A Year In Review: 12 of 2021's Top Cybersecurity Events
Cybersecurity
January -- COVID Phishing Continues
As the COVID-19 pandemic continued into the new year, a slew of COVID-related cyber scams came with it. The primary method for this in January of 2021 was the classic email phishing scam. At this point in the pandemic, the cyber attackers chose to appeal to those empathetic to the struggles of individuals with Coronavirus and the healthcare workers who worked tirelessly to care for them. The COVID scams masked themselves as being emails for COVID Relief Efforts -- those who clicked the links to try and help their fellow humans were met with malicious links and compromised devices. Be sure to verify the legitimacy of senders and do not click on links from unknown individuals to avoid falling for such scams in the future.
February -- Florida Water Supply Put In Danger
One of the biggest cyber attacks seen this past February was the hacking of a water treatment facility in the city of Oldsmar, Florida. On February 5th, 2021, malicious actors hacked this water treatment system and attempted to infect the water with lye by increasing the levels of the chemical sodium hydroxide to levels which were more than 100 times the typically seen amount. The worker who monitors the system witnessed the malicious actors in real time from a remote location. The hackers gained access to the system twice through dormant, unmonitored software. Though the goal was to poison the water supply, no danger was ever actually imposed on the people of Oldsmar. This attack showed just one of the ways in which a cyber attack can have real harmful impacts on people physically.
March -- CNA Insurance Ransom
Chicago-based insurance company CNA was hit with a devastating cyber attacks in March of this year. The attack on the insurance giant resulted in personal information for more than 75,000 people being exposed including types of data such as names and
Social Security numbers. In addition to the data leak, CNA's internal email systems and external customer websites were shut down and rendered unusable. The hacking group Phoenix was responsible for this attack and they used the Phoenix Locker malware to carry this out. A $40 million ransom was demanded of the insurance company and after roughly two weeks of waiting, CNA obliged and paid out the massive ransom.
April --Brenntag Bitcoin Ransom
$4.4 million in Bitcoin was paid out by chemical distribution company, Brenntag, to Ransomware-as-a-Service (RaaS) group, DarkSide, following ransomware attack in April of 2021. The Essen, Germany-based chemical giant allegedly suffered the loss of over 150 GB of data including financial information, accounting and HR data, contracts, NDAs, marketing plans, legal information, and chemical formulas. The hackers initially demanded 133.65 Bitcoin (roughly $4.8 million) but, following negotiations, settled on the payment of $4.4 million worth of Bitcoin from Brenntag in mid-May.
May -- The Colonial Pipeline Hack
Arguably the most talked about attack of the entire year occurred in May of 2021. The Colonial Pipeline, whose 5,500 miles of pipeline services the East Cost, was hacked. Though no real impact was made to the supply of gas, citizens of the states which are supported by the pipeline panicked and the gas pumps saw temporary pandemonium not seen in many years. Because this attack was targeted at a pipelines which moves oil from refineries to industry markets, it was deemed a national security threat. Yet another hack at the hands of RaaS group, DarkSide, the attackers were able to steal 100 GB of data within 2 hours. The pipeline was shut down to prevent any further attack, but data had already been stolen, forcing the Colonial Pipeline to pay up a ransom in order to get back up and running safely and soundly. This attack in particular raises many concerns among citizens about the in-person impacts which can be seen as a result of a cyber attack.
June -- LinkedIn Professionals' Info Out on The Dark Web
700 million LinkedIn users had their data stolen in 2021. Not only did they have their personal information such as name, phone number, professional title, and email address taken, but this information was available for sale on the dark web. When you hear about this scenario, you may jump to the conclusion that this is a data breach, just like the ones many other companies succumb to -- but not this time. According to LinkedIn, there was no data breach, rather, they stand firm that this is a case of data scraping. Data scraping is a type of cyber attack that many of us are less familiar with than we are with ransomware, malware, and phishing scams -- this is a laborious attack in which malicious actors online take information which is publicly available on a website and condense it into a spreadsheet. Though this may seem more mundane than those attacks which take hold of Social Security numbers, home addresses, and other information of that level of sensitivity, all of the information stolen in this attack, when grouped together, can be used to drive spear phishing attacks (or highly targeted and sophisticated phishing attacks).
