2021’s Biggest Cybersecurity Attacks (So Far)

There is no denying that cyber-attacks are on the rise. The recent uptick in remote work, and reliance on virtual networks, has opened the door for a growing hacker population. With more people online than ever before, there are also more hackers looking to exploit vulnerable entities that may not be fully protecting themselves. The attacks are also becoming more dangerous and sophisticated. In this article, we are going to break down the five most notable cybersecurity attacks that have occurred in 2021.

Top 5 Attacks

1. Colonial Pipeline

This attack was the result of a leaked password, giving hackers access to Colonial Pipeline’s computer network. The account hacked did not have multi-factor authentication, allowing for easy access into the company’s system. Cyber criminals installed ransomware on corporate files.  As a result, the pipeline was shut down, causing a widespread gas shortage in the southeastern United States. A ransom note was left for Colonial Pipeline’s employees to see. Colonial Pipeline ended up paying the $4.4 million dollar ransom and losing 100 gigabytes of data stolen by the hackers. Recently, the FBI was able to recover a little over half of the money sent, but it remains to be seen what effect this will have in the future.

2. Florida Water System

In February of 2021, a Florida water system was hacked.  Cyber criminals increased the level of sodium hydroxide in the water to dangerous levels. Fortunately, previous safeguards, and an attentive employee, were able to stop the contaminated water from reaching the public. While the water never reached the public, this is still a major concern for state facilities all over the United States.  This was not the first time a public utility plant had been hacked. Many facilities in various states have beefed up their security and training in response to this recent attack, although attacks targeting public facilities have been occurring more frequently in the recent years. No information about the hacker has been found.

3. Microsoft

At least 30,000 US organizations were affected by a hacking group who infiltrated businesses that used Microsoft Exchange. These hackers left webshells that allowed them to have administrator privileges over the victim’s computer. The hackers found four flaws in Microsoft Exchange Servers which they were able to exploit and use to gain entry. Organizations such as public schools, medical services, emergency services, government agencies, and many more, had to file reports that their system had been hacked. Each hacking affected businesses differently but each was the result of exploiting the vulnerability found in Microsoft Exchange. The flaws have since been patched, but the damage was already done.  Businesses that were hacked during the attack could still have malicious software sitting dormant in their computer.

4. Acer

This computer manufacturer was hit in conjunction with the Microsoft Exchange breach. Reports have it that the hackers used the flaws in the Microsoft Exchange Servers to infiltrate, steal, and encrypt hundreds of Acer documents and files. In addition, the group demanded a $50 million ransom to recover the stolen and infected files with a 20% discount if they paid before a certain date.  However, the hackers threatened to double the ransom if their original ask was not paid. Acer offered a sum of money but there have been no reports that any of the ransom was completed.

5. CNA Financial

Insurance Giant, CNA Financial, was hit in March by an attack that ended up costing the company $40 million in ransom fees. In this attack, records and important files were stolen.  A number of employees were also locked out of their computers while hackers waited for their ransom payment. This was the highest recorded ransom paid at the time.

Cyber attacks are on the rise.  Criminals target more than just the large corporations.  Small to medium businesses are at risk too.  These offenders target vulnerabilities within the organization, from the software down to the people.  To make sure your company does not become the next victim, here are a few safe work habits you can practice daily:

– Keep your programs and operating systems up-to-date

– Do not open, click, or download unknown files or links.

– Enable multi-factor authentication

– Manage and limit administrative permissions

– Use strong passwords that are changed on a regular basis

– Block suspicious emails, links, or websites

– Use a reliable security provider with access to firewalls and other network defenses.

Cii is committed to your security and well-being. Call today for a FREE assessment of your security risks and find out what solutions are right for you!