Every year cyber criminals launch attacks against the public, governments and companies. As these attacks increase in frequency and severity, it can be helpful to look back on the year to examine the changing landscape of cybercrime and what we can do to prepare for it. We present our review of 2021: A Year in Cybercrime.
The Colonial Pipeline Attack
Some of the most worrying attacks of 2021 targeted infrastructure around the world. By far the largest attack was the attack on the Colonial Pipeline company in the USA. In this attack, the cybercriminal DarkSide ransomware installed on the computer systems of a large oil pipeline company that delivers gasoline to the United States. This attack caused enormous gas shortages for several days, leading to panic buying and the president declaring a state of emergency.
Colonial Pipeline eventually resolved the attack, which cost the company approximately $ 2.1 million in net cost. This damage estimate does not include costs to the United States due to fuel scarcity alleviation or the public panic associated with it. Similar ransomware attacks have taken place elsewhere, although not to the same extent. The French city of Angers was hit by ransomware on January 15th that affected municipal infrastructure. In March, cyber criminals attacked one of the largest financial institutions in the United States; CNA finance company.
The AXA attack
European insurance company AXA was another high profile victim of a ransomware attack. In May, the company announced that it would no longer secure ransomware attacks in France. A few weeks later, the Avaddon hacking group targeted the company’s Asian offices with a ransomware attack. While it is not certain whether these two threads are related, this is security specialist Brian Higgins’ leading theory.
France is one of the countries most affected by ransomware in the world. In response, the French government considered making the payment of ransom demands illegal, prompting AXA to change its policy. If Mr. Higgins’ theory is correct, it would mean that hacking groups feel encouraged to respond to government mandates with violence.
The Kaseya ransomware attack
Kaseya is a victim of ransomware with a global impact. While the general public may not necessarily know the name of the company, they provide services to many other companies. In July 2021, many of the company’s customers fell victim to a fake update that included ransomware on their networks. This malware then proceeded to lock down necessary systems that prevented many companies from either partially or fully functioning.
The hacker group REvil claimed responsibility for the attack and demanded $ 70 million in Bitcoin. An example of the damage caused by the REvil attack is the Coop shopping chain in Sweden. The chain in question temporarily closed 800 stores because they could not open any cash registers. One of the most troubling aspects of this attack is that large numbers of those affected were small businesses. Some cybersecurity experts claim that over 1000 small businesses could be affected by this attack.
Fortunately, in this case, the FBI managed to safely resolve the situation. Agents managed to gain access to REvil’s servers and find the ransomware encryption key used by the group. This enabled the FBI to safely restore all affected systems without paying a ransom.
The main takeaway from this attack is that it happened to an enterprise services company. Kaseya provides basic services to thousands of companies around the world. Even if the name of the company is unknown, cyber criminals clearly have them on their radar and can wreak enormous havoc with a single attack.
The CD Projekt Red Hack
The hacking group HelloKitty attacked the video game developer CD Projekt Red in February 2021. Data about the company’s video games and private information about various employees were stolen from the group. They then proceeded to release the information and threatened to release it if the company didn’t pay the ransom.
CD Projekt Red did not negotiate on the hackers’ demands. The end result of this hack was that the private data was auctioned off on the darknet and eventually went to an unknown buyer for an unknown amount. Since then, people have shared some of the information online, although it is not clear how much of it is publicly available.
What we have to learn from 2021
The greatest insight from the first third of 2021 is that the infrastructure of the countries is not safe from cyber attacks. The digital pandemic discussed earlier has led to a huge increase in the scale and number of attacks. However, governments and large corporations are struggling to keep up. One of the biggest changes that needs to be made in 2022 is making big companies hedge more effectively. This is especially true for companies that provide essential infrastructure that thousands or millions of people depend on.
It is vital that the world’s governments change their cybersecurity policies too. Most groups of hackers target companies from countries outside of the country in which they operate. Without far-reaching agreements to combat such groups, the problem will be difficult to deal with.
Even with new legislation, the problem of state-sponsored hackers will remain. Microsoft currently reports that 58% of government-sponsored hacker attacks come from Russia. The new legislation won’t be able to deal with hackers the government supports. That means the need for experts who understand the future of cyber warfare is greater than ever.
Protect yourself and your company in 2022
In 2022, it will be more important than ever for companies of all sizes to take cybersecurity seriously. If you own a business, make sure that every employee receives regular cybersecurity training. Repeated studies have shown that regular cybersecurity training could have prevented numerous attacks.
You should make sure that your company only invests in essential cyber services. Many attacks use web-based services, such as those used in the Kaseya attack, to breach multiple companies at the same time. Unless you need service to run your business effectively, try to keep your network as self contained as possible. All of these rules apply even more to a company providing essential services to the community.
If you are concerned about your cybersecurity, you can invest in our personal digital security management services. We adapt our digital security management to your company so that you receive exactly the help you need for your security. Book your free call today to discuss your business needs.
Featured image by Elena Abrazhevich from Shutterstock.com