According to the SonicWall Cyber Threat Report for 2021, cybercrime has gone up by 600% in 2021 as a result of many things, including the COVID-19 pandemic. As threats become more complex and difficult to detect, this number is expected to rise even higher in 2022. The nature of attacks has shifted away from thievery this year, becoming more deadly than ever before.
In a year of major cyber incidents we take a look back at ten of the most high-profile and significant cyber attacks in 2021.
- Ireland’s Health Service Executive (HSE)
Attack impact: 520 patients
Following a significant ransomware assault on May 14 2021, the government agency in charge of all public health services in Ireland shut down IT networks, and operations have yet to fully resume. While HSE systems were taken offline as a precaution and the National Ambulance Service continued to operate normally, numerous health services were impacted. Patients suffered delays and, in some cases, cancellations as a result of system failures.
HSE employees were forced to rely on paper records and were unable to access e-mail. However, hospital emergency rooms remained open, the national COVID-19 vaccination campaign was unaffected, and the testing system remained completely functional and operating. As a result of the incident, patients’ and HSE staff’s personal and medical information was obtained, along with some additional data.
- Attack on the University of the Highlands & Islands
Attack impact: 13 colleges & research institutions
Due to a cybersecurity breach, the University of the Highlands and Islands in Scotland was obliged to close all of its colleges and research labs to students on March 7th of this year. The attack was remarkable because it used the Cobalt Strike penetration testing tools, which is generally used for lawful purposes.
The investigation, conducted with the assistance of KELA, a worldwide darknet threat intelligence organisation based in Israel, indicated that UHI data had previously been posted on darknet sites and may have been utilised by hackers to carry out the attack.
According to its findings, approximately 8,000 ‘hacked credentials’ – such as email addresses and passwords – belonging to UHI personnel and students have been leaked or stolen, and may have been traded on underground online forums. According to KELA, a total of 100 ‘compromised accounts’ were discovered on malicious dark web sites, including one that showed access to Active Directory Federation Services — a Microsoft software component – ‘possibly tied to internal systems.’
- Bombardier Data Breach
Attack impact: 60,000 employees
In February 2021, Bombardier, a Canadian aeroplane manufacturer, announced that it had had a data breach that compromised employee, customer, and supplier information.
Bombardier’s headquarters are in Montréal, Canada, while the company’s manufacturing and engineering facilities, as well as its customer service network, are spread throughout more than 12 countries. The Corporation maintains a global fleet of 4,900 aircrafts in service with a diverse range of multinational organisations, charter and fractional ownership providers, governments, and private individuals.
The attackers who sought out Bombardier are thought to have acquired access using a zero-day vulnerability in Accellion FTA, a third-party web server used to host and distribute huge files, which allowed them to steal important information and post it on the Clop ransomware gang’s dark web page. Personal and other confidential information about employees, customers, and suppliers was compromised, according to forensic investigation.
- The Accellion Supply Chain Attack
Attack impact: 129,000 customers
When security software business Accellion’s File Transfer System was accessed and subsequently published online in March 2021, confidential data was stolen from multiple significant organisations.
Many of Accellion’s high-profile clients and customers were targeted by the hackers who perpetrated the breach. Big names like the Australian Securities and Investments Commission, Bombardier, Flagstar Bank, Kroger, Jones Day Law Firm, Qualys, Singtel, Reserve Bank of New Zealand, Royal Dutch Shell, Stanford University, Trinity Health, University of California, and University of Colorado are among the most well-known victims of the breach.
Despite the fact that this breach has harmed businesses from different industries, it is thought that the healthcare industry has been struck the most. This hack has also affected the US Department of Health and Human Services, as well as at least seven other healthcare companies in the United States. On the FIN11-operated CLOP Dark Web site, sensitive data belonging to many victims was discovered.
- Microsoft Exchange Cyber Attack
Attack impact: 30,000 organisations
Microsoft discovered various zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server on March 2, 2021.
Over 30,000 enterprises in the United States were targeted over the next several days as hackers exploited numerous exchange flaws to get access to email accounts and install web shell malware, granting the crooks continued administrative access to the victims’ servers.
On the same day, Microsoft said they feared the attacks were carried out by Hafnium, a previously unknown Chinese hacking outfit. Hafnium is suspected to be state-sponsored and operating out of China, according to the Microsoft Threat Intelligence Center (MSTIC). It was primarily targeting organisations in the United States across multiple industry segments and operating primarily via leased virtual private servers (VPSs) in the United States.
