A Look at the Top Cyber Attacks of 2021
Blog Article Published: 01/27/2022
This blog was originally published by TokenEx here.
Written by Valerie Hare, TokenEx.
Across the globe, recent cyberattacks have been occurring at an alarmingly high rate. Specifically, ransomware attacks are a major concern among today’s businesses, governments, schools, and individuals. Ransomware refers to malicious software that takes control over a computer or network by using encryption keys to restrict access to sensitive data. To regain access to this vital data, individuals or organizations must pay cyber criminals’ ransom demands, usually millions of dollars. Let’s look at the top cyberattacks of 2021 and the key takeaways from each incident. We will also discuss the importance of prioritizing data security and privacy to prevent hackers from gaining access to and control of your most sensitive information.
Top Cyber Attacks of 2021
SonicWall reported that there were 78.4 million ransomware attacks recorded in June 2021. Based on these numbers, this is about 9.7 ransomware attempts per customer for every business day. Unfortunately, these statistics will continue to rise as cybercriminals become more creative and adaptive to today’s evolving technology.
In May of 2021, a Russian hacking group known as DarkSide attacked Colonial Pipeline. Since Colonial Pipeline is a significant fuel provider, this ransomware attack seriously impacted petroleum, diesel, and jet fuel supplies across the East Coast of America. This group stole almost 100 gigabytes of sensitive data and threatened to publicize this information unless the fuel provider paid the steep ransom of $4.4 million in bitcoin.
Once the cyberattack hit the news, the public went into panic mode, with many people hoarding gas using flammable containers. To no surprise, several gas stations experienced fuel shortages due to supply disruptions and consumers panic-buying gas. Additionally, U.S. gas prices increased by six cents per gallon. Eventually, Colonial Pipeline paid the ransom to prevent further panic and fuel-supply disruptions for Americans.
After this gasoline nightmare, government officials discovered that the fuel provider’s cybersecurity measures could not prevent such an attack. While local law enforcement could recover most of the ransom fee, the FBI is still tracking down the hackers involved in the ransomware attack. The key takeaway here is never to underestimate cybercriminals’ ability to find weaknesses in your organization’s systems. If you handle any sensitive data, your business must implement a holistic security solution that prevents data from being compromised in a cyber attack.
In early May of this year, DarkSide also targeted a German-based chemical distribution company, Brenntag. The hackers stole 150 gigabytes of data from the company’s North American systems and encrypted data and devices from their compromised network. The cybercriminals demanded $7.5 million in bitcoins as the ransom. This chemical company paid $4.4 million, which was a little over half of what the hackers demanded. Indeed, this is recorded as one of the highest ransomware payments ever made.
To prove their claims, DarkSide shared a list containing details about the stolen data and screenshots of files found on the Dark Web. Specifically, this data consisted of stolen user credentials for sale online. Unfortunately, this type of cyberattack has become increasingly popular as many companies fail to have adequate security measures to prevent personal information from being compromised. The key message here is to limit users’ access and control over data to only what they need to accomplish. Greater restrictions on who can access data can mitigate the risks of that data being stolen.
Also, in May, a hacker group known as REvil attacked the popular Taiwanese computer giant, Acer. The hackers shared images of stolen files to show proof of breaking into Acer’s security systems. The compromised data included sensitive financial documents and spreadsheets. To access this data, the criminals identified a security vulnerability in a Microsoft Exchange server. In turn, this gave the group access to Acer’s leaked files and images. REvil has demanded $50 million as the ransom fee, but it is not confirmed if the computer manufacturer has paid it.
Like other global businesses, Acer is a prime target for ransomware attacks due to the massive amount of sensitive data they store and manage on their internal systems. While these attacks are unlikely to go away, this incident highlights how crucial it is to prevent hackers from accessing and compromising sensitive data. This includes implementing security measures designed to protect sensitive data, such as tokenization and encryption.
