As the year draws to a close, we’re reviewing several of the top 2021 cybersecurity incidents and the impact they’ve had on the cyber threat landscape.
In early March, Microsoft revealed that security flaws in its Microsoft Exchange Server email software were being widely exploited. Hafnium, a state-sponsored hacking group, used four zero-day exploits to attack organizations running on-premises Exchange Servers. Upon compromising these servers, a web shell would be installed granting the attacker remote control over the server, allowing data exfiltration and malware deployment. At least 60,000 organizations were victims of the attack.
Colonial Pipeline, one of the largest oil pipelines in the U.S., was hit by a ransomware attack on May 6, crippling its billing systems. The attackers reportedly gained access to the network by stealing a single legacy VPN password. The pipeline was shut down to protect its operational systems. Resulting fuel supply disruptions caused flight reroutes and long queues at gas stations, prompting the Biden administration to issue an emergency declaration in 17 states.
Colonial paid the $4.4 million ransom and was able to resume pipeline operations on May 12.
A ransomware attack was launched on JBS over Memorial Day weekend, freezing the meat supplier’s systems and forcing temporary shutdowns of operations in Australia, Canada, and the United States. Although JBS was able to recover most of its systems using encrypted backups, it decided to pay the $11 million ransom to ensure none of its data was stolen.
Just before Independence Day weekend, vulnerabilities in global IT provider Kaseya’s Virtual Systems Administrator software were exploited to spread malware to Kaseya’s customers, including some managed service providers whose downstream clients’ systems were also infected. Up to 1,500 organizations had their data frozen by ransomware, including a Swedish supermarket chain that had to close most of its 800 stores.
In the aftermath of these major attacks, several key trends have come into focus: First, ransomware is now clearly the weapon of choice for cybercriminals. The potential for high rewards, such as those paid out by the Colonial Pipeline and JBS, and the growing ease of launching these attacks contributed to a doubling in their frequency this year. Additionally, devastating supply chain attacks, such as the Microsoft Exchange and Kaseya hacks, have highlighted the vulnerability of organizations to their IT vendors. Lastly, the Colonial Pipeline and JBS breaches put a spotlight on the risks posed to critical infrastructure. Recognizing these kinds of large-scale cyberattacks as a national security threat, the Biden Administration issued a cybersecurity executive order and subsequent set of initiatives this summer to enhance software supply chain security, harden critical infrastructure and mandate that federal agencies adopt zero trust architectures, which can minimize the impact of ransomware attacks.
As the threat landscape continues to evolve, MBL Technologies can keep you ahead of the curve and out of the headlines with our comprehensive cybersecurity services. Contact us today, and let’s get to work.