The year 2021 is rapidly drawing to a close. We decided not to bypass the New Year’s tradition and summarize its results. For us, 2021 was even richer than the previous one: we released new products (PT XDR, MaxPatrol O2, MaxPatrol VM), detected the activity of a couple of ART groups new to Russia and did not miss a single famous one, found and helped eliminate dozens of vulnerabilities, moreover – at the end of the year we also entered the stock exchange in direct listing mode … 😄
But our today’s article is about something else: after all, over the past few days, you are probably already tired of reading about the achievements and successes that companies are now reporting about in their blogs.
We decided to talk about the most high-profile and unprecedented cybersecurity events of the outgoing year, which will go down in history. Attacks and leaks hit both government organizations and state structures, as well as private business and the heads of ordinary citizens – in a word, no one was spared.
Colonial Pipeline attack
In early May, the Colonial Pipeline, the largest in the United States, fell victim to the DarkSide ransomware. As a result, the company’s network was encrypted, and the criminals became the owners of a large amount of data. The Colonial Pipeline was forced to suspend the fuel line. Two days after the attack the authorities announced state of emergency in 17 states and the District of Columbia. Some of the filling stations were temporarily closed, and the national average price for a gallon of gasoline rose to record levels over the past 7 years. Due to fuel shortages, American Airlines was forced to change some flights…
Behind the decryptor company paid the ransom in the amount of US $ 4.4 million.
Leaked identity cards of Argentine citizens
In mid-October it became known that attacker gained access to the Argentine government database, which contains information on all citizens’ identity cards. The data was put up for sale: the ID-cards of the entire population of Argentina turned out to be on the Internet, the entire stolen database contains information on more than 45 million citizens. As a confirmation, the attacker provided the data of 44 famous personalities, including the president of the country and politicians, and also offered to look at the data of any citizen of Argentina.
The perpetrator sold this data, allowing other attacks to be carried out, such as fraudulent attacks against users.
REvil attack on Kaseya
REvil attack on Kaseya in July 2021 affected more than 1,500 organizations that used the Kaseya VSA product to administer their IT infrastructure. The attackers exploited a 0-day vulnerability in a company’s product and attacked its customers. At the same time, the majority of Kaseya VSA users were MSP providers, that is, companies that manage the infrastructure of other customers. Thus, the criminals managed to infect thousands of corporate networks with the ransomware.
Companies around the world have suffered as a result of the attack, and ordinary people have felt the consequences. For example, a Swedish supermarket chain Coop was forced to close nearly all of its 800 retail stores for six days.
Memorial Health System attack
The largest ransomware attack on healthcare facilities in 2021 isHive attack on Memorial Health System… The attackers caused the IT infrastructure of three hospitals to collapse, disrupted several planned operations, disrupted the admission process and stole 1.5 TB of personal data, including medical information about patients. Subsequently, the group received a ransom of $ 1.8 million for a decoder and non-publication of the stolen information.
Attack on the Washington Police Department
The police department of the capital of the United States experienced a massive leak of inside information after ransomware attacks… The Babuk group has published thousands of confidential documents from the Metropolitan Police Department on the dark web. Hundreds of police files, informants, and intelligence reports were uncovered that include information from other agencies, including the FBI and the Secret Service.
Leakage of information from the police is considered very serious and dangerous due to the consequences that it can pose for officers and civilians, in the first place it is a threat to the lives of people.
JBS Foods attack
In June 2021, the world’s largest meat supplier JBS Foods underwent ransomware attackwhich affected IT systems in North America and Australia. Due to the attack, the company had to temporarily shut down all meat production in the United States. Despite the fact that JBS Foods was able to restore most of the systems from backups, the management decided to pay the attackers $ 11 million.
Demand for the largest ransom from Acer
In March, Acer, a Taiwanese electronics and computer manufacturer, was subjected to REvil ransomware attack, during which the attackers demanded one of the largest ransom amounts – $ 50 million. Confidential information was stolen, including financial documents, information about bank credit accounts, and information about employees. Against the background of news about the attack, the company’s shares are temporarily lost 1.64% in price…
Gas station attack in Iran
In the fall, Iranian authorities reported cyberattack to gas stations in the country. The attackers have hacked into the government system, which is connected to the gas station and provides citizens with subsidies for gasoline. The attack disrupted nearly 4,000 gas stations across the country. Iranian state TV channels reported queues of cars lined up at gas stations in Tehran, while the stations themselves were not working.
Twitch data leak
In October, the American streaming service Twitch announced on its Twitter account that it was a victim. cyberattacks… As a result of the leak, more than 100 GB of data was published in the public domain, including information about payments to streamers for 3 years, which caused a wave of discussions in the community.
Attackers also stole internal company documents, Twitch source code, security tools, and more. The listed data is of particular value – by analyzing the source code, including protection mechanisms, attackers can find previously unknown vulnerabilities that could potentially be used to attack both the streaming service and its users.
Well, for sweetness: Log4shell cyber pandemic
December 2021 will go down in history as time detecting zero-day vulnerabilities in the popular Apache Log4j logging library. Its exploitation allows remote code execution (RCE). The widespread vulnerability resulted in the Log4shell cyber pandemic. Many large companies have already reported that their solutions were vulnerable, including Cisco, CloudFlare, FedEx, GitHub, IBM, Apple, Amazon, Twitter, the developer of the game Minecraft and other… The Log4j library is used in many open source projects such as Elasticsearch and Redis.
Attackers began to exploit the vulnerability immediately after its publication. For example, it is already being used to distribute the Dridex banking Trojan and a number of ransomware.
Behind all these seemingly detached horror stories about gigantic leaks, encrypted or hacked data for sale, ransomware and cyber espionage, there are phrases that are quite understandable to every layman:
Lack of fuel,
Suspension of production,
Interruptions in food supplies,
Non-working gas stations,
· Disruption of planned operations.
And also tens of millions of dollars lost by private companies around the world and reputations destroyed.
This is the price we all pay for neglecting information security. Which everyone will pay if the attitude towards the importance of cybersecurity in the world does not change in the very near future.
What cyber incidents and attacks do you remember in the past year? Share in the comments!