Cyber attacks have been on the rise year after year, and 2021 has been no exception. Cybersecurity Ventures stands by a prediction they made that cybercrime will cost the world $6 trillion annually by 2021, which has doubled since the $3 trillion in 2015.
With this rising cost, it’s more important than ever to create and utilize a strong cybersecurity plan to mitigate risk for your organization.
The silver lining is that with more attacks, we can take away more valuable lessons.
Here are six of the top cyber attacks of 2021 and what we can learn from them about improving your own organization’s cybersecurity:
JBS, the world’s largest meat supplier, faced a ransomware attack at the end of May 2021 causing their operations to halt at 13 of their U.S. processing plants and threatening the country’s meat supply.
AP News reported, “The attack targeted servers supporting JBS’s operations in North America and Australia. Backup servers weren’t affected and the company said it was not aware of any customer, supplier, or employee data being compromised.”
On October 6, 2021, the streaming service Twitch confirmed it had been the victim of a breach.
The BBC called it a “massive data breach” and reported that over 100 GB of data was leaked online. The information leaked contained the payment information on the service’s top streamers, source code, and other confidential information that the organization had not previously released.
Twitch responded by posting and updating a blog post as they released more information about the attack. Within this, they explained they had reset all stream keys for their users and provided specific information for how users can utilize their new keys.
They also stated in the blog post, “We take our responsibility to protect your data very seriously. We have taken steps to further secure our service, and we apologize to our community.”
In July 2021, IT management software developer Kaseya was the victim of a cyber attack. ZDNet reported that the threat actors found and attacked a “vulnerability in Kaseya's VSA software against multiple managed service providers (MSP)—and their customers.”
Estimates suggest that 800 to 1,500 customers may have been affected by this attack.
In response to the attack, Kaseya deployed their incident response team who notified their customers, took necessary precautions to ensure more customers weren’t affected, and otherwise ensured the situation was properly managed.
Google’s Threat Analysis Group (TAG) began sharing updates in January 2021 about a group that targeted security experts.
In order to connect with security experts, Google reported that “the actors established a research blog and multiple Twitter profiles to interact with potential targets.”
By immediately discussing this situation with the community, Google provided other cybersecurity experts with the knowledge they needed to keep themselves safe from this attack and others similar.
This attack caused a spyware breach on a number of Apple products. The attack was “known as a ‘zero-click remote exploit,’ which is considered the Holy Grail of surveillance because it allows governments, mercenaries, and criminals to secretly break into someone’s device without tipping the victim off.”
This allowed the threat actor to access the camera, microphone, texts, calls, and more on users’ phones without their knowledge.
Apple responded by immediately working to fix the problem and quickly released a new update to fix the vulnerability.
In May 2021, Colonial Pipeline was the victim of a ransomware attack that shut
down one of the largest US fuel pipelines. They provide gasoline, diesel, and jet fuel to 45% of the east coast of the United States.
DarkSide, a cybercrime group, took responsibility for the attack that required Colonial Pipeline to shut down all of its pipeline operations and pause IT systems.
Lessons Learned
Through each of these breaches, it’s easy to see that anyone can be a target of a cyber attack. This makes it crucial to ensure you have plans in place to mitigate risk and protect your organization.
One of the most effective ways to do this is through the people who work at your organization. In cybersecurity, even though we throw multiple layers of technology at the problem, more than 80% of breaches are caused by human error, action, or inaction. With better human risk management, you can transform your cybersecurity initiative.
Want to keep your team up to date on the latest cybersecurity attacks and our takeaways from them? Our latest Campaign-in-A-Box on the Kronos Ransomware Attack has everything you need to know and tips to help you and your team stay safe!