Cybercrime evolves at least as rapidly as the wider digital landscapes it targets. Arguably, it’s sometimes even the faster, more agile player in the race. Key evidence of this is the simple fact that instead of shrinking, cyberattacks have only become larger and more brazen in recent years. Far from being an exception to these trends, 2021 has instead been exceptionally active for hackers and their activities against many organizations.
This is what the following ranking of four of the worst attacks of the year clearly demonstrates. It also goes to show that despite its difficulties and complexities, cybersecurity is more important now than it has ever been. Let’s get down to our ranking and see what happened in each case.
1. CNA Financial Fails to Insure Against Ransomware
One of the largest insurance companies in the United States also happened to be the victim of one of the worst ransomware attacks in 2021. This happened when in late March of 2021, CNA announced that its website and databases had all been attacked by hackers. They had secretly encrypted key operational data and demanded $60 million dollars to decrypt it. CNA had to shut down its site and all major services for nearly two weeks. They then negotiated the payment down to $40 million and were able to resume operations.
The group responsible, Phoenix, breached the site through a false browser update that tricked employees into installing it. From there, it spread throughout the company’s network. Had CNA been using correct internal data security measures, it might have been able to resist such a deep penetration of its systems.
2. Colonial Pipeline Gets Extorted
In what is arguably the most infamous cyberattack of the year, a Russian hacker group, DarkSide, breached the natural resource management company Colonial Pipeline’s IT stack, disrupting all of its IT management. As a precaution, Colonial was forced to shut down its fuel pipelines completely for days. The company was able to resume operations and retrieve control of its IT systems–only after it paid a ransom of $4.4 million dollars to the hackers.
This case involved a much smaller payout than the CNA ransomware extortion payment previously mentioned, but it garnered far more political attention. That’s mainly because of the economically sensitive nature of a fuel pipeline company. Had Colonial Pipeline maintained data exfiltration security, DarkSide’s malware would have been stopped before taking the IT stack hostage.
3. Buffalo Public Schools Learns a Hacking Lesson
Attacks by cybercriminals on public institutions and their IT systems are a popular sport worldwide and the education sector is no exception. In this case, the Buffalo Public School system (in NY) was the target. A ransomware attack caused it to shut down the entire education network it administered, forcing the school to close for days.
The hackers not only disrupted IT operations, they also accessed sensitive databases. They had access to information on thousands of students, including their demographic profiles, education status, financial details and other personal info. Buffalo Public Schools refused to pay the hackers themselves, but was forced to spend nearly $10 million dollars on security overhauls. How the hackers breached the school system’s networks wasn’t clarified by staff or FBI investigators, but there could have been many possible weaknesses.
4. Acer Flops on Computer Security (Twice!)
You’d think that a company tasked with manufacturing computer technologies would know a bit more than the average business about IT security, but apparently not. The Taiwanese PC maker was hacked by a group called REvil. The hackers managed to freeze the company’s databases and exfiltrate enormous amounts of financial data and other information. REvil leaked some of this online in an effort to push Acer into paying its record-breaking ransomware demand.
The company did so and was forced to fork over $50 million dollars in cryptocurrency. In this hack, it’s suspected that hidden vulnerabilities in Microsoft Exchange servers were used to access Acer’s own servers and data. It’s also worth noting that Acer then suffered a second ransomware attack just recently in October 2021 against its offices in India. You’d think they’d have learned from the first attack.
Final Words
The above are just a few major examples of cyberattacks that happened in 2021. There were many more. The sheer range of them and their specific details rapidly become too complex to cover briefly. What you, as a business owner, should keep in mind is that while no security solution can absolutely guarantee perfect security, hiring professional support can massively reduce your risk of being a victim. Great Lakes Computer Corporation takes data protection seriously, and its security backup and stack solutions are designed to counter the latest in cyberattack threats.