Top 10 Cybersecurity Incidents that happened in 2021

May 2021 marked one of the most significant ransomware attacks in US history. According to Colonial Pipeline, on May 7th, a cyberattack forced the company to close all operations and freeze its IT systems. This created a temporary pause in all digital pipeline operations. The problem was significant enough to lead to gasoline supply shortages in the physical world. 

Though FBI and other media sources highlighted DarkSide, a criminal hacking group as the body behind the ransomware. In November, the Department of State announced a £7.55 million reward for any information which would lead to the identification or location of leaders from the DarkSide group. 

In December of 2021, a significant global remote code vulnerability was detected in the Apache Log4 logging system, used commonly by developers of server and web applications based on Java. The new vulnerability impacted a wide selection of applications and services on a global scale, making it crucial for patches to start rolling out instantly.

Unfortunately, though numerous developers worked to patch the Log4j vulnerability, an ever-increasing number of mutations and additional issues began to arise. Around 40% of corporate networks reported an attempted exploit as a result of the vulnerability. 

One of the world’s biggest meat processors, JBS, paid a massive $11 million (or £7.8 million) ransom to cybercriminals after an attack shut down the company’s operations. Shutdowns occurred in abattoirs throughout Canada, Australia, and the US. The meat producer was forced to stop all of its operations for one day, in a move which threatened significant supply chain repercussions. 

According to the Chief Executive of JBS, the decision to pay off the ransomware group (with bitcoin) was made to help prevent additional risk for the customers. No organisation has claimed responsibility for the JBS attack since.

Microsoft, one of the largest companies in the world, proved it wasn’t immune to potential attacks during 2021. Four zero-day vulnerabilities in the Microsoft Exchange Server were discovered to be actively exploited by state-sponsored criminal groups. Microsoft noted that it was made aware of bugs in early January and released patches to take care of those critical vulnerabilities. 

However, while fixes were issued, Microsoft continued to face problems, forcing the company to reveal around 30,000 organizations in the US have been hacked as a result. Targets included government bodies, engineering companies, universities, and retail brands. Cyber forensics experts believed the vulnerabilities could have been used for ransomware deployment and data collection.

In March of 2021, the CNA Insurance company was hit by a sophisticated cybersecurity issue, disrupting the commercial group’s network. Very little information was revealed about the attack at the time, other than that it had caused problems with corporate email. The CNA immediately deployed a team of third-party forensic experts to investigate the full scope of the incident. 

Soon after the original reveal of the cybersecurity problem, reports were issued showing CNA's systems had been infected with ransomware. The group ended up paying around $40 million in ransom money to hackers for the release of its data and systems.

The ransomware attack on the Kaseya supply chain stands out as one of the biggest attacks from the summer of 2021, affecting more than 1,000 organisations. The IT firm, Kaseya revealed a successful cyberattack had been launched against the VSA product used by Managed Service Providers for remotely monitoring and administering IT services to customers. 

Kaseya said the incident only affected a small number of on-premises customers at the time. However, the supply-chain nature of the business operations conducted by Kaseya meant a number of additional companies ended up being caught up in the aftermath of the attack.

One of the world’s biggest computing companies, Acer, was hit by a REvil attack in 2021, wherein the ransomware criminals demanded one of the largest ransoms seen to date: $50 million. The ransomware group announced the success of their attack on their data leak site and shared some images of stolen files as proof. The leaked images include documents which feature bank balances, and financial spreadsheets. 

Acer did not reveal a lot of information about the investigations following the ransomware attack, but simply said the issue was being investigated. Acer later confirmed the attack and revealed it had offered the hackers $10 million instead – a price rejected by the ransomware group.

A vulnerability in the Accellion file-transfer program was revealed to have vulnerabilities in 2021, leading criminal groups to hack into networks on the supply chain worldwide. The attack affected many companies, with Accellion finally admitting around 100 out of 300 FTA clients were victims of the data breach event. 

Confidential data was taken from a host of large organisations during this criminal event, from Singtel to the University of Colorado, and even the Australian Securities and Investments Commission.

Numerous healthcare companies were affected by attacks specifically targeting the COVID pandemic during both 2020 and 2021. The Health Service Executive or “HSE” of Island faced a major ransomware attack in May 2021, which caused all of the IT systems throughout the nation to suddenly shut down. 

This was the most significant cybercrime attack conducted on a state agency and the largest known attack against a specific healthcare computer system to date. The group responsible was identified as a criminal gang better known as Wizard Spider, who were operating from Russia according to analysts. The attack had an impact on hospital appointments across the country, with many appointments cancelled completely.

The scope of what hackers can do to our communities and countries is becoming increasingly worrisome. In 2021, a hacker attempted to “poison” the water supply in Florida, after gaining access to the water system and increasing the amount of sodium hydroxide (lye) in the treatment system. Fortunately, a worker spotted the hack and reversed the action. 

No arrests were made as a result of the hack, and lack of information about whether the hack was done from within the US or outside left many government officials concerned about the security of the water systems in the country.