July -- $70M demanded of Kaseya
Among the top 10 biggest attacks of the year was the ransomware attack on Kaseya. The hacking group REvil executed this attack by exploiting a flaw in the Miami-based business's remote monitoring tool in order to compromise 60 MSPs and encrypt the data. The group then demanded a ransom of $70 million to return the stolen data to the company -- nineteen days after the attack, however, Kaseya obtained the universal decryptor key and was able to retrieve the stolen data without paying the ransom. The DOJ made two arrests tied to this attack in November of 2021.
August -- Accenture Ransom Attack
Ransomware group, LockBit, demanded a $50 million ransom of Accenture -- information which was made available to the public in August of this year. The ransom was demanded after the group had allegedly already stolen six terabytes of data from the company and was requested of the business so that the group would not leak the stolen data. One source claims that the ransomware group released over 2,000 files from the company for a short period of time on August 11th -- it was later admitted by the hacking group that they used credentials which were stolen in the attack on Accenture to go after an airport which was a customer of the consulting giant. This is an unfortunate example of the domino effect that can follow a cyber attack on a company which has other businesses as customers. It is incredibly important to protect your corporation so that those companies who choose to conduct work with you do not fear for their network security.
September -- New Zealand DDoS Attack Disrupts Mail Systems
In September, numerous mail and banking businesses in New Zealand were hit with a DDoS attack. A DDoS, or distributed-denial-of-service, attack is an attack in which a malicious actor utilizes multiple devices to send superfluous traffic to a specific target in attempts to block legitimate traffic from gaining access to the site by overwhelming the site with more activity than it can handle. In 2020, the New Zealand Stock Exchange (NZX) was also hit with DDoS attacks and this year's attacks are believed to be tied to the same criminal gang which has launched similar campaigns against some of the world's biggest financial service providers followed by ransom demands in the form of Bitcoin payment.
October -- Twitch Data Breach
Twitch is a highly popular streaming platform in which users can connect with their favorite gamers and celebs with a focus on eSports and video game live streaming. In October 2021, the company encountered a severe data breach which leaked information including streamer earning records. The gaming platform stated that the security incident was caused by "a server configuration change that allowed improper access by an unauthorized third party." Twitch has also made it clear that no usernames, passwords, or financial information was stolen in the breach.
November -- Seven Million Robinhood Profiles For Sale By Hackers
Online trading and investing company, Robinhood, recently encountered a data breach in which 7 million user account credentials were made available for purchase on a popular hacking forum. This breach was carried out by the malicious actor by gaining entry through an employee account. Information stolen in this attack includes email addresses for 5 million accounts, 2 million user full names, and an especially unlucky 300 users had their name, zip code, and birthdate stolen and listed for sale.
December -- Device Vulnerabilities Surge
Hundred of millions of US devices saw increased vulnerability risk in December 2021 due to a new software vulnerability. According to Jen Easterly, director of the US Cybersecurity and Infrastructure Agency (CISA), this is an incredibly severe vulnerability; Easterly reportedly stated, "this vulnerability is one of the most serious that I have seen in my entire career, if not the most serious." Officials have stated that it is up to businesses and cybersecurity experts to determine how to combat this vulnerability and to determine whether or not their operations have been impacted by this. Hackers are actively exploiting this vulnerability, so it is essential that everyone act fast to resolve this.
2022 will most certainly bring with it its own slew of cybersecurity risks, vulnerabilities, and attacks -- in an effort to protect essential information and systems from detrimental cybersecurity faults, it is essential that businesses and individuals alike take the time to learn from these attacks. As George Santayana once said, those who do not learn from the past are condemned to repeat it. Let's all hope (and work toward) a more cyber-secure year in 2022. Happy New Year!
