2021 was a year of digital transformation accelerated by the pandemic. The widespread adoption of remote and hybrid work resulted in employees being more reliant than ever on technology. A consequence of this reliance on technology was the huge rise in the frequency and severity of cyberattacks, across all industries and business sizes. Many of these attacks were ransomware attacks carried out by a growing number of ransomware threat actors, however there were also some major data breaches, DDOS attacks and supply chain compromises. As we head further into 2022, we discuss 5 of the worst cyberattacks from last year.
SolarWinds Supply Chain Trojan Attack (Worldwide)
This highly sophisticated trojan attack started in September 2019 and lasted until 2021. Russian state actors are suspected of being behind it with thousands of organisations being affected. Some victims include the US government, Microsoft, Intel, and Cisco. In September 2019, threat actors gained unauthorised access to the SolarWinds’ network. The hackers lay dormant until February 2020 when they injected malicious code into SolarWinds’ infrastructure monitoring and management platform, Orion. In March 2020, SolarWinds unknowingly sent out software updates with the malicious code which gave the cybercriminals access to customer information and IT systems, enabling them to install further malware on other companies’ systems. It wasn’t until December 2020 that the malware was finally found, and mediation and investigations ran until May 2021. The SolarWinds attack is one of the largest and most sophisticated cyberattacks the world has seen.
Colonial Pipeline Ransomware Attack (USA)
On May 7th, the Colonial Pipeline (an oil pipeline system in Houston, Texas) fell victim to a ransomware attack that impacted the computer equipment managing the pipeline. As a result, the pipeline ceased operation to contain the attack. The gang that perpetrated the attack, DarkSide, demanded a $4.4 million ransom to decrypt all data. The Colonial Pipeline, with assistance from the FBI, paid the ransom shortly after the attack. Although this restored the network, the pipeline operated very slowly and as it delivers 45% of the East Coast’s fuel, a state of emergency was imposed to ensure fuel lines remained open.
Brenntag Ransomware Attack (USA)
In early May, Brenntag, a German chemical distribution company, was the victim of a widespread ransomware attack. Although the company was founded in Germany, the ransomware gang, DarkSide, attacked its North American division. The cybercriminals extracted 150GB of data during the attack and threatened to leak it unless the company paid a $7.5 million ransom. This was negotiated down to $4.4 million, which Brenntag paid. The attack was only successful as the cybercriminals bought stolen employee login credentials to spread the ransomware.
Health Service Executive Ransomware Attack (Ireland)
On May 14th, the Health Service Executive (HSE) of Ireland was targeted by ransomware gang, Wizard Spider. The ransomware Conti was used in the attack and it caused all HSE’s IT systems to be encrypted and shut down. The gang demanded a ransom of €16.5 million to decrypt the data and to not publish any ‘private data’. The Irish government did not pay this ransom, and as a result Wizard Spider released the confidential medial information for 520 patients, as well as corporate documents. Eventually, the cybercriminals gave the HSE the software tool to decrypt the data, free of charge. However, it took over 4 months for all servers and devices to be completely restored. This attack had devasting consequences for employees and patients alike.
Kaseya VSA Supply Chain Ransomware Attack (Worldwide)
On July 2nd, 30 managed service providers (MSPs) and their customers fell victim to a ransomware attack, carried out by the gang, REvil. This was due to a vulnerability in Kaseya, an IT solutions developer, VSA software. Although only 0.01% of Kaseya’s customers were affected by the breach, as these were all MSPs with multiple customers, over 1000 companies were ultimately impacted. The cybercriminals demanded a $70 million ransom; however, Kaseya did not pay as it obtained the decryption software through a third-party. This is a key example of how a supply chain attack can have consequences for businesses throughout the world.
Looking Forward to 2022
2021 saw thousands of businesses around the world fall victim to a variety of cyberattacks. There is no doubt that this trend will continue this year with new attack vectors and companies of all sizes and industries being targeted. Many of these attacks can be reduced or avoided through a comprehensive security strategy. HAYNE’s managed cloud solution; HAYNE.cloud helps customers achieve a defence-in-depth approach towards security which greatly reduces the attack surface of customer solutions and reduces the threat risk. Moving to HAYNE Cloud is a key step your organisation can take now, to improve your cyber-security posture. If you want to find out more, get in contact with HAYNE today.