Alan is one of the senior officers of a financial bank in Texas. Alan was looking to buy a Halloween costume and got an email about a sale happening at a store near his neighborhood. He clicked on the email to learn more about the offer. In a few hours, his computer, which had critical high-profile customer files and details got infected by ransomware.
While his company’s security team was investigating the incident, the ransomware spread rapidly and infected a couple of other high-profile systems in the network. The source of the infection was an email sent from Alan’s mailbox. The security analysts formatted the infected systems and restored the data from backups. They all breathed a sigh of relief. But what they didn’t know was that high-profile customer information was already stolen from their network and was on the verge of being sold on the dark web. Not only that, but all the passwords that Alan stored in his applications and browsers were stolen. The cybercriminals were ready to launch another attack. This time, bigger and better.
Spooky, isn’t it? Incidents like these have become all too common these days. Common, but still scary. Targeted phishing campaigns with highly sophisticated social engineering attack techniques, malicious software disguised as trusted services, highly successful ransomware 2.0 attacks, and more are the causes of some of the biggest and scariest data breaches of 2021.
Let’s take a look at 13 spooky security incidents that happened in 2021. Let’s learn from our mistakes and look forward to strengthen cybersecurity in 2022.
-
Kia Motors was hit by a ransomware attack
Kia motors, one of the subsidiaries of Hyundai, suffered a ransomware attack in early February 2021. Reports from CPO Magazine suggest that attackers demanded $20 million in order to return the locked files. The company acknowledged that they faced an extended system outage, but declined the claims of ransomware attack.
The attack was actually targeting Hyundai Motor America. This is a spooky example of how disruptive ransomware can be. When a global giant like Hyundai is vulnerable, are you sure you’re safe?
-
Accellion data breach
According to the PurpleSec, Accellion, an American technology company specializing in secure file sharing and collaboration, was attacked by cybercriminals. The attack affected more than 100 companies, organizations, government agencies, and more around the world. The attackers extorted data from Accellion and threatened to sell them online if a stipulated ransom was not paid. Accellion have not commented on the incident and with several client organizations falling prey to the attack, the attack is getting messier and more expensive.
This security incident is a reminder of how frequently attackers exploit vulnerabilities. Accellion was attacked first in December 2020. This attack was then followed by a series of attacks reported by several clients in February, May, and July of 2021. This was after the company’s claim to have successfully patched up the vulnerability.
-
Ransomware attack on Acer
According to Constellix, on March 2021, global computer giant, Acer, was hit by a ransomware attack. Attackers reportedly exploited a Microsoft Exchange vulnerability to gain access to Acer’s network. They also demanded $50 million in order to return the extorted data.
It was also reported that attackers deployed REvil ransomware, which was infamously used in the Kaseya ransomware attack later. Acer commented on the incident but declined to comment further on the ransom demands. This was one of the costliest breaches in 2021.
-
Ransomware attack on CNA Financials
The Chicago-based financial corporation CNA Financials faced a cyberattack on March 21, 2021, according to MSSP Alerts. The attackers exfiltrated data and deployed ransomware that locked the organization’s network.
After negotiating with the attackers behind closed doors, the financial giants reportedly paid close to $40 million in ransom in a desperate attempt to retrieve their accounts and data.
-
Facebook data leak
According to Business Insider, the information of 533 million users was stolen from Facebook in April 2021. Facebook has always been criticized for its lack of data protection and data privacy policies. Being the largest social media platform with over 2.85 billion active users, Facebook has constantly been subject to threats from bad actors. This is because of the availability of a vast amount of personal information of users, which can be used for illicit purposes. Additionally, the stolen data was also made available to anyone willing to pay a stipulated amount.
Imagine a threat actor having all of your photos along with other personal information. Scary, right?
-
Cyberattack on Brenntag
According to Business Insurance, Brenntag paid over $4 million in an attempt to retrieve stolen data. The German chemical giant was attacked by DarkSide ransomware group who threatened to release stolen data online if the ransom was not paid. With over 150 gigabytes of sensitive data at stake, Brenntag were forced to pay the demanded ransom.
-
Malware attack on Scripps Health
In May 2021, the personal information of over 147,000 patients was compromised in a cyberattack launched against Scripps Health, according to KNSD. A portion of Scripps Health’s IT system was offline for several weeks. The threat actors created copies of medical and personal records of patients before deploying ransomware. This disrupted the service provided by the organization and also forced them to maintain physical records of patients.
