started working from home and turned towards video chats such as Zoom, a practice later termed as ZoomBombing started to surface. ZoomBombing is when meetings get interrupted by uninvited guests, which would then share inappropriate video material or just “troll” the rest of the audience.

April: Stop sending GIFs on Teams 

Researchers from CyberArk found a vulnerability in Microsoft Teams that allows attackers to take over accounts by simply sending a regular GIF. When communicating through Teams, authentication is done through two tokens. If an attacker has access to both tokens, they will be able to read/send messages, create groups, add or remove users, and change permissions.

May: Super Computers infected with Cryptocurrency Miners

Several supercomputers across Europe had to be shut down after Cryptocurrency mining Malware was discovered on them. This is the first known incident where external actors initiated this. Until then, only incidents were published where employees had installed cryptocurrency miners for their own personal gain.

 June: A shift in extortion? Increasing the pressure

The ransomware operators of the REvil (Sodinokibi) group launched an auction page, which increases the pressure for the victims to pay. Besides threatening availability by encrypting files and systems; they went one step further by exfiltrating the victims’ data and thus threatening confidentiality of sensitive data, if the victim chooses not to pay, data will be published on their dedicated leak site.

July: The Twitter Hack

Attackers gained control of many high-value Twitter accounts by targeting a small number of employees through a phone spear–phishing attack. With the information gathered they then accessed internal systems and extended their phishing campaign towards other, higher-privilege, users.

August: Fancy Bear and its backdoors

In August, the NSA and FBI released a paper describing a new malware developed by the Russian hacking group Fancy Bear (APT28) that targets Linux systems. The malware, named Drovorub, creates a backdoor on the victim’s system which enables file transfer and execution of arbitrary commands as root. Drovorub uses advanced evasion techniques since it hides artifacts from common tools used for live response.

September: Death indirectly linked to a cyberattack

A ransomware attack on the Dusseldorf University Hospital led to the death of a patient. As a consequence of the attack, the hospital in question was unable to take in new emergency patients, which meant that the woman in need of urgent care, had to be transferred to another hospital that was further away and thus led to her death. Ironically, the hospital was not the target of the attack but the nearby university.

October: the source code of the Watch Dogs game: Legion possibly hacked

The Egregor gang has released 20 MB of data allegedly related to Watch Dogs: Legion, a hacking themed video game created by Ubisoft. As of today, it is still not possible to state with certainty whether the data theft actually took place. Cybercriminals have repeatedly reported hacking Ubisoft.

November: the French prime minister alerted on an upsurge in attacks

On November 13, 2020, the Cigref (Computer Club of Large French Companies) sent a letter to the French Prime Minister, Jean Castex, to inform him of the concern of large French companies and public administrations about the increase, in number and intensity, of cyberattacks.

December: 33 vulnerabilities discovered in connected devices

AMNESIA:33 is the name given by the cybersecurity solutions publisher Forescout to a set of 33 vulnerabilities discovered in connected objects. These vulnerabilities notably affect four open–source TCP/IP stacks (uIP, FNET, picoTCP and Nut/Net). 

 This content is part of our Annual Report, the Security Navigator. To download it, click here.


Incident Response Hotline

Ein Cybersecurity Incident, bei dem Sie sofortige Hilfe benötigen?

Kontaktieren Sie unsere 24/7/365 Incident Response Hotline.