High quality 3D rendered image, perfectly usable for topics related to big data, global networks, international flight routes or the spread of a pandemic / computer virus. Textures courtesy of NASA: https://visibleearth.nasa.gov/images/55167/earths-city-lights, https://visibleearth.nasa.gov/images/73934/topography

A year in review: Top cyberattacks and common cyberthreats in 2020

2020 has been a challenging year, and it tested our strength and ability to adapt. Many people moved their lives online, working from home, learning online, and enjoying most of their free time in front of their screens. But staying safe online is not easy, and new cyberthreats appear every day.

Phishing and ransomware attacks affected individuals and billion-dollar companies alike. A record number of ransomware attacks against hospitals proved that cybercrime could have life-threatening consequences. One of the harsh lessons of 2020 was that nobody is immune to cyberattacks. 

Our 2020 retrospective highlights the main cyberthreats we have been facing in our day-to-day digital life, as well as some of the largest cyberattacks and data breaches.


Phishing: Flooding our homes, stores, and social networks

Phishing attacks more than doubled in the first half of 2020 compared to 2019. Avira Protection Labs detected more than 8.4 million phishing URLs in the first half of 2020, 4.7 million more than in the first half of 2019. With an increasing number of people working from home, cybercriminals took advantage of security vulnerabilities in home office environments. Phishing URLs, malicious URLs that infect systems with malware or trick people into sharing sensitive data, were disseminated through MS Office files, messaging apps, or fake websites. 

The growing number of online purchases also stimulated the increase in phishing attacks. As more and more people turned to online shopping, fake online shops and login pages have been deployed to trick online shoppers into sharing their login credentials or credit card details. 

Targeted phishing attacks using personalized messages, known as spear phishing, have also increased in 2020. The transition to remote working revealed many gaps in security. Twitter made headlines in July 2020, when a group of hackers conducted an elaborate spear phishing attack that allowed them to access the company’s internal network. The hackers managed to access the accounts of several public figures and tricked their followers into sending thousands of bitcoins to hackers’ cryptowallets. You can read more about the Twitter bitcoin scam on our blog.


Emotet: Stealing our passwords

2020 kicked off with an increase in Emotet-related attacks. In the first quarter of 2020, Avira Protection Labs identified approximately 14,000 new Emotet samples. Emotet is a banking trojan used to steal user credentials, passwords, and emails, and to infect systems with malware. When it first appeared in 2014, cybercriminals mostly spread it via spam. Emotet has kept developing, and it can now spread through macro-enabled Microsoft Office files or worm modules that infect entire networks. Avira’s malware threat report for the first quarter of 2020 provides more details about the new Emotet strands.



Zoombombing: New for new threats

Many new words made their way into everyday speech to describe things, feelings, actions, and behaviors propagated by the pandemic. We have been spending most of our days at home, in our infits (our lockdown look that is the opposite of an outfit), shopping online, which caused a global spendemic, and attending virtual meetings where the less tech-savvy risked being zoombombed. 

The use of video-conferencing apps increased dramatically, with millions of downloads on a weekly basis. Zoom, one of the most popular apps, reached 200 million daily meeting participants in the first quarter of 2020. However, the app had security and privacy vulnerabilities, which allowed random app users to enter meetings uninvited. Known as zoombombing, this behavior was a problem for many people, especially for teachers and students. As educational institutions had to switch to remote learning rapidly and, unlike other organizations, didn’t necessarily benefit from internal IT support, zoombombing became common in virtual classes. 

While Zoom and other video-conferencing platforms have been taking steps to address security and privacy issues, users became more aware of the importance of security and privacy features. For mobile messaging apps, encryption became a priority for users, and apps offering end-to-end encryption had 30% more monthly active users than the apps without this feature, according to AppAnnie.

Ransomware: Threatening our health and education 

Ransomware, one of the most encountered threats of 2020, targeted individuals and organizations alike. The pandemic has given cybercriminals more opportunities to conduct such attacks, and many targeted hospitals or healthcare providers. Beyond the financial costs, these attacks showed that ransomware could put lives in danger. Several hospitals in the United States, including St. Lawrence Health System in New York and Sonoma Valley Hospital in California, were hit by ransomware. In Germany, the ransomware attack at the University Hospital in Düsseldorf resulted in one death, after a woman who needed urgent medical care was transferred to another hospital for treatment. 

Ransomware attacks also targeted many universities and research centers in the United States, Canada, UK, Germany, and Switzerland. In the United States, attackers extorted $1.14 million from the University of California San Francisco and almost half a million from the Univeristy of Utah. In addition to ransomware attacks, hackers deployed mining malware in multiple European data centers where supercomputers were used for critical research on COVID-19. Learn more about ransomware attacks on universities in our blog article.



Malicious apps: Contact-tracing scams 

Numerous malicious apps made their way to the app stores in 2020. From photography and gaming apps to personalization apps, Google removed thousands of apps containing adware, trojans, and other types of malware from its PlayStore. 

Cybercriminals also took advantage of the fear and uncertainty caused by the pandemic to spread fake contact-tracing apps. Promising to alert users when they cross paths with an infected person, these apps are misusing Android’s accessibility service to steal passwords, login credentials, and other sensitive data. In the beginning of the year, a variant of the Android banking Trojan “Cerberus” was distributed under the name “Corona-Apps.apk,” tricking users into installing it on their smartphones.



Digital privacy concerns over contact-tracing apps 

The release of official contact-tracing apps started a heated debate on digital privacy. Americans questioned the legitimacy of COVID-19 contact-tracing apps. A study commissioned by Avira and conducted by research firm Opinion Matters in June 2020 found that 71% of Americans were not planning on downloading a contact-tracing app due to concerns over digital privacy. Some countries adopted a centralized model – uploading anonymized user data to a central server – others have opted for a decentralized model – using Bluetooth beaconing and proximity identifiers. However, adoption rates remain relatively low for both app types. You can learn more about the differences between centralized and decentralized contact tracing apps on our blog and read our survey report here.

2020 ended on a grim note: the FireEye and SolarWinds breaches compromised a wide range of governmental institutions, as well as technology and telecom companies. Approximately 300 of FireEye’s proprietary cybersecurity tools were stolen, and within one week the stolen tools had been used in various countries worldwide.




The threat landscape is rapidly changing, and an antivirus software is absolutely necessary to stay safe online and protect your data. Avira Free Security provides free protection for all platforms, plus a free VPN for enhanced privacy online. Find out more about Avira’s award-winning antivirus.

This post is also available in: FrenchSpanishItalianPortuguese (Brazil)

Exit mobile version