For the past few years, we have seen an uptick in cyber-attacks around the world. The pandemic made things even worse, and now we see its consequences. Government agencies, schools, cities, gas pipelines, and major organizations have fallen victim during the first quarter of 2021. Understanding what has happened will allow us to prepare for the coming months.
In this article, we want to guide you through the worst cyber-attacks we’ve seen this year. What happened, how did the organization reacted and responded, and how they recovered from it.
1- Florida Water System
The date was February 5th. A plant operator noticed how the cursor of his computer started moving across the screen and opened software functions that controlled the water treatment for the Florida west coast. The hacker was able to boost the level of sodium hydroxide in the water by 100.
It is important to note here that poisoning from sodium hydroxide can cause burns, vomiting, severe pain, and bleeding. Fortunately, the operator quickly responded, reverted the levels to normal, and reported the situation to his superiors. Although the sheriff explained that the system has safeguards that prevented the contaminated water from being released to the public, this episode shows the lack of controls and training in the water systems around the country. Cyber-attacks could have put public health at risk.
2- CNA Financial
One of the largest insurance companies in the country fell victim to a ransomware attack earlier this year. It all happened when employees got locked out of the company’s systems due to a network disruption caused by a sophisticated cyber-attack on certain CNA systems.
People familiar with the attack explained that CNA first attempted to resolve the matter without engaging with the hackers’ organization. One week later, they started negotiating and then agreed to pay $40 million to restore access to its systems. This amount is 10 million higher than the biggest ransom reported last year.
According to a spokesperson, the insurance firm followed all the laws, regulations, published guidance, and worked closely with the FBI and the Office of Foreign Assets Control.
In March, the Taiwanese computer and electronics brand reported “abnormal situations” in their IT security controls. It was revealed that they were hit by a REvil ransomware attack that demanded the largest ransom to date, $50 million, and they stipulated that if they did not pay by a certain date, the price would double.
While Acer tried to keep the situation off from the press, the threat actors revealed documents such as bank balances and spreadsheets that made clear that they had gained access to the company’s financial information, clients’ lists and that a ransom attack was going on.
Allegedly, this all happened because of a vulnerability in a Microsoft Exchange server that was exploited, giving the hackers access to Acer’s files and sensitive information.
4- Colonial Pipeline
One of the cyber-attacks with the most news coverage this year, as it directly impacted the gas supply for the East Coast of the United States while causing panic and chaos.
The DarkSide, a criminal hacker group, based in Eastern Europe, was responsible for shutting down the pipeline for several days in what appears to be the largest attack on an American energy system. Operations were restored after Colonial paid a ransom of 4,4 million dollars worth of bitcoin.
All the chaos, gas shortages, and price spikes were a consequence of a leaked password to an old account with access to the VPN used to access the company’s server. This puts in evidence the urge to implement cybersecurity training for all employees, reviewing the organization’s identity, access management policies, and security controls.
Earlier in April, the USA National Basketball Association was hit with a cyber-attack that mainly affected the Houston Rockets. The team claims that they could quickly detect the intrusion and respond, reducing the damage to its operation. But, according to Bloomberg, the hacker group Babuk was able to get ahold of at least 500 gigabytes of information, including financial data, non-disclosure agreements, and contracts.
The criminals posted a message on the dark web claiming for a ransom to return the stolen data, or they would post all the information online. As we write this, there is no proof that a ransom has been paid.
6- Microsoft Exchange
A Chinese cyberespionage group uncovered and exploited four newly discovered vulnerabilities in the email software, putting at risk over 30,000 organizations and government agencies in our country.
Microsoft explained that the hackers were taking advantage of these flaws to conduct targeted cyber-attacks on email systems used by different industries, especially on organizations related to infectious disease researchers, law firms, and higher education institutes. And they stated that the criminals were putting at risk any unpatched Exchange server worldwide.
Basically, in each unpatched server, the attackers left a “web shell,” a hacking tool that grants them administrative access to the computer and servers. Along with the US Cybersecurity & Infrastructure Security Agency (CISA) and security companies, Microsoft worked quickly to revert the damages caused by releasing an update to the system and providing mitigation guidance.
Accellion, an IT security firm owner of a secure file sharing and collaboration software, was the victim of a cyber-attack related to a security flaw in their software that put at risk over 30,000 organizations, including companies, government agencies, hospitals, and universities.
A report stated that it all happened in December when a vulnerability in the file transfer software was first exploited and then again in January. Six months have gone by since then, and the attack continues to leave a mess behind. Morgan Stanley, NSW Health, University of Colorado, Grocery Giant Kroger, and many others have released information about stolen or missing data.