December 16, 2021
In a world that’s more digitally connected than ever thanks in no small part to the ongoing COVID-19 pandemic, cyber-attacks are on the rise. According to Experian’s recently released 2022 Data Breach Industry Forecast, this year “will be a sort of hangover from 2021’s ‘cyberdemic.’”
The report goes on to state: “Since so much of our lives now take place online, the digitization of society means that our infrastructure, institutions and personal lives are more exposed than ever to malicious actors. Big institutions remain vulnerable, despite spending millions on security, and cybercriminals have plenty of opportunities to exploit weak .”
Of course, it’s not just large companies that are at risk of potentially crippling data breaches. According to IBM’s most recent “Cost of a Data Breach” study, “Small businesses (less than 500 employees) saw an increase from 2.35 million in 2020 to $2.98 million in 2021, a 26.8% increase.” One widely quoted statistic puts the number of SMBs that go out of business six months after an attack at 60 percent. And not to pile on, but this VentureBeat story reports a whopping 490 percent increase in attacks on mid-sized businesses since 2019.
Verizon’s latest Data Breach Investigations Report pegged social engineering — by which people are duped into clicking on malicious links or divulging private information — as the most common method of attack. The same report concluded that 85 percent of all incidents include “a human element.” Ransomware is increasingly common, too, with instances up 62 percent since 2019 and total damage payouts expected to reach $265 million by 2031.
With all of that in mind, here are five of the most damaging cyberattacks of 2021 — the types and general targets of which will remain similar in 2022. In other words, keep your guard up. Or get it up if it’s not already. Better to be safe than sorry. Really, really sorry.
533 million. That’s how many Facebook users had their stolen personal information posted online by hackers, according to reports this past spring. Names, locations, email addresses and more were dumped into cyberspace for anyone to see — or use for nefarious purposes such as identity theft. Though Facebook claimed the data in question was stolen in 2019, that did little to minimize outrage and concern. “These are the pieces of data cyber criminals spend time searching for to perform social engineering attacks (a type of hacking) — but now they’re all in one place and easily accessible in this leak, which makes social engineering quicker and easier,” ethical hacker Rachel Tobac told CNN at the time.
Internal and published reports revealed that hackers exploited vulnerabilities in Microsoft’s Exchange Server mail and calendar software, both of which are widely used by government and corporate data centers around the world. Microsoft said the culprit was a state-sponsored entity dubbed Hafnium. Operating out of China, this “highly skilled and sophisticated actor…primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.” CNBC noted that the hack would “probably stand out as one of the top cybersecurity events of the year.”
This attack temporarily hobbled roughly 1,500 organizations by exploiting a couple of massive flaws in the Florida-based Kaseya’s tech management software. Perpetrated by the offshoot of a Russian gang called REvil, its effect was broad and deep, adversely impacting not only Kaseya but as many as 50 MSPs that used the company’s software. “MSPs…make an efficient vehicle for ransomware because they have wide access inside many of their customers’ networks, a Reuters story noted. “Kaseya’s software serves many MSPs, so the attacks multiplied before Kaseya could warn everyone, rapidly encrypting data and demanding ransoms of as much as $5 million per victim.”
One compromised password. That’s all it took to knock out the United States’s largest fuel pipeline. Sneaking in through a weakly protected virtual private network account, Russia-linked hackers known as DarkSide gained access to Colonial’s entire computer network. About a week later, the hackers sent a ransom note demanding cryptocurrency and the pipeline was shut-down as a precautionary measure while possible damages were assessed. “The company’s system transports roughly 2.5 million barrels of fuel daily from the Gulf Coast to the Eastern Seaboard,” a Bloomberg report noted. “The outage led to long lines at gas stations, many of which ran out, and higher fuel prices.” The pipeline was back in service a couple of weeks later, but only after Colonial paid a $4.4 million ransom to prevent nearly 100 gigabytes of stolen data from being leaked. In this case, the target got extraordinarily lucky and recovered most of its losses with government help.
Names, Social Security numbers and other private information was stolen by hackers in what CNA described as a “sophisticated ransomware attack.” The negative impact was reputational as well as financial. If they weren’t already, customers were suddenly exposed to the high probability of identity theft, since bad actors now had access to data that could be used to open new accounts or commit extortion. (CNA offered them two years of credit monitoring.) Internally, the Chicago Tribune reported, CNA suffered a “network disruption that affected certain systems, including corporate email. It also shut down the functionality of CNA’s website, reducing it to a static display.” The company ended up paying out a $40 million ransom “to regain control of its systems.” A drop in the bucket monetarily for an organization that did nearly $11 billion in revenues last year, but a crushing blow . At an SMB doing $11 million in revenue, a hit of $40,000 would have a proportional effect. Now multiply that many times over since the SMB breach costs smaller companies an average of $2.5 million. That’s massively painful if not catastrophic.
Now that you have a solid overview of some top security incidents in 2021, check out our related story on a fascinating new report. Among other things, it suggests that one of the keys to improving cybersecurity is better communication between CISOs and CEOs.
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.