Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Halloween hackers: The scariest cybersecurity stories of 2020

By Jake Madders
halloween
October 30, 2020

It’s the season of ghouls, ghosts and outrageous costumes. But for CISOs and cybersecurity professionals, a bump in the night on Halloween is more likely to be a notification warning them of data breach than a spooky ghostly visitation. 

In the COVID-19 era, spookiness-as-a-service providers who rent out costumes or sell party products are likely to have a difficult time as lockdowns and home-working play havoc with businesses focused on in-person interaction. Yet for hackers, the dawn of a socially-distanced new normal has opened up vast numbers of attack vectors and given them new opportunities to target businesses or individuals. 

So what should you be worried about this Halloween? To help you work out the answer to that question, here are some of the scariest cybersecurity stories and trends of 2020:
 

Home-Work Hackers

The shift away from offices has been welcomed by many workers - but it’s made life difficult for tech support desks. When staff login from home, they open up doors for hackers and make firms more vulnerable to attack. In March, the US Cybersecurity and Infrastructure Security Agency issued a warning about enterprise VPN security. 

It wrote: “As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors. As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches. Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords.”

CISA offered the following advice to businesses: “Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.”

 

Coronavirus Ransomware

The pandemic has offered cybercriminals easy new ways to target victims with ransomware or other familiar techniques. Targets can be lured into downloading ransomware by promises of cheap masks, information about Covid-19 or some other treat. Then comes the trick: crooks seize data and then try to exhort a ransom. 

Europol warned: “The COVID-19 pandemic has made organizations like hospitals, governments and universities, more conscious about losing access to their systems and more motivated to pay the ransom. Criminals take advantage of this situation by running faster and more ransomware attacks, recruiting collaborators to help them maximize their impact and offering ransomware-as-a-service on the dark web. 

“It is now even more important to secure your systems. With most employees working from home, a ransomware attack on companies would cause more disruption than under normal circumstances.”

 

Israel Water Hack

This year, Israel has suffered several attacks on the systems which power its water management facilities. Intelligence sources said the hackers tried to modify chlorine levels in the water during one attack in June. Although they were thwarted, the hacks show how threat actors are looking to carry out attacks which hurt or even kill people. 

This time around, water providers were able to take a simple piece of preventative action to reduce the risk of disaster. The Israel National Cyber-Directorate (INCD) and the Water Authority sent out an alert to water treatment facilities urging them to change the passwords of internet-connected equipment with an “emphasis on operational systems and chlorine control devices in particular”. 

 

Critical Infrastructure At Risk

In July, it was claimed that critical US infrastructure in the US could be hacked by “anyone”. Research from CyberNews found that legacy Industrial Control Systems were vulnerable to attack, with oil wells, public water distribution systems and a sewer pump station left connected to the internet without even being protected by a password. 

If attackers gained control of these systems they could, for instance, turn off warning systems on oil wells or flood water supplies with sewage. In the event of a cyberwar, these systems could be a major target for enemy attacks - so it’s imperative that the US locks them down securely. 

 

Blue Leak Hack

In June, a hacktivist group linked to Anonymous published 10 years of police data in the form of a highly sensitive 269-gigabyte archive. The data was stolen from a Houston-based web development firm and obtained by a threat actor that used a compromised account and the firm’s content upload feature to pump malware into its system. 

Stewart Baker, an attorney at Steptoe & Johnson LLP and a former assistant secretary of policy at the U.S. Department of Homeland Security, said: “With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk. Every organized crime operation in the country will likely have searched for their own names before law enforcement knows what’s in the files, so the damage could be done quickly.”

The attacks show that if your company handles sensitive data, you are a target. Hackers are always looking for weakest links in the chain - so make sure your firm’s security practices are fit for purpose. 

 

Dark Web Data Explosion

A total of 15 billion passwords and account credentials are now circulating on the dark web, researchers warned this year. This follows a 300% rise in data theft since 2018. Most of the data belong to individuals - but businesses are also on the target list. The loss of sensitive passwords can cause expensive problems, so companies need to follow the latest password best practice to protect themselves. 

 

Nation-States On The Rise

This year, Britain finally admitted that it had offensive cyber-warfare capability. Which is just as well, because nation state hackers have been busy in 2020. 

In June, Google's Threat Analysis Group said that the Iran-linked hackers known as Charming Kitten had launched phishing attacks against President Donald Trump's reelection campaign, whilst Russia continued with efforts to “hack the US election” and North Korea’s infamous Lazarus Group hackers used LinkedIn to steal cryptocurrency. Businesses could easily get caught in the crossfire of a cyberwar, so it’s best to start shoring up their defenses immediately. 


 

Happy Halloween! 

We hope you have a great day on Halloween. But once work starts again on Monday, it’s time to start dealing with the real horrors lurking out there on the internet. And we have some more concerning news. 

According to Gartner, worldwide spend on cybersecurity will rise by 2.4% to reach $123.8 billion in 2020 - which is a much lower rate of growth than the 8.7% growth it predicted last December.  It warned that the coronavirus pandemic is “driving short-term demand in areas such as cloud adoption, remote worker technologies and cost saving measures”.

“Like other segments of IT, we expect security will be negatively impacted by the COVID-19 crisis,” said Lawrence Pingree, managing vice president at Gartner. “Overall we expect a pause and a reduction of growth in both security software and services during 2020.”

So what are you scared of this Halloween?

KEYWORDS: cyber security hackers risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jake madders   hyve

Jake Madders is co-director of Hyve Managed Hosting, a global tech firm based in England.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Security's top 11 scariest cyber facts for Halloween

    Here are this year's scariest cyber stats just in time for Halloween

    See More
  • Top stories of 2020

    The top stories of 2020

    See More
  • security-cyber-leadership.jpg

    Top 12 physical security, cybersecurity & risk management stories of 2022

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products

Events

View AllSubmit An Event
  • September 3, 2024

    From DDoS Protection to WAAP: How Layered Protection Enhances Your Cybersecurity Strategy

    ON DEMAND: By participating in the webinar, attendees will gain enhanced knowledge of cyber threats and understand the current spectrum of cyber threats facing businesses.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing