7 biggest cyberattacks of 2021 (so far)

Back

7 biggest cyberattacks of 2021 (so far)

It’s been a busy year for hackers.

The pandemic caused by Covid-19 and the resulting measures of social isolation and confinement have led to the widespread of remote work, which has triggered a dramatic increase in the number of data breaches.

According to a report by Hiscox, the percentage of companies that have fallen victim to cyberattacks has increased from 38% to 43% in 2021, with more than a quarter experiencing five incidents or more. Cybercrime is expected to cost the world $6 trillion by the end of the year.

Hackers are exploiting the pandemic to launch highly sophisticated cyberattacks in every possible industry. Some of the most common types of attacks are phishing, ransomware, malware, brute force, DDos and port scanning.

In this article, we will list 7 cyberattacks that have marked the year 2021, so far.

CNA Financial

March

CNA Financial Corporation (CNA), the entity that owns the North American insurer that is a benchmark in the commercial P&C (property and casualty) lines market, announced the attack in late March 2021, stating that it had been the victim of a sophisticated cyberattack.

Consequences of the cyberattack

The entity reportedly paid $40 million (about 32.8 million euros) to a group of hackers to regain access to its computer systems. According to Bloomberg, the ransom payment occurred about two weeks after the sophisticated cyberattack, which the insurer claims was detected and stopped on March 21.

The cyberattack reportedly blocked CNA employees’ access to the company’s network, but also stole data. The insurer said the attack caused operations to be disrupted and affected certain company systems. On May 12, CNA was able to get systems restored, thanking customers for their patience.

According to press reports, CNA said that the investigation into the incident concluded that the cybercriminals responsible for the attack belong to a group called Phoenix. The malware used (Phoenix Locker) is a variant of Hades, a ransomware used by a group of Russian hackers (Evil Corp).

Acer

March

Acer, the computer giant, suffered a ransomware attack carried out by the REvil group. The group successfully exploited a vulnerability in Microsoft Exchange – a Microsoft email service often used by businesses.

Consequences of the Cyberattack

The group that attacked Acer asked for $50 million, one of the largest ransoms on record. The Bleeping Computer website claimed that the REvil group accessed a vast number of confidential information from the Taiwanese manufacturer, including financial documents. The hackers reportedly shared images of the stolen files via their site as proof of the attack.

Acer clarified that it has actively cooperated with all relevant law enforcement and data protection authorities in various countries. However, the manufacturer explains that its internal security mechanisms proactively detected this attack and security, and precautionary measures were immediately initiated.

Colonial Pipeline

May

Colonial Pipeline, one of the leading pipeline operators in the United States, which transports diesel and gasoline over 8800 km in the country, had to suspend all its operations after suffering a cyberattack.

Consequences of the cyberattack

Colonial Pipeline paid almost $5 million to DarkSide, the organization that launched the cyberattack.

The transaction was reportedly made on the very day of the attack, May 7, Bloomberg reports, citing two sources close to the transaction who said the payment was made in cryptocurrencies – an untraceable payment method.

Despite having paid the cybercriminals almost immediately, the system took a while to restore, and the company even had to resort to its own system backups to resume full operation.

Colonial Pipeline CEO Joseph Blount told a U.S. Senate committee that the attack occurred using an old virtual private network (VPN) system that lacked multifactor authentication.

According to Katerina Goseva-Popstojanova, a cybersecurity expert at West Virginia University, “the Colonial Pipeline attack appears to be due to inadequate cybersecurity practices, which made it quite easy to break into the company’s computer systems and infect them with ransomware.”

JBS Foods

May

The US subsidiary of Brazilian agri-food giant JBS, one of the world’s leading meat companies, has been targeted by ransomware. Several servers were affected, and the incident forced the interruption of a large part of the group’s activities in Australia and the United States.

Consequences of the cyberattack

The ransomware sparked fears of food shortages and disruptions in the US food supply chain. The attack also highlighted the companies’ deep reliance on their systems, with reports of workers having to perform butchery tasks manually – something that hasn’t been done in years at meatpacking plants of this size.

