The recurrence of devastating cyber attacks in 2021 reinforces the fear that cybercrime isn’t ending anytime soon. This rising persistence in attacks (and significant success cases) is highly discouraging despite the several cyber attack prevention measures most organizations have put in place. Clearly, companies and reputable individuals cannot obtain the relief they so desperately crave.
The following paragraphs are a short recount of the noteworthy hacking attacks that have succeeded this year. Here, it’s worth mentioning that we’ve barely spent six months in 2021, yet here we are!
Highlighting Ten Significant Cyber Ambushes in 2021
1. Channel Nine
Unknown hackers hit Channel Nine, an Australian broadcaster, in March 2021, resulting in the channel’s inability to air numerous shows, including its Sunday news bulletin. The attack included its Sydney headquarters, rendering the system’s publishing network inoperative as a few publishing devices suffered downtime too.
Channel Nine initially attributed the disturbing activities to “technical difficulties” before conceding that it was a ransomware attack.
2. Harris Federation
Harris Federation, London, suffered a ransomware hit in March 2021. This attempt left the network no choice but to disable the tools and email systems of over 40 primary and secondary schools in their care for a temporary while.
The results were unbelievable: more than 37,000 learners lost access to their assignments, coursework, and missives!
3. CNA Financial
In March, CNA Financial, a leader among the digitized insurance firms of America, suffered a ransomware assault. The attack was made using the Phoenix CryptoLocker malware, which is an upgraded form of ransomware.
CN Financial had to shut down services to customers and employees for three good days to prevent more damage.
4. Florida Water System
The motive behind this cyber attack remains shady, as the bad actor lent credence to Michael Caine’s some men just want to see the world burn. There was no financial intent on what would have been an incredibly devastating attack.
On February 5th, a hacker increased the sodium hydroxide amounts in the Florida water network from 100 parts per million to 11,100 parts per million. Their objective was to poison the water supply for reasons best known to them. Fortunately, they were soon kicked out after initially breaching Oldsmar’s computer system.
5. Microsoft Exchange Mass High-tech Attack
The Microsoft Exchange case scenario falls among the biggest cyber attacks in 2021 — thanks to the fact that it ran from January to March. The hackers capitalized on four zero-day susceptibilities detected in the Exchange Server to gain administrator privileges, control over technology support services, access to connected user devices, and access to user emails and passwords on the server.
Experts estimate that over 250,000 servers had been breached by March 9th. It’s suspected that the prolonged attack affected about 30,000 private companies and nine government agencies in the US alone.
This ransomware attack emphasizes the complexity and devastating consequences of a business-to-business data breach. As shown by recent cyber attacks, it’s no longer an issue of just meeting ransom demands or not. It’s now important to embrace a proactive and threat-informed dimension to a security strategy that assures an organization of its ability to thwart all forms of ransomware attacks.
— Stephan Chenette, Co-Founder & CTO of AttackIQ
6. Airplane Manufacturer Bombardier
In February, Bombardier, a reputable Canadian plane manufacturer, experienced a major data breach. This attack led to the exposure of sensitive information about suppliers, customers, and about 130 workers living in Costa Rica.
Investigations revealed that the hacker breached the network by exploiting a weakness in a third-party file exchange protocol. Additionally, the Clop ransomware gang leaked the stolen data on their dark web portal.
7. Computer Maker Acer
March 2021 came with the demand of the largest known ransom ever ($50 million), as the global computer giant, Acer, suffered a ransomware attack. There are suspicions that REvil, a cybercriminal group, spearheaded the hit.
The malicious cyber actors announced the data breach on their website and released a few of the compromised data.
8. University of the Highlands and Islands
The education sector isn’t excluded from these menacing cyber attacks. A good example is the March 8th assault on the University of the Highlands and Islands (UHI), resulting in the forced closure of all 13 colleges and research institutes managed by the school. All students couldn’t gain access to school services for a day.
Security experts discovered that the hackers used Cobalt Strike for the operation. Interestingly, Cobalt is a penetration testing kit used legitimately by security researchers.
9. Sierra Wireless
In March, Sierra Wireless, the multinational IoT device producer, suffered a ransomware ambush against its inherent technology systems, forcing the stop of works at its sites. However, customer products were safe from the attack, and the company resumed production within a week.
Safely ticked as one of the less-consequential cyber attacks in 2021.
10. Accellion Supply Chain
Accellion is a security software developer that ironically fell victim to an attack on its file transfer system (FTA). As expected, many high-profile clients were caught in the cross-fire. Some affected organizations are the Australian Securities & Investments Commission, telecom industry giant Singtel, grocery leader Kroger, digital security firm Qualys, and the University of Colorado.
The attack saw the compromise of numerous high-end and confidential data on the part of various companies.
The unrelenting success of cybercriminals in 2021 continues to point in a direction: we can no longer rely on the assurance of most Cyber security services providers. It’s up to organizations and popular figures to take security more seriously. The most recent cyber attacks have no specific pattern.
To avoid your company name in future lists like the above, you have to take extra measures. A smart step is to generate awareness on cybersecurity in your organization using tools like ThreatCop, as unsuspecting employers may be your most significant vulnerability.
Equip them with good response tools too, and conduct periodic assessments to check for vulnerabilities and penetration. In addition, it’s advisable to keep all systems updated, as outdated hardware or software may be penetrated by superior infrastructure. Lastly, implement multi-factor authentication (MFA) across all practical endpoints of your networks.