To make things worse, Scripp Health is also facing lawsuits filed by several of its patients for not protecting their personal and medical information.
-
Zero-day vulnerabilities exploit: Microsoft Exchange
Microsoft Exchange was subject to a major cyberattack in early May 2021. Four zero-day vulnerabilities were actively exploited by threat groups to deploy malware and backdoors in wide-spread attacks. What made it scarier was the fact that the affected users ranged from small and medium enterprises to global business giants irrespective of their network security posture.
According to Volexity, attackers were able to carry out RCE attacks successfully, exploiting vulnerabilities in authentication. The attackers were able to do this by creating a web shell to hijack the system and execute commands remotely.
-
LinkedIn data breach
On June 30, 2021, the information of more than 93% of LinkedIn users was made available online. Hackers posted sample data of 1 million users, according to a report on Restoreprivacy. Personal information of more than 700 million users was reportedly obtained by the attackers by exploiting LinkedIn’s API. However, LinkedIn declined the claims and stated that no private LinkedIn member data was exposed.
-
Kaseya ransomware attack
Kaseya IT solutions were affected by a ransomware attack in July 2021 that disrupted operations and locked the organization’s network. Attackers exploited zero-day vulnerabilities to bypass authentication and execute codes remotely. Once they compromised the VSA servers, attackers deployed REvil ransomware and demanded $70 million in Bitcoin for the decryption key. Though Kaseya tried shutting down cloud-based installations, the damage had already been done.
-
Saudi Aramco data breach
Third-party threats have always been a topic of discussion whenever people talk about cybersecurity. Saudi Aramco, a state-owned oil company in Saudi Arabia, was subject to a ransomware attack in July 2021. The company acknowledged the incident and reported that the data breach occurred because of a lapse of security at a third-party vendor’s end.
What makes the incident spooky is that the operations of the company were not affected by the attack, so it wasn’t aware of the attack right away. The threat actors demanded a ransom of $50 million to return the 1 terabyte of stolen Aramco data.
-
Cyberattack on Voicenter
Israeli communication company Voicenter was hit by a massive cyberattack in September, 2021. The attackers claimed to have extorted 15 terabytes of data from the company, including recordings of phone conversations and WhatsApp text messages between company employees and customers.
Voicenter confirmed that it was subject to a cyberattack. However, it claimed to have lost no sensitive information because of the attack.
-
Data exfiltration in Paris hospital systems
According to the TechXplore, hackers were able to get access to the COVID-19 test results of 1.4 million people from Paris hospital systems on September 2021. Though the health information of the individuals was not compromised, hackers were able to obtain sensitive information such as names, Social Security numbers, contact information, and more. The Paris hospital system officials stated that the compromised services were cut off immediately and a thorough investigation was carried out.
Key takeaways
-
Surge in ransomware attacks: Ransomware attacks have become all too common. Several organizations have been affected by ransomware attacks in 2021. According to PurpleSec, ransomware attacks are estimated to cost $6 trillion annually by 2021.
-
The extended network perimeter has increased the possibility of cyberattacks: The shift to remote and hybrid work environments has exposed several organizations completely. Lack of robust security measures to detect and defend against threats has resulted in organizations falling victim to unforeseen attacks.
-
Health and education industries are prime targets: Attackers have developed an interest in the health and educational industries. Most of the organizations in these industries faced cyberattacks that predominantly aimed to extort sensitive information about individuals.
Tips and tricks to deal with attackers
-
Keep tabs on the latest cyberattacks happening across industries, such as phishing and ransomware.
-
Monitor the activities happening in your network regularly.
-
Keep tabs on third parties who interact with your network.
-
Deploy a strong security information and event management (SIEM) solution that can monitor your network continuously and provide real-time reports.
-
Make sure the SIEM solution is also empowered with user and entity behavior analytics capabilities that can help detect anomalous user behavior on the go.
-
Review account permissions and privileges regularly.
-
Educate your employees on cybersecurity awareness and how to practice cyberhygiene.
In a nut shell, organizations must step up their network security by constantly monitoring their network for both internal and external threats and have a proper threat mitigation process in place to make their network attack-proof.