The surge of online activities during the COVID-19 pandemic has created unprecedented opportunities for cybercriminals, enabling them to exploit an expanded pool of potential victims. As businesses, educational institutions, and individuals migrated online, they became increasingly vulnerable to an array of cyberattacks, including “zoombombing,” where unauthorized individuals disrupted Zoom meetings with inappropriate content, and the targeting of health organizations during pandemic response efforts.
This year witnessed a sharp uptick in traditional cyber threats such as phishing scams and social engineering, as attackers capitalized on public anxiety. According to Mark Adams, a cybersecurity analyst, hackers manipulated fears around health crises by marketing fraudulent medical supplies and fake government assistance. Scam messages often threatened dire consequences, like arrest for unpaid taxes, to provoke immediate response from victims.
Among the most significant attacks was the rise in fraudulent unemployment claims, with the FBI reporting a concerning spike. As unemployment claims skyrocketed to nearly 23 million in May, cybercriminals employed stolen personal data from various breaches to file fraudulent claims in victims’ names. This trend aligns with typical patterns observed during crises, as noted by IRS Commissioner Chuck Rettig. Attackers utilized various methodologies, from purchasing compromised data on dark web markets to conducting phishing operations masquerading as tax authorities.
Another troubling incident unfolded with T-Mobile, which experienced two significant breaches within the same year. The first attack in March 2020 involved unauthorized access to employee email accounts, leading to the compromise of sensitive customer data, including social security numbers and financial information. The second breach targeted customer metadata, impacting approximately 200,000 users. Such breaches highlight the vulnerabilities associated with corporate digital infrastructures, where inadequate cybersecurity measures can lead to extensive data loss and customer trust degradation.
In a politically charged environment, hackers attempted to undermine the global pandemic response by targeting officials from organizations like the World Health Organization. While the organization itself was not directly compromised, leaked passwords from other platforms facilitated phishing attacks aimed at WHO employees—an indication of the heightened risks associated with high-profile targets in times of global crises.
Perhaps one of the most alarming incidents is the breach involving FireEye, a cybersecurity firm that uncovered an extensive infiltration affecting over 250 federal agencies, including the U.S. Treasury and Department of Energy. The attack, linked to a compromised IT management software company, underscored the vulnerabilities inherent in supply chain ecosystems. Once a single entity within the supply chain is breached, it opens the floodgates for attackers to compromise numerous clients, resulting in widespread implications for national security.
The diverse strategies employed in these attacks reflect various techniques outlined in the MITRE ATT&CK framework, including tactics such as initial access, credential dumping, and lateral movement within networks. Understanding these frameworks enables organizations to better prepare and tighten their cybersecurity measures, ensuring they are robust against evolving threats.
As cyber threats continue to escalate, organizations are encouraged to not only focus on compliance and recovery but to actively engage in developing a comprehensive cybersecurity strategy that anticipates potential risks, secures digital assets, and safeguards sensitive information. The critical nature of cybersecurity cannot be overstated, particularly as digital transformation efforts accelerate in the wake of unprecedented global challenges.
