Whether it is a ransom, malware, denial of service attack, or more, any type of cyber attack can detrimentally affect the company, its clients, and even national security. Unfortunately, 2021 was no stranger to these instances. Here are 5 of the biggest cyber attacks of 2021.
1. Colonial Pipeline
In May of 2021, hackers, identified as DarkSide, accessed the Colonial Pipeline network, involving multiple stages against Colonial Pipeline IT systems. The attackers stole 100 gigabytes of data within two hours, received the personal information of over 6,000 from Colonial Pipeline, and infected the IT network with ransomware. This hack was the largest publicly disclosed cyber attack against critical infrastructure to ever take place in the U.S.
As a result of the cyber attack, Colonial Pipeline shut down their over 5,500 miles of pipeline from Texas to New Jersey which supplies almost half of the East Coast’s fuel. The pipeline was shut down for about five days, causing major fuel shortages. In order to enable staff to regain control of the system, Colonial Pipeline paid DarkSide hackers the ransom of 75 bitcoins, worth about $4.4 million at the time. Luckily, the FBI and US law enforcement recovered over half of the ransom by monitoring cryptocurrency movement and digital wallets.
Officials announced that the attackers gained access to the network because of a single exposed password for a VPN account. A pipeline employee likely used the same password for the VPN in another location, and that password was compromised in a different part of the data breach. Additionally, the VPN did not have multi-factor authentication in place.
2. Brenntag
DarkSide also targeted Brenntag, a global chemical distribution company. The hacker group encrypted data and devices, stealing 150 GB from the company’s North American division. Brenntag had to pay the $4.4 million ransom.
This attack was possible after attackers gained access to Brenntag’s network through stolen user credentials purchased on the Dark Web. If Brenntag’s network and policies exhibited a zero-trust framework, which gives employees only access to the information that they need, this attack would not have been possible.
3. CNA Financial
Hackers attacked CNA Financial, one of the largest companies in the U.S., in March 2021. The ransomware attack encrypted 15,000 devices and compromised the data of about 75,000 individuals, possibly including their names, health benefits information, and Social Security numbers. The company paid a ransom of $40 million in order to receive the decryption key needed to continue operations.
The cybercrime group Phoenix claimed responsibility for the attack which they carried out with their Phoenix Locker malware. This works by posing as a browser update for employees to install. Once employees install it, it moves throughout the network until it identifies sensitive data to send outside of the network before encrypting the data and launching the attack.
4. KASEYA
The cyber attacker group REvil targeted Kaseya, a company that manages IT infrastructure for many major companies worldwide. In July, REvil sent out a fake software update through Kaseya’s Virtual System Administrator, infiltrating the clients of Kaseya and their customers’.
REvil encrypted and held for ransom one million systems. According to Kaseya, the attack impacted about 50 clients and 1000 businesses. Notably, Coop, a Swedish supermarket chain, closed 800 stores for a full week because of the attack.
REvil demanded $70 million in bitcoin, but the FBI gained access to their servers and obtained the encryption keys. As a result, no ransom was paid and Kaseya’s clients’ IT infrastructure was restored. If it wasn’t for the FBI< this could have been the biggest cyber attack of 2021.
5. JBS USA
JBS USA, the biggest meatpacking company in the world, suffered from a cyber attack in the first half of 2021. The initial attack began in February when hackers, also thought to be REvil, pointed out structural vulnerabilities. The hackers carried out data exfiltration for months, finalizing the attack on June 1st once the exfiltration was complete. The hack would not have been possible if JBL used data exfiltration protection software which would have immediately alerted the company of security breaches.
JBS paid $11 million in bitcoin to hackers, one of the largest ransomware payments of all time. As a result of this attack, the company closed down its North American plants for two days and the national meat supply chain took a hit, leading to minor shortages and price hikes across the country.
What can change in 2022?
Many of these attacks could have been avoided if these companies had implemented adequate software and training.
For example, if Brenntag was equipped with Raytheon’s zero-trust security, REDPro ZTX, the software wouldn’t have allowed the stolen user credentials to have access to the data and information that it did. Or, if Colonial Pipeline implemented duo-factor authentication and enforced having different passwords for each account, the hackers likely would not have been able to access the network.
Looking towards 2022, companies have hopefully learned from the mistakes of others to implement better security and cyber-education to prevent these harmful events from occurring again. Additionally, in January of 2022, Russia dismantled the ransomware cybercrime group REvil at the United States’ request, the group responsible for the Kaseya and JBS USA attacks. This international collaboration to take cybercrime groups down could prove to be more prevalent as cyber attacks increase.