In 2020, hackers were very active, and it was the year of the pandemic lockdown. In 2021, hackers continued to attack schools as well as health care facilities and critical infrastructure. The pandemic is still happening. Some people are working to stop it. Other people are trying to help. Governments are also doing things to stop the pandemic.
For now, the game continues. As John Scott-Railton, a researcher at the University of Toronto says, “2021 is the year where we are realizing that problems that we did not solve years or decades ago are coming back to haunt us.”
WIRED wrote about the worst data breaches. There were a lot of problems in the year. Keep an eye on your back and stay safe.
In early May, there was a problem with the Colonial Pipeline. The pipeline carries gas for cars. It is 5,500 miles long and goes from Texas to New Jersey. It shut down because of malware that make computers stop working.
As lines grew at gas stations, the Department of Transportation released an order to allow trucks with more fuel. The FBI says that it was the Russia-linked DarkSide ransomware gang that caused this problem.
In an attempt to resolve the incident, Colonial Pipelines paid a 75 bitcoin ransom worth more than $4 million at the time. This was one of the largest-ever disruptions of US critical infrastructure by hackers and it happened in 2021. It was part of a series of alarming hacks that finally seemed to have served as a wake-up call for the US government and its allies about the need to comprehensively address and deter ransomware attacks.
The SolarWinds hacking spree was one of the most memorable software supply chain attacks of 2020 and 2021. Kaseya, an IT management company, also got hacked. In July 2021, hackers associated with the Russia-based ransomware gang REvil found a flaw in Virtual System Administrator tool that is used by managed service providers to run IT for companies that don’t want to do it themselves. As a result of this interdependent ecosystem, attackers were able to exploit the flaw and access people’s information.
REvil set the ransom at $45,000 for many downstream victims and $5 million for managed service providers themselves. The gang also offered to release a universal decryption tool for about $70 million. Then they disappeared! At the beginning of November, the US Justice Department announced that it had arrested one of the key alleged perpetrators of the Kaseya attack-a Ukrainian national who was apprehended in October.
A company called Twitch, owned by Amazon, has been hacked. The hackers stole the company’s source code, which is very important. The data was 128 GB.
Twitch did not say that passwords were exposed in the breach. But they said that information about individual streamers’ incomes was stolen. In addition to the source code and information from as far back as 2019, there were also internal Twitch Amazon Web Services systems and proprietary SDKs that were taken.
Microsoft Exchange Hacking
A group of Chinese hackers Hafnium used the Microsoft Exchange Server to attack their targets’ email inboxes and even more broadly. They started attacking in January and attacked intensely in the first days of March. These attacks affected tens of thousands of US entities over that time period.
Hackers hit many victims, including small businesses and local governments. The campaign also affected organizations outside of the US, companies in Norway and Europe. Microsoft issued patches on March 2 to fix the problem, but many organizations took days or weeks.
Hacking With NSO Group Tools
In 2019, WhatsApp sued the Israeli spyware developer NSO Group. Apple also filed a lawsuit in November 2021 after there were many reports about NSO’s tools to infect iOS targets with its flagship Pegasus spyware.
In July, a group of people who study and report on human rights gave us new information about how many different organizations and governments might be NSO customers. They found a list of 50,000 phone numbers that NSO Group could spy on. These governments include Hungary, India, Mexico, Morocco, Saudi Arabia and the United Arab Emirates.
In December, Google researchers found out that the NSO malware is as good as elite nation state hackers.
At the end of May, a large meat company JBS SA had a major ransomware attack. Its subsidiary JBS USA said in June that it was the target of an organized cybersecurity attack. This means that some of its servers were taken offline and they had to work hard with law enforcement and an outside firm to fix this problem. JBS is headquartered in Brazil and has about 250,000 employees around the world. The backups were not affected, but some systems were still taken offline from this attack.
JBS plants in Australia, the US, and Canada faced disruptions. Those plants were attacked, which caused problems in the meat industry. Plants had to close down and some people lost their jobs. After that attack, there was another attack on a pipeline in America. It shows how important it is to keep our infrastructure safe.