The Biggest Hacks of 2021 (So Far)

Image for article titled The Biggest Hacks of 2021 (So Far)

Photo: MARTIN BUREAU/AFP (Getty Images)

This year, it’s become hard to ignore the fact that the digital lives we’ve all built for ourselves appear to be completely and utterly vulnerable to cybercriminals and spies.

Hackers came after our nation’s beer, hamburgers, or energy supply, making it known that they really don’t mind upending our way of life if it means making some cold hard cash. Meanwhile, a flurry of cyber-espionage has targeted some of America’s biggest companies and other organizations, showing that foreign spies have the resources to get into some of the networks that matter most. It’s enough to make you unplug your laptop and chuck it into the sea.

Before you do that, however, here’s a look back at the highlights from just this year (so far)—a whole lot of hacking in a short period of time. Read on and enjoy the paranoia.

2 / 11

Kaseya ‘Ransomware Apocalypse’

Kaseya ‘Ransomware Apocalypse’

Image for article titled The Biggest Hacks of 2021 (So Far)

Photo: David Zalubowski (AP)

Call it a “ransomware apocalypse,” or maybe just a huge pain in the ass. Whatever you want to call it, the malicious cyberattack on global IT provider Kaseya just ahead of the July 4 weekend has certainly screwed up a lot of stuff for a lot of people, affecting potentially as many as 1,500 businesses all over the world, bringing down local governments, shuttering a popular Swedish chain of supermarkets, and squeezing an already strained U.S.-Russia relationship at the worst possible time.

The attack, which infected a popular Kaseya software product called VSA, was used to spread malware to dozens of the company’s customers—many of which were managed service providers, or MSPs, firms that help small businesses and government agencies with outsourced IT tasks. As a result, the malware infected the MSPs’ customers, too, resulting in hundreds and hundreds of businesses being affected.

The cybercriminal gang behind the attack, the Russian-speaking group REvil, initially asked for $70 million in return for a “universal decryptor” that would unlock all of the files that the single attack has frozen worldwide. By mid-July, however, the group appeared to have gone underground, conveniently disappearing after making a mess of truly global proportions.

Yeah, even by recent standards, this attack is big—potentially one of the biggest of its kind the world has ever seen.

SolarWinds Megabreach

SolarWinds cyberattack Senate Intelligence Committee hearing on Capitol Hill

(L-R) Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021 focused on the 2020 cyberattack that resulted in a series of major data breaches within several U.S. corporations and agencies and departments in the U.S. federal government.
Photo: Demetrius Freeman-Pool (Getty Images)

A big protean mess that seems to have no real beginning or end, the “SolarWinds” hack will likely continue to influence the conversation around U.S. cybersecurity for years to come. The hack, which U.S. authorities believe involved Russian (and maybe Chinese) threat actors worming their way into the networks of major federal agencies and American companies via compromised software, helped said hackers gather untold amounts of intelligence on the U.S. government and private sector. While the incident was first publicized in December, subsequent disclosures about the extent of the hack have continued over the past six months, leading to multiple congressional hearings, audits, and investigations.

Despite being commonly referred to as “SolarWinds,” the hack actually involved a compromise of at least three different software firms, including SolarWinds, Microsoft, and VMWare, according to the Cybersecurity and Infrastructure Security Agency (CISA). A total of 12 federal agencies are confirmed to have been penetrated by the hackers—including the Department of Defense, the Department of Homeland Security, the Federal Aviation Administration, the judiciary, and NASA, among others. The hackers also allegedly wormed their way into the networks of major Fortune 500 companies.

4 / 11

Microsoft Exchange Hackathon

Microsoft Exchange Hackathon

A signage of Microsoft is seen on March 13, 2020 in New York City.

