Due to so much of our lives now take place online, the digitization of society means that our infrastructure, institutions and personal lives are more exposed than ever to malicious actors. Big institutions remain vulnerable, despite spending millions on security, and cybercriminals have plenty of opportunities to exploit weak. Of course, it’s not just large companies that are at risk of potentially crippling data breaches- Small businesses with less than 500 employees are also susceptible.
It has been said that these cyber attacks might be pegged by social engineering — where people are duped into clicking on malicious links or divulging private information — as the most common method of attack.
So lets take a look at the five of the most damaging cyberattacks of 2021 — the types and general targets of which will remain similar in 2022. In other words, keep your guard up. Or get it up if it’s not already. Better to be safe than sorry.
533 million. That’s how many Facebook users had their stolen personal information posted online by hackers, according to reports in Spring 2021. Names, locations, email addresses and more were dumped into cyberspace for anyone to see — or use for nefarious purposes such as identity theft. Though Facebook claimed the data in question was stolen in 2019, that did little to minimize outrage and concern. These are the pieces of data cyber criminals spend time searching for to perform social engineering attacks (a type of hacking) — but now they’re all in one place and easily accessible in this leak, which makes social engineering quicker and easier.
Microsoft Exchange
Internal and published reports revealed that hackers exploited vulnerabilities in Microsoft’s Exchange Server mail and calendar software, both of which are widely used by government and corporate data centers around the world. Microsoft said the culprit was a state-sponsored entity dubbed Hafnium. Operating out of China, this highly skilled and sophisticated actor…primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. CNBC noted that the hack would probably stand out as one of the top cybersecurity events of the year.
Kaseya
This attack temporarily hobbled roughly 1,500 organizations by exploiting a couple of massive flaws in the Florida-based Kaseya’s tech management software. Perpetrated by the offshoot of a Russian gang called REvil, its effect was broad and deep, adversely impacting not only Kaseya but as many as 50 MSPs that used the company’s software. MSPs…make an efficient vehicle for ransomware because they have wide access inside many of their customers’ networks, a Reuters story noted. Kaseya’s software serves many MSPs, so the attacks multiplied before Kaseya could warn everyone, rapidly encrypting data and demanding ransoms of as much as $5 million per victim.
Colonial Pipeline
One compromised password. That’s all it took to knock out the United States’s largest fuel pipeline. Sneaking in through a weakly protected virtual private network account, Russia-linked hackers known as DarkSide gained access to Colonial’s entire computer network. About a week later, the hackers sent a ransom note demanding cryptocurrency and the pipeline was shut-down as a precautionary measure while possible damages were assessed. The company’s system transports roughly 2.5 million barrels of fuel daily from the Gulf Coast to the Eastern Seaboard. a Bloomberg The outage led to long lines at gas stations, many of which ran out, and higher fuel prices. The pipeline was back in service a couple of weeks later, but only after Colonial paid a $4.4 million ransom to prevent nearly 100 gigabytes of stolen data from being leaked. In this case, the target got extraordinarily lucky and recovered most of its losses with government help.
CNA Insurance
Names, Social Security numbers and other private information was stolen by hackers in what CNA described as a “sophisticated ransomware attack.” The negative impact was reputational as well as financial. If they weren’t already, customers were suddenly exposed to the high probability of identity theft, since bad actors now had access to data that could be used to open new accounts or commit extortion. (CNA offered them two years of credit monitoring.) CNA suffered a “network disruption that affected certain systems, including corporate email. It also shut down the functionality of CNA’s website, reducing it to a static display.” The company ended up paying out a $40 million ransom “to regain control of its systems.” A drop in the bucket monetarily for an organization that did nearly $11 billion in revenues last year, but a crushing blow . At an SMB doing $11 million in revenue, a hit of $40,000 would have a proportional effect. Now multiply that many times over since the SMB breach costs smaller companies an average of $2.5 million. That’s massively painful if not catastrophic.
Hire Professionals To Protect Your Organization
Public and private organizations are especially at risk of cyberattacks. Managing the cyber security for your organization internally can become tedious and expensive, so consider hiring cybersecurity services to do it for you.
Letting an agency handle your cyber security will guarantee the most safety, and they can also help you recover quickly from a cyberattack if one does happen. Focus on the day to day operations of your organization and leave cyber security to the professionals to make sure you’re guarded on all fronts.
Stay Safe Online
While cyberattacks are happening more and more often, that doesn’t mean we shouldn’t use all of the advanced technology available to us. Simply take steps to protect yourself using the different types of cyber security, and when necessary, bring in the CB Tech Group experts to help.
