Infrastructure Security
2021: Breach News, Year in Review!
For most people, the year 2021 will be remembered for the infamous COVID-19 ongoing pandemic. However, for cyber criminals, it will be remembered as one of the most lucrative years to date. Cyber crime continues to grow, and in 2021, it reached heights like never before.
Take a look back at some of the biggest data breaches of 2021:
Financial services platform Robinhood made the news after disclosing a data breach on November 3. The company blamed the security incident on vishing. Threat actors obtained access to the organization’s customer support systems by obtaining system access over the phone. This is the same technique that proved successful in the 2020 Twitter hack. According to reports, after accessing the data, the cybercriminals then demanded an extortion payment to keep the data safe.
Bleeping Computer reported that two days after Robinhood disclosed the attack, a threat actor named ‘pompompurin’ announced that they were selling the stolen information of 7 million Robinhood customers’ for at least five figures, which is $10,000 or higher on a hacking forum.
Key Takeaway: Stock trading became trendy with meme stocks gaining traction on social media as new investors entered the market quickly and easily through apps like Robinhood. But FinTech and similar sectors also caught the eye of cybercriminals who stepped up their hacking efforts looking for quick scores of cryptocurrency and financial data.
Helpful Resource: Make sure you’re protecting your client’s credentials with strong security. That starts with building strong passwords with our resource Best Password Security Tips – How Hackers Steal Your Passwords.
On June 10, the hackers posted a thread on an underground hacking forum claiming to be in possession of EA data, which they were willing to sell for $28 million. According to reports, the hackers used the authentication cookies to mimic an already-logged-in EA employee’s account and access EA’s Slack channel and then tricked an EA IT support staffer into granting them access to the company’s internal network.
EA did not pay the extortionists, who then dumped the data on the dark web. Hackers leaked an estimated 751GB of compressed EA data containing FIFA 21 source code on a dark web forum.
Key Takeaway: Cybercriminals are hungry for data and that includes proprietary data about projects and products. This trend also tracks with medical research and pharmaceutical data.
Helpful Resource: Develop expertise in all things ransomware that will help you defend against threats to your data. This breach could have been prevented with Cyber Security Awareness Training.
Microsoft reported that suspected Chinese nation-state actors that it identified as Hafnium exploited a flaw in Exchange that gave them access to an unspecified amount of data or email accounts. In its blog, Microsoft stated that Hafnium had engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software.
Microsoft estimated that 30,000 or so customers were affected. This flaw impacted a broad range of customers, from small businesses to local and state governments and some military contractors. The hackers were able to steal emails and install malware to continue surveillance of their targets. Patches were quickly made available, but the damage had been done.
Key Takeaways: This incident had an impact that is still being measured. Companies that quickly patched the flaw fared better than companies that didn’t. This incident is a reminder that risk can come from unexpected directions at any time.
Helpful Resource: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to identify the different types of cyber attacks and how to combat them with our resource 7 Types of Cyber Security Attacks with Real-Life Examples.
A cyber attack crippled the healthcare system of the province of Newfoundland and Labrador on October 30. The ransomware attack hit scheduling and payment systems, causing interruptions in patient care including the cancellation of all non-urgent imaging and medical appointments as well as a reduction in chemotherapy sessions and significant complications for the province’s COVID-19 response.
Eastern Health reported that their payment systems to suppliers and vendors were also targeted by the attack.
Hackers stole personal information connected to both patients and employees in the Eastern Health and Labrador-Grenfell Health regions of Newfoundland and Labrador’s healthcare system in this attack.
Key Takeaway: Hacking and ransomware against everything medical was the big trend of 2021 as COVID-19 treatment and research data became valuable in dark web markets. Bad actors will continue to hunt for data from medical sector targets because it often results in a quick harvest of valuable PII and financial information.
Helpful Resource: Securing against ransomware has become so essential. Hackers have no conscience, and will use your data against you to extort you. You can protect yourself against ransomware with proper Business Continuity Solutions.
International meat supplier JBS SA was hit by a crippling ransomware attack in late May 2021. The world’s largest meat producer, Brazil-based JBS has operations in 15 countries and serves customers worldwide including the US, Australia and Canada.
The company said that it was immediately in contact with federal officials and brought in a “top firm” to investigate and remediate the incident. JBS initially stated that the attack only impacted some supplier transactions and no data was stolen, but later admitted that data was exposed. JBS ended up paying an $11 million ransom to the REvil ransomware group after the attack caused meat shortages across the US, Australia and other countries.
Key Takeaway: Industrial production of all sorts from food to computer chips was firmly in cybercriminals sights in 2021 as part of double and triple extortion ransomware operations, and that likely won’t change in 2022
Helpful Resource: How healthy is your cybersecurity culture? You should be testing your Network Security on a quarterly basis!
On May 6, 2021, a major Russian hacking gang successfully mounted a ransomware attack on major US fuel transporter Colonial Pipeline. The company is the operator of the largest fuel pipeline in the US, moving fuel into states on the Eastern seaboard, transporting more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor.
The point of entry for the gang was reportedly a single compromised employee password. Using that stolen password, the DarkSide affiliate slipped inside Colonial Pipeline’s security and inserted DarkSide’s ransomware. The company purportedly paid a ransom of 75 bitcoin or $4.4 million. In addition, the gang stole an estimated 100 gigabytes of data that had the potential to be highly sensitive. Shortly after this attack, DarkSide went dark for good.
Key Takeaway: Cyberattacks against infrastructure targets have become a hot topic, and companies that own and operate them should be cognizant of their elevated risk.
Helpful Resource: The hackers will always go after the weakest link in the cybersecurity chain, the end user. This hack would have never happened with proper Business Continuity Solutions, and Cyber Security Awareness Training.