Unable to access its systems, JBS USA eventually paid the $11 million (€9 million) ransom. The payment was made in cryptocurrency and according to the Federal Bureau of Investigation (FBI) the perpetrators of the cyberattack are the Russian-based hacking group known as REvil.

JBS has not commented on the vulnerability that allowed the criminals to gain access to the internal system.

The attack against JBS came just days after DarkSide, carried out the similar cyberattack against Colonial Pipeline.

Kaseya

July

Hundreds of companies using management software from US company Kaseya were the target of a cyberattack powered by potential Russian hackers. The attack took advantage of a flaw that allowed the distribution of ransomware through Kaseya’s Virtual System Administrator (VSA) software. Typically, this software provides a trusted communication channel that allows MSPs privileged and unlimited access to help companies with their IT environments.

Consequences of the Cyberattack

Because it provides information technology software to other companies, the attack on Kaseya generated a domino effect, affecting about 1,500 organizations in several countries. The hackers exploited a flaw in a virtual system administrator (VSA).

The REvil criminals, a hacker group whose origin experts associate with Russia, is the entity attributed with the cyberattack. The cybercriminals who launched the ransomware demanded a ransom of $70 million in Bitcoins to access the key (decoder) that would allow the stolen (encrypted) data to be recovered, but the company decided to cooperate with the FBI and the US Infrastructure and Cybersecurity Agency. Almost 20 days later, Kaseya used a universal decryption key to regain access to its data.

The attack on Kaseya shows how even IT companies can be vulnerable and be targeted by cybercrime. So, all companies can benefit from third-party security services, but they also need to apply their own data security tools and practices internally.

Brenntag

May

Brenntag is a German-based chemical distribution company with operations in 77 countries. Earlier this year, DarkSide targeted the company’s North American division, encrypting data and devices on the compromised network and stealing 150 GB of data.

Consequences of the cyberattack

DarkSide claims that it launched the attack after gaining access to Brenntag’s network through stolen user credentials purchased from Dark Web. This type of attack is becoming increasingly common and is incredibly difficult to combat using traditional cybersecurity technologies.

Brenntag made a ransom payment of $4.4 million to the DarkSide cybercriminal syndicate.

However, DarkSide would not have been able to steal 150 GB of valuable data if the Brenntag network did not allow privileged account holders to extract large volumes of data. There are very few legitimate reasons for an administrator to want to move that much sensitive data at once.

Stolen user credentials are often not declared and may even come with valuable administrative privileges. Cybersecurity professionals need to craft policies that display a zero-trust framework even for privileged account holders.

FBI

November

Hackers compromised the FBI’s external email system and sent thousands of emails from a US intelligence service account warning of a possible cyberattack. The cyberattack was confirmed by the agency itself and security experts.

Consequences of the cyberattack

In a statement, quoted by Reuters, the FBI clarified that the fake emails had been sent by an official FBI email address, which ended in @ic.fbi.gov.

Although the system affected by the incident “was taken offline quickly after the problem was discovered,” the FBI acknowledged that “this is a recurring situation.

Tens of thousands of emails were sent warning of a possible cyberattack, confirmed the Spamhaus Project organization, where it also showed a copy of the message that is “signed” by the US Department of Homeland Security.

It was unclear for now whether the emails were sent by someone with access to the FBI servers or whether hackers were involved in this incident.

Is your organization protected against cyberattacks?

The global shift to a remote working culture has leveraged cybercriminals to launch highly sophisticated cyberattacks.

Clearly, the year 2021 has been quite challenging for organizations in terms of cybersecurity. However, these recent data breaches serve to raise awareness for organizations to protect themselves and their customers from cyber threats.

Here are some of the security measures that are essential for your company to stay safe in these insecure times:

• Educate your employees to help them recognize and combat emerging cyber threats.
• Protect your email domains from phishing attacks.
• Keep all your software and applications up to date.
• Use a VPN connection to a protected network.
• Use multi-factor authentication.
• Rely on an experienced partner to help your company safeguard sensitive data and files.

Newsletter!

Subscreva a nossa newsletter e receba semanalmente todas as atualizações, com bónus de um ebook diferente todos os meses!