BleepingComputer’s most popular tech stories of 2020


Thankfully, 2020 is over, and we can look forward to a healthier, safer, and more normal 2021.

However, it was a big year for technology and cybersecurity with massive cyberattacks, worldwide outages, privacy concerns, and new features added to Windows.

Some stories, though, piqued the interest of our readers more than others.

Below we list the ten most popular stories at BleepingComputer during 2020 with a summary of each.

10. eBay and other sites port scanned visitors computers

 Researchers discovered that eBay and other sites utilize a script to port scan visitors’ computers to check for running remote access and remote support programs.

These portscans check for compromised computers making fraudulent purchases or financial transactions.

eBay portscanning a computer

9. U.S. government warned that Ryuk Ransomware was actively targeting hospitals

In a joint statement, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warned the healthcare industry that the Ryuk ransomware operation was actively targeting hospitals and medical centers.

This warning came after hospital operator Universal Health Services, Sky Lakes Medical Center in Oregon, and St. Lawrence Health System in New York were hit by the Ryuk ransomware. Soon after the warning, Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network were also hit by Ryuk.

8. ‘Meow’ attack deleted almost 4,000 unsecured databases

An automated attack deleted almost 4,000 unsecured Elasticsearch, Cassandra, CouchDB, and MongoDB databases and renamed them to end with the -meow extension.

Meow attack

7. The source code for dozens of company’s software leaked online

The private source code for 50 companies was published online in a giant leak called ‘exconfidential.’

This leak included source code for well-known companies, such as Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls; and the list keeps growing.

It is believed that the source code for these companies was gathered through unsecured SonarQube installations.

6. Windows Zerologon vulnerability actively used by threat actors

As part of the August 2020 Patch Tuesday, Microsoft fixed the “CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability” that easily allows threat actors to take control over a domain.

Soon after the news about the fix was published, researchers began publishing proof-of-concept ZeroLogon exploits that allowed you to gain administrative access to a domain controller.

With the public exploit released, Microsoft warned that threat actors quickly adopted them and exploited the ZeroLogon vulnerability in attacks.

5. Garmin suffered a worldwide outage after a ransomware attack

In July, Wearable device maker Garmin suffered a worldwide outage for its connected services and call centers. After a Garmin employee shared a screenshot of an encrypted computer, BleepingComputer was the first to confirm that the company suffered a WastedLocker ransomware attack.

In August, BleepingComputer gained access to an executable created by the Garmin IT department to decrypt a workstation and installs a variety of security software on the machine. This executable included a decryptor for WastedLocker ransomware, indicating that Garmin paid the ransom.

Garmin decryptor
Garmin decryptor

4. In the middle of the pandemic, over 500K Zoom accounts were sold online

With everyone worldwide using Zoom for work and staying in touch with family and friends during the pandemic, threat actors began selling 500K Zoom accounts on hacker forums and private sales.

Sold Zoom Accounts
Sold Zoom Accounts

3. Microsoft deployed an update that caused Microsoft outlook to crash worldwide

On July 15th, Microsoft Outlook began crashing worldwide and displaying an exception code 0xc0000005.

It turns out that Microsoft deployed a faulty update that, once installed, caused Outlook to crash.

“Our initial review of the available data indicates that recently deployed updates are the likely source of the problem. We’re performing an analysis of all recent service updates to isolate the underlying cause of the problem and to determine the most expedient means to restore service.”

Microsoft also suffered a massive Office 365 outage in October after a service update mistakenly was introduced into the production environment.

2. Microsoft adds a built-in packet sniffer to Windows 10

In May, BleepingComputer discovered that Microsoft quietly added a built-in command-line packet sniffer to Windows 10.

Windows 10's Pktmon packet sniffer
Windows 10’s Pktmon packet sniffer

This new tool is called Pktmon and allows you to monitor for selected traffic and save it to a log file. Later updates to the program introduced PCAP support and real-time monitoring.

PCAP support is useful as it allows the log files to be viewed in popular programs like WireShark.

1. SolarWinds breached to perform a supply chain attack on customers

The year closed with a massive SolarWinds cyberattack where threat actors utilized the company’s Orion network management platform to distribute the SUNBURST backdoor to customers.

This attack led to well-known companies and U.S. government agencies being breached, including:

  • FireEye
  • U.S. Department of the Treasury
  • U.S. National Telecommunications and Information Administration (NTIA)
  • U.S. Department of State
  • The National Institutes of Health (NIH) (Part of the U.S. Department of Health)
  • U.S. Department of Homeland Security (DHS)
  • U.S. Department of Energy (DOE)
  • U.S. National Nuclear Security Administration (NNSA)
  • Some US states (Specific states are undisclosed)
  • Microsoft
  • Cisco

Researchers later discovered that a second malware called SUPERNOVA was distributed by a different group of threat actors using the Orion platform.

Microsoft believes that the attacker’s end goal was to gain access to victim’s cloud data.

You May Also Like…