- AXA S.A
Attack impact: $1.85M paid in ransom
AXA France’s Asia Assistance business was struck by a ransomware attack just a week after the company’s cyber insurance policy was revised to exclude coverage for ransom payments. AXA revealed in a statement on May 18, 2021 that its Thailand, Malaysia, Hong Kong, and Philippines operations had been attacked by a targeted ransomware assault. As a result, Inter Partners Asia (IPA) in Thailand had access to specific data.
In essence, AXA said that it will no longer reimburse many of its clients for ransomware charges. The hacker group acquired access to a colossal 3 TB of data in this one-of-a-kind attack on a cyber-insurance corporation that made the news.
- Colonial Pipeline Company
Attack impact: $4.4M in ransom
Colonial Pipeline Co. discovered it had been the target of a ransomware assault on May 7, which caused petroleum supplies to be delayed for several days over much of the United States’ East Coast. Despite the fact that the ransomware mainly affected IT systems, the corporation decided to shut down its pipeline operations as a precaution. Colonial paid a $4.4 million demand despite having backups in order to come back online as soon as possible, it was later found.
The breach of Colonial Pipeline in late April received the most media attention of all the cyber and ransomware assaults in 2021. “The Colonial Pipeline attack had such an impact because the pipeline is an integral part of the national critical infrastructure system,” says Joe Giordano, director of Touro College Illinois’ Cybersecurity Program. “Gas supplies were disrupted all along the East Coast of the United States as a result of the system’s downtime, producing confusion and panic.”
Thankfully, much of the $4.4 million ransom payment was recovered by US law enforcement. The money was traced thanks to the FBI’s monitoring of bitcoin transactions and digital wallets. Finding the real hackers behind the attack, on the other hand, will be much more difficult.
- CNA Insurance Cyber attacks ceases trading
Attack impact: $40M in ransom
CNA, one of the major insurance corporations in the United States, was hit by a serious cyber attack that forced them to halt trading for a short time. The hack disrupted the network and had an impact on specific systems, such as email. A new version of the Phoenix CryptoLocker Malware, a type of ransomware, was deployed, according to third-party forensic analysts.
At the time of the attack, details were scarce, and while CNA worked quickly to engage a team of third-party forensic experts to investigate and identify the entire scale of the event, as well as engage with law authorities, it was unclear whether any company or client data had been stolen.
CNA’s systems were shortly discovered to be attacked with ransomware. In May 2021, Bloomberg reported that CNA had paid a $40 million ransom to hackers in exchange for the release of its systems and data. The individuals begged not to be identified because they lacked authority to speak about the topic.
- Acer Ransomware
Attack impact: $50M in ransom
Acer, a computer hardware company, was hacked in March 2021 and had to pay a ransom of $40 million USD, a world record at the time. REvil, a hacking collective, has claimed responsibility for the latest Acer data leak. They claimed to have made more than $100 million from large-scale extortion in a single year and how they want to make $2 billion from ransomware assaults.
REvil revealed their ransomware attack on Acer on their data leak site. Financial spreadsheets, bank balances, and bank messages were among the files stolen as proof of their involvement, which were provided as photographs of materials stolen as proof of their involvement.
- Quanta Computer
Attack impact: $50M in ransom
On April 20 2021, REvil ransomware operators attacked once more, this time targeting Apple laptop manufacturer Quanta Computer. Quanta revealed it had been assaulted by threat actors, who allegedly sought to extort both Quanta and Apple, in a statement on its website. Cooperation with technical experts from a number of external security firms was one of the response steps.
REvil had revealed ideas for a new laptop, including pictures for what appears to be a Macbook planned in March 2021. According to a chat-room transcript examined by Bloomberg, REvil sought $50 million for the decryption key.
The attack, according to Lior Div, CEO of Cybereason and an expert in hacking, forensics, reverse engineering, malware, and encryption, was a direct challenge from Russia to the Biden administration.
Cybercriminals come in many shapes and sizes, from lone hackers to international collectives to disgruntled workers. The variety of dangers facing businesses today far outnumbers what traditional cybersecurity solutions can address. With threats coming from all directions, today’s businesses require comprehensive security solutions that can defend them from bad actors on the inside, outside, and everywhere else. As we move forward into 2022 organisations must learn to protect themselves against a constantly growing number of cyber threats.
To discuss this article in greater detail with the team, or to sign up for a free trial of Salt Communications contact us on firstname.lastname@example.org or visit our website at saltcommunications.com.
About Salt Communications:
Salt Communications is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. Salt is headquartered in Belfast, N. Ireland, for more information visit Salt Communications.