2021: A Year in Cybercrime
Each year, cybercriminals perform attacks against the public, governments, and businesses. As these attacks grow in frequency and severity, it can be helpful to look back over the year to examine the changing landscape of cybercrime, and what we can do to prepare ourselves for it. We present our look back at 2021: A year in cybercrime.
The Colonial Pipeline Attack
Some of the most worrying attacks in 2021 targetted infrastructure around the globe. The biggest attack by far was the attack on the Colonial Pipeline company in the US. In this attack, Cybercriminal group DarkSide installed ransomware on the computer systems of a major oil pipeline company that supplies gasoline to the US. This attack caused huge gas shortages for several days, resulting in panic buying, and the president declaring a state of emergency.
The Colonial Pipeline company eventually resolved the attack, at a net cost to the company of around $2.1 million. This damage estimate does not include costs to the US as a result of mitigating the fuel shortage, or the related public panic. While not on the same scale, similar ransomware attacks happened elsewhere. The city of Angers, France was hit with ransomware on January 15th affecting municipal infrastructure. In March, cybercriminals attacked one of the biggest financial institutions in the US; CNA Financial Corporation.
The AXA Attack
European insurance company AXA was another high-profile victim of a ransomware attack. In May, the company announced they would no longer be providing coverage for Ransomware attacks in France. A few weeks later, hacking group Avaddon targetted the company’s branches in Asia with a ransomware attack. Although it’s not known for sure whether these two threads are connected, that is the leading theory of security specialist Brian Higgins.
France is one of the countries that has suffered the most from Ransomware in the world. In response, the French government has considered making paying ransom demands illegal, prompting AXA to change its policy. If Mr.Higgins’ theory is correct, it would mean hacking groups are feeling emboldened enough to respond to government mandates with force.
The Kaseya Ransomware Attack
The Kaseya company is a victim of ransomware that has global implications. While the general public does not necessarily know the company’s name, they deliver services to many other businesses. In July of 2021, many of the company’s clients fell victim to a fake update that injected ransomware into their networks. This malware then proceeded to lock up necessary systems which prevented many businesses from functioning, either in part or completely.
The hacking group REvil claimed responsibility for the attack, demanding $70 million in bitcoin. An example of the damage caused by REvil’s attack is the Coop shopping chain in Sweden. The chain in question temporarily closed 800 stores, as they were unable to open cash registers. One of the most troubling parts of this attack is that a large number of those effected were small businesses. Some cybersecurity experts claim over 1000 small businesses could have been impacted by this attack.
Fortunately, in this case, the FBI managed to resolve the situation safely. Agents managed to gain access to REvil’s servers and found the ransomware encryption key the group used. This allowed the FBI to safely restore all affected systems without paying a ransom.
The most important takeaway from this attack is the fact that it happened to a business service company. Kaseya provides essential services to thousands of businesses around the globe. Even if the company’s name is not well-known, cybercriminals clearly have them on their radar and are capable of causing huge amounts of damage in a single attack.
The CD Projekt Red Hack
The hacking group known as HelloKitty attacked video game developer CD Projekt Red in February of 2021. Data relating to the company’s video games, as well as private information relating to various employees, was stolen by the group. They then proceeded to ransom the information, threatening to release it if the company didn’t pay the ransom.
CD Projekt Red did not negotiate to the hackers’ demands. The final result of this hack was the private data was sold at auction on the dark web, eventually going to an unknown buyer for an undisclosed amount. Since then, people have been passing around pieces of the information online, though it is not clear how much of it is publically available.
What We Need to Learn From 2021
The biggest takeaway from the first third of 2021 is that countries’ infrastructure isn’t safe from cyberattacks. The previously discussed digital pandemic has seen a huge increase in the scale and number of attacks. However, governments and large corporations are struggling to keep up. One of the biggest changes that need to happen in 2022, is for large companies to secure themselves more effectively. This is especially true for companies that provide essential infrastructure relied on by thousands or millions.
It is vitally important world governments make changes to policy surrounding cybersecurity too. Most hacking groups target companies from countries outside of the one they’re operating in. Without wide-reaching agreements to tackle such groups, it’ll be difficult to deal with the problem.
Even with new legislation, the problem of state-sponsored hackers will remain. Currently, Microsoft reports 58% of state-sponsored hacking comes from Russia. The new legislation will not be able to deal with hackers who the government is supporting. This means the need for experts who understand the future of cyber warfare is greater than ever.
Keeping Yourself, and Your Business, Safe in 2022
Going into 2022, it’s going to be more important than ever for businesses of all sizes to take cybersecurity seriously. If you own a business, ensure every employee receives regular cybersecurity training. Repeated studies have shown regular education in cybersecurity could have prevented numerous attacks.
You should make sure your business only invests in essential cyber services. Many attacks use web-based services, such as those featured in the Kaseya attack, to breach many companies at once. Unless you need a service to run your business effectively, you should try to keep your network as self-contained as possible. All of these rules apply even more so for a company providing essential services to the community.
If you’re worried about your cybersecurity, you can invest in our personal digital security management services. We tailor our digital security management to your business, so you know you’re getting exactly the help you need to stay safe. You can book your free call today to discuss your business’s needs.
Featured image by Elena Abrazhevich from Shutterstock.com