In Spring 2021, a large-scale ransomware attack occurred on JBS Foods, one of the largest meat-processing companies globally. The hacker group that attacked Acer is considered the responsible party for this cyberattack. While this incident did not stop food production, the company was temporarily forced to halt food operations. As a result, the national meat supply chain was slowed, which led to increased meat prices in grocery stores and restaurants due to the temporary shortages. Indeed, this company experienced costly downtime during the attack.
While JBS Foods could back up some of the compromised data, it still had devastating effects on the company and national meat supply chain. Instead of closing down their U.S. plants, the company ultimately decided to give in and pay the $11 million ransom fee in June. This marks one of the highest ransomware payments ever made in modern history. The important message here is to set up security solutions that prevent hackers from accessing and stealing sensitive data from an organization’s systems. Additionally, companies must regularly monitor their systems for signs of suspicious activity. Indeed, many companies do not discover foul play for months, which gives hackers ample time to sell or expose the leaked data.
REvil struck again by attacking Kaseya, a Florida-based company that manages IT infrastructure for big companies worldwide. The hacker group sent out a fake software update via the company’s virtual system administrator, giving the hackers access to Kaseya’s clients and their customers. This ransomware attack impacted one million systems, which were encrypted and held for ransom. In total, this attack affected 1,000 businesses. As a result of this incident, a Swedish grocery chain had to close 800 stores for a week during the attack.
The group demanded a whopping $70 million in bitcoin but failed in their attempts. Indeed, the FBI was able to gain access to the hackers’ servers and retrieve the encryption keys needed to resolve the compromised systems. In turn, Kaseya restored their clients’ IT infrastructures. The lesson learned here is to use security solutions to identify and prevent malicious software from infiltrating an organization’s networks and data.
In March 2021, one of the largest insurance companies in America, CNA Financial, was attacked by a hacker group that encrypted 15,000 devices, including remote employees’ computers. The ransomware attack compromised data for an estimated 75,000 people. Indeed, this leaked data included names, Social Security numbers, and health benefits details for current and former employees, as well as contract workers and their dependents. This attack is linked to the group known as Evil Corp, which used a malware called Phoenix CryptoLocker on this Chicago-based company.
A couple of months later, CNA Financial eventually paid $40 million to regain access to the compromised networkers. Like other incidents, this highlights how crucial it is to make data security and privacy a priority if you handle sensitive data on your internal systems.
Social Giants – Facebook, Instagram, and LinkedIn
Out of all the companies mentioned, you have likely heard about the data leak regarding the social giants – Facebook, Instagram, and LinkedIn. Several million social profiles from these platforms were exposed by a Chinese social media management company called Socialarks. When the world’s biggest antivirus review site, Safe Detectives Team, identified an insecure ElasticSearch database, they discovered that this database publicly exposed personally identifiable information (PII) from around 214 million social media users globally. Some of these users included big celebrities and social media influencers. This added up to 408 gigabytes of compromised data from users. Indeed, this data leak allowed anyone with the server’s IP address to gain information about millions of users, including full names, country, phone numbers, subscriber data, and other contact details.
While data scraping is not illegal, it is not allowed per the terms and conditions of social giants like Facebook, Instagram, and LinkedIn. Thus, the exposed database revealed that Socialark had unethically scraped 408GB worth of data from 214 million social media users. If your organization manages sensitive data, it is vital to take steps to protect this data from companies and individuals that aim to steal, expose, or sell it.
How Tokenization Can Help Your Business
As you can see, cyberattacks are an ongoing issue that requires businesses, governments, schools, and individuals to play an active role in protecting their data and taking cybersecurity seriously. Remember, it’s better to be safe than sorry. What can you do to improve your security strategy if you own a business that handles sensitive data? There are no one-size-fits-all solutions but rather a holistic security approach constantly improving and evolving to protect your most sensitive data.
Trending This Week
#1 Cloud Network Virtualization Benefits of SDN over VLAN
#2 Simple but Effective Tactics to Protect Your Website Against DDoS Attacks in 2021
#3 Understanding the OWASP API Security Top 10
#4 How to Choose a Zero Trust Architecture: SDP or Reverse Proxy
#5 3 Big Amazon S3 Vulnerabilities You May be Missing
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.