A signage of Microsoft is seen on March 13, 2020 in New York City.
Photo: Jeenah Moon (Getty Images)

As dramatic and massive a fuckup as SolarWinds was, what came next was possibly even more widespread: the discovery in March of a smattering of security flaws in Microsoft Exchange—a widely used email product—the likes of which set off a global epidemic of cyberattacks. At the time, Bloomberg reported that the vulnerabilities in Exchange had possibly led to “at least 60,000 known victims globally,” around 30,000 of which were inside the U.S. Many of the attacks were blamed on a group dubbed “HAFNIUM,” potentially located in China. However, the vulnerabilities set in motion what was basically a rat-king of hacker activity—with close to a dozen different cybercrime groups reportedly pillaging vulnerable servers and implanting backdoors.

5 / 11

Colonial Pipeline’s DarkSide Intrusion

Colonial Pipeline’s DarkSide Intrusion

Fuel holding tanks are seen at Colonial Pipeline's Dorsey Junction Station on May 13, 2021 in Woodbine, Maryland.

Fuel holding tanks are seen at Colonial Pipeline’s Dorsey Junction Station on May 13, 2021 in Woodbine, Maryland.
Photo: Drew Angerer (Getty Images)

The Colonial Pipeline attack is likely the most important cyberattacks of the year so far—both for its ability to show the devastating potential of cybercrime and for the robust federal response it inspired. It also showed our country is still completely and utterly addicted to oil and will be for the foreseeable future.

In May, hackers affiliated with the ransomware gang DarkSide managed to get inside the network of Colonial Pipeline, one of America’s largest oil and gas companies. By temporarily halting the pipeline’s operations, the attack not only spurred a short-lived energy crisis throughout the Southeast—the likes of which devolved into a panicked melee at gas stations in multiple states—it also fundamentally shifted how the federal government approaches cyberattacks of this nature. Following the attack, the FBI managed to trace and seize a significant portion of the cryptocurrency ransom payment that Colonial made to the hackers—a somewhat unprecedented development. At the same time, the event helped to catalyze an accelerating government initiative to crack down on cybercriminals, including a new ransomware task force put together by the Justice Department and other defensive policies put out by the Biden administration.

Twitch Data Dump

Image for article titled The Biggest Hacks of 2021 (So Far)

Photo: FREDERIC J. BROWN/AFP (Getty Images)

A gargantuan theft of data from Amazon-owned streaming giant Twitch has spilled vast swaths of the platform’s contents onto the internet for all to see.

On Oct. 6th, an anonymous leaker posted a 125GB cache of Twitch’s data to 4chan as a torrent. Among many other things, the leak included the company’s source code, internal company documents, and red teaming tools. It also revealed the salaries and other personal information of some of the platform’s biggest stars and channel operators—causing no small amount of controversy. Twitch has clarified that its data was actually exposed to the web as the result of “an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” In other words, Twitch got itself into trouble with its own security hiccup.

The anonymous culprit behind the leak claims to have carried it out to “foster more disruption and competition in the online video streaming space.” They also called Twitch a “disgusting toxic cesspool,” one that “we have completely pwnd.”

CNA’s $40 Million Ransom

A home computer.

A home computer.
Photo: Robyn Beck / AFP (Getty Images)

CNA, one of America’s largest insurance companies, has made a big push to sell cyber insurance—a product that, ironically, is designed to protect businesses from exactly the kind of scenario that CNA itself recently wound up in. In March, a ransomware group calling itself “Phoenix” attacked the company, successfully grabbing large amounts of its data. CNA should definitely get, like, an award or something for its subsequent philanthropic contribution to the digital underworld: the company allegedly paid their data-captors a whopping $40 million—a figure that certainly sets the record for publicly known payments in these scenarios.

At the time, security professionals commented on how dangerous it was that a hacker group may have gained control of cyber insurance policy holder information, as it could allow for more targeted attacks calibrated exactly to victims’ financial information. On the other hand, “Phoenix” operators may have been so rich after their big CNA payout that they just decided to call it a day, forego all future attacks, and retire to some undisclosed hacker paradise.

JBS Meets REvil

Butchers work at the popular Lapa Market March 20, 2017 in Sao Paulo, Brazil.

