According to the 2021 SonicWall Cyber Threat Report the world has seen a 62% increase in ransomware since 2019. A figure that is set to rise further still as threats become more sophisticated and difficult to detect. This year has seen the nature of attacks shift away from theft to become more dangerous than ever before. We look Biggest Cyber Attacks of 2021
The Accellion Supply Chain Attack
The biggest “sleeper” attack of the year so far, the hacking of a little-known cloud company called Accellion didn’t get as much press as other hacks but had big implications worldwide. In December, the ransomware gang ClOP used security flaws in one of Accellion’s most widely used products to hack the files of dozens of prominent entities throughout the world. The victims included Shell Oil, about a half dozen American universities, a Canadian aerospace manufacturer, banks and transportation agencies, a telecom conglomerate in Singapore, and one of America’s largest supermarket chains, Kroger, among others.
Of course, as of this writing, 2021 is only halfway over. At the rate we’re going so far this year, these major hacks are unlikely to be the last.
Metropolitan Police Department Exposed
While maybe not one of the biggest attacks of the year, the hacking of Washington, D.C.’s Metropolitan Police Department was certainly one of the most dramatic incidents in recent memory—and showed a new willingness by ransomware gangs to target law enforcement agencies with increasingly dangerous tactics. The ransomware gang Babuk attacked MPD in April, making off with 250 gigabytes of sensitive internal data—including disciplinary files on past and current police officers, intelligence on local protest activity, and, most alarmingly, information on informants embedded in criminal networks scattered throughout the city. The hackers then threatened to leak the data if their demands of a $4 million ransom were not met. Cops were so distressed they offered to pay $100,000 for the files, though the hackers declined—and subsequently dumped everything online.
JBS pays $11m USD Cybercrime ransom
Brazil’s JBS, the world’s biggest meat processor, suffered a cyberattack that resulted in the temporary closure of operations in the US, Australia and Canada. The attack threatened supply chains and caused further food price inflation in the US, to prevent further disruptions JBS paid the $11m USD ransom. The criminal group responsible were described by the FBI as one of the most specialised and sophisticated in the world.
CNA’s $40 Million Ransom
CNA, one of the larger Insurance firms in the US sustained a serious cyber attack actually causing it to cease trading for a brief period. The breach caused network disruption and had an impact on certain systems like email. Third-party forensic experts determined that a new version of the Phoenix CryptoLocker Malware, a form of ransomware, was used
Twitch Data Dump
A gargantuan theft of data from Amazon-owned streaming giant Twitch has spilled vast swaths of the platform’s contents onto the internet for all to see.
On Oct. 6th, an anonymous leaker posted a 125GB cache of Twitch’s data to 4chan as a torrent. Among many other things, the leak included the company’s source code, internal company documents, and red teaming tools. It also revealed the salaries and other personal information of some of the platform’s biggest stars and channel operators—causing no small amount of controversy. Twitch has clarified that its data was actually exposed to the web as the result of “an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” In other words, Twitch got itself into trouble with its own security hiccup.
The anonymous culprit behind the leak claims to have carried it out to “foster more disruption and competition in the online video streaming space.” They also called Twitch a “disgusting toxic cesspool,” one that “we have completely pwnd.”
Colonial Pipeline’s DarkSide Intrusion
The Colonial Pipeline attack is likely the most important cyberattacks of the year so far—both for its ability to show the devastating potential of cybercrime and for the robust federal response it inspired. It also showed our country is still completely and utterly addicted to oil and will be for the foreseeable future.
In May, hackers affiliated with the ransomware gang DarkSide managed to get inside the network of Colonial Pipeline, one of America’s largest oil and gas companies. By temporarily halting the pipeline’s operations, the attack not only spurred a short-lived energy crisis throughout the Southeast—the likes of which devolved into a panicked melee at gas stations in multiple states—it also fundamentally shifted how the federal government approaches cyberattacks of this nature. Following the attack, the FBI managed to trace and seize a significant portion of the cryptocurrency ransom payment that Colonial made to the hackers—a somewhat unprecedented development. At the same time, the event helped to catalyze an accelerating government initiative to crack down on cybercriminals, including a new ransomware task force put together by the Justice Department and other defensive policies put out by the Biden administration.
Australia’s Channel Nine
The Australian broadcaster Channel Nine sustained an attack that rendered the channel unable to air its Sunday News bulletin plus other shows. The incident occurred at the same time as a suspected attack on Australia’s parliament in Canberra triggering concerns about the country’s vulnerability to cyberattacks in general.
A big protean mess that seems to have no real beginning or end, the “SolarWinds” hack will likely continue to influence the conversation around U.S. cybersecurity for years to come. The hack, which U.S. authorities believe involved Russian (and maybe Chinese) threat actors worming their way into the networks of major federal agencies and American companies via compromised software, helped said hackers gather untold amounts of intelligence on the U.S. government and private sector. While the incident was first publicized in December, subsequent disclosures about the extent of the hack have continued over the past six months, leading to multiple congressional hearings, audits, and investigations.
Despite being commonly referred to as “SolarWinds,” the hack actually involved a compromise of at least three different software firms, including SolarWinds, Microsoft, and VMWare, according to the Cybersecurity and Infrastructure Security Agency (CISA). A total of 12 federal agencies are confirmed to have been penetrated by the hackers—including the Department of Defense, the Department of Homeland Security, the Federal Aviation Administration, the judiciary, and NASA, among others. The hackers also allegedly wormed their way into the networks of major Fortune 500 companies.
Microsoft Exchange Server Attack
By exploiting vulnerabilities in Microsoft’s Exchange Server this mass Cyber attack affected millions of Microsoft clients in March of this year. 60,000 private companies in the US alone saw disruption from the attack plus nine government agencies