A Look Back

9978826696?profile=RESIZE_400xThe Year 2021 was on fraught with numerous cyber attacks and ransomware lead the list.  Here is a look back at the biggest cyber incidents of 2021.  Over the past couple of years, it has become hard to ignore that the digital life we all live in is completely exposed to cybercriminals. Hackers are happy to take almost any opportunity to make money or have fun, from creating free gym memberships for their entire family to hacking into the energy systems of different countries.  Even though the year is just in full swing, the storm of cyber incidents never stops.  Let’s take a look at the biggest cyberattacks of last year.[1]

Kaseya - Perhaps this attack could be considered the “apocalypse among ransomware” or a big headache.  Whatever we call it, the malicious cyberattack on global IT provider Kaseya affected some 1,500 businesses worldwide, disabled local governments, shut down a popular Swedish supermarket chain, and worsened already strained relations between the US and Russia.  The cybercriminals spread the malware through a popular Kaseya software product called VSA.  Many of the victims were service providers and firms helping small businesses and government agencies to outsource IT tasks.  As a result, the malware infected hundreds of companies around the world.  A Russian-speaking group called REvil was behind the cyberattack, asking for $70 million in exchange for a “universal decryptor” that would unlock all files frozen by a single attack around the world. By mid-July, however, the group had just disappeared from the radar.   The attack is one of the largest of its kind the world has ever seen.

SolarWinds - The SolarWinds hack is likely to spark discussions about US cybersecurity for years to come.  According to US authorities, the hack involved Russian and Chinese hackers who penetrated the networks of major federal agencies and US companies through hacked software.  That helped the hackers gather a myriad of intelligence information about the US government and private sector.   Although the incident first came to light in December, subsequent disclosures about the extent of the hack have continued over the past six months, leading to numerous congressional hearings, audits, and investigations.  According to the Cybersecurity and Infrastructure Security Agency (CISA), even though the hack is commonly referred to as “SolarWinds,” at least three different software companies were hacked, including SolarWinds, Microsoft, and VMWare.  Bad actors have been confirmed to have infiltrated 12 federal agencies, including the Department of Defense, the Department of Homeland Security, the Federal Aviation Administration, the Judiciary, NASA, and others.  Hackers have also allegedly infiltrated the networks of major Fortune 500 companies.

Microsoft Exchange - As dramatic and sweeping as the SolarWinds bug was, what came after it was perhaps even more massive.  In March 2021, a variety of security flaws in Microsoft Exchange were discovered.  Bloomberg reported that vulnerabilities in Exchange led to at least 60,000 known victims around the globe, about 30,000 of whom were in the US.  However, that’s not all.  The bad guys took advantage of the window of opportunity and looted vulnerable servers as well as deployed many backdoors.

Colonial Pipeline - The attack on Colonial Pipeline, was also a big blow.  In May, hackers affiliated with the DarkSide ransomware gang managed to penetrate the network of Colonial Pipeline, one of America’s largest oil and gas companies.  The pipeline temporarily shut down, causing an energy crisis in the southeastern US that turned into a panic rampage at gas stations in several states.  But there was some good news, too.  The FBI was able to trace and confiscate a significant portion of the cryptocurrency ransom that Colonial paid to the hackers.

CNA – CAN is one of America’s largest insurance companies and focus on selling cyber insurance.  Ironically, they were attacked in March by a group of cybercriminals calling themselves “Phoenix” who successfully stole a large amount of data.  CNA paid the thieves $40 million, a number that is a record for publicly known payouts in such cases.  Cyber experts say the data obtained would enable more targeted attacks.  Although the ransom amount received will probably cause hackers to abandon future attacks and retire to hacker heaven.

JBS - In late May, JBS, America’s largest supplier of beef and pork, discovered that hackers from the REvil group had successfully hacked its networks.  The company reportedly paid hackers $11 million to decrypt its data.  What caused the attack remains unclear.  Perhaps the hackers were animal rights activist.

US Metropolitan Police Department – You may wonder why a local cyber-attack made this list?  It became one of the most dramatic in recent memory and demonstrated the willingness of cybercriminals to use increasingly dangerous tactics against law enforcement. The Babuk group took control of 250 gigabytes of sensitive internal data, including disciplinary files on past and current police officers, intelligence on a local protest activity, and, most disturbingly, information about informants embedded in criminal networks.  The hackers demanded a ransom of $4 million.  The police were so upset that they offered to pay $100,000 for the files, but the cyber criminals refused and subsequently posted everything online.  Stealing money is one thing, but these type attacks put people’s lives at risk.

Accellion - The hack of a little-known cloud company, Accellion, was the biggest “sleeper” attack of the year.  In December, a group of ClOP ransomware developers used security flaws in one of Accellion’s most common products to hack the files of dozens of well-known companies around the world.  Victims included Shell Oil, about half a dozen American universities, a Canadian aerospace manufacturer, banks and transportation agencies, a telecommunications conglomerate in Singapore, and Kroger, one of the largest American supermarket chains.

2022 lays ahead of us and time will tell what cyber attacks are around the corner.  Being proactive in your cyber security is a key to proper security.  We can help.  Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and offers pro-active solutions to protect your networks.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com     

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/3702558539639477516

 

[1] https://10guards.com/en/articles/the-biggest-hacks-of-2021/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!