Butchers work at the popular Lapa Market March 20, 2017 in Sao Paulo, Brazil.
Photo: Victor Moriyama/ (Getty Images)

On May 30, JBS, a Brazilian meat processor that serves as America’s largest source for beef and pork, discovered that hackers affiliated with the ransomware gang REvil successfully compromised its networks. JBS then reportedly paid REvil $11 million for the decryption of their data—providing yet another example of the kinds of havoc a well-placed cyberattack can wreak on pivotal consumer supply chains. Between Colonial Pipeline and this, you’d start to wonder whether these hacker gangs were secretly a bunch of vegan, anarcho-environmental activists looking to teach Americans the error of their gas-guzzling, cow-slaughtering ways. Alas, no. They’re likely just ruthless opportunists, hellbent on extorting big money by hitting our country where it hurts the most: our love of all things environmentally unfriendly.

9 / 11

Metropolitan Police Department Exposed

Metropolitan Police Department Exposed

Image for article titled The Biggest Hacks of 2021 (So Far)

Photo: Ringo Chiu/AFP (Getty Images)

While maybe not one of the biggest attacks of the year, the hacking of Washington, D.C.’s Metropolitan Police Department was certainly one of the most dramatic incidents in recent memory—and showed a new willingness by ransomware gangs to target law enforcement agencies with increasingly dangerous tactics. The ransomware gang Babuk attacked MPD in April, making off with 250 gigabytes of sensitive internal data—including disciplinary files on past and current police officers, intelligence on local protest activity, and, most alarm ingly, information on informants embedded in criminal networks scattered throughout the city. The hackers then threatened to leak the data if their demands of a $4 million ransom were not met. Cops were so distressed they offered to pay $100,000 for the files, though the hackers declined—and subsequently dumped everything online.

10 / 11

Accellion’s Oil Spillover Flaw

Accellion’s Oil Spillover Flaw

Shell gas station.

Shell gas station.
Photo: Mario Tama (Getty Images)

The biggest “sleeper” attack of the year so far, the hacking of a little-known cloud company called Accellion didn’t get as much press as other hacks but had big implications worldwide. In December, the ransomware gang ClOP used security flaws in one of Accellion’s most widely used products to hack the files of dozens of prominent entities throughout the world. The victims included Shell Oil, about a half dozen American universities, a Canadian aerospace manufacturer, banks and transportation agencies, a telecom conglomerate in Singapore, and one of America’s largest supermarket chains, Kroger, among others.

Of course, as of this writing, 2021 is only halfway over. At the rate we’re going so far this year, these major hacks are unlikely to be the last.


Update 12:10 pm ET, July 13: Added Kaseya hack.

Update 6:10 pm ET, Oct. 7: Added Twitch hack.

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
GTA: The Remastered 3D Trilogy To Be Released In November 2021 thumbnail

GTA: The Remastered 3D Trilogy To Be Released In November 2021

On ne nous avait pas habitués à ça. Alors que l’on se préparait ainsi à ce que la remastérisation des trois premiers épisodes de GTA en 3D ne nous parviennent que l’année prochaine, il se pourrait finalement que la compilation ne rate pas 2021. Les premiers échos relatifs à une ressortie remastérisée des trois premiers…
Read More
Best Android Smartphones of September 2021 according to AnTuTu thumbnail

Best Android Smartphones of September 2021 according to AnTuTu

O líder desta tabela é novo. Hoje, a AnTuTu anunciou a lista de desempenho do telefones Android de setembro, estatísticas dos Benchmarks feitos entre de 1 ° de setembro e 30 de setembro de 2021, vale lembrar que estes rankings se baseiam na média dos resultados de cada modelo e não nas pontuações mais altas.…
Read More
Why Rust is emerging as developers’ favourite programming language thumbnail

Why Rust is emerging as developers’ favourite programming language

While programming languages like JavaScript, HTML/CSS, and Python remain the most commonly used languages among developers, some interesting trends have emerged over the last few years. Stack Overflow’s 2023 Annual Developer Survey found that, although Rust is in 14th place in the list of most commonly used languages, it ranks number one as the “most
Read More
Index Of News
Total
0
Share