Top 4 Most Impactful Cybersecurity Incidents of 2021
Just like any other year, 2021 has witnessed its share of big security incidents and data breaches that impacted many organizations. According to a survey by Identity Theft Resource Center (ITRC), more than 1291 breach incidents were reported publically on 30th Sept. This is already 17% higher than the breaches disclosed in 2020. And if this trend continues, 2021 will break the record of 2017 for 1529 breaches reported within a year.
The Log4J vulnerability hit the public on Dec 10, becoming the most critical security threat of 2021. However, by far, this was not the only security incident that the world had to fight with all through the year. Ransomware attacks on JBS Foods, Colonial Pipeline, and other big organizations made headers in 2021 and still are not slowing down. The year 2021 has witnessed many high-profile attacks on corporations around the world. Here are some of the biggest cyberattacks that made headlines in 2021.
The Log4J Vulnerability:
A vulnerability living within the java-based software known as “Log4J” trembled the internet world this December. The list of victims covers almost a third of all web servers in the world. A survey by a leading cybersecurity firm Checkpoint claims that more than 3,700,000 hacking attempts were seen to exploit the vulnerability.
Big tech giants like Microsoft, Amazon, IBM, Twitter, Oracle, Google, and the most popular video game company, Minecraft are among the tech and industry giants running the popular software code that has left hundreds of millions of devices exposed. This is a wake-up call for many companies to revisit their security transformation policies and focus on cybersecurity as the core of their businesses.
Colonial Pipeline Attack:
On Friday, May 7, Colonial Pipeline said that a cyberattack enforced the company to proactively freeze its IT systems and shut down its operations. The attack was made by a group later identified as Russia-based DarkSide. This caused Colonial to shut down the entire length of its 5,500-mile pipeline for the first time in its history. The Colonial Pipeline attack made a huge impact as the pipeline is a very crucial part of the US critical infrastructure system. This shutdown disturbed gas supplies throughout the East Coast of the United States, causing panic and chaos.
During the same time in May this year, Acer a giant computer manufacturing company was attacked by the REvil hacker group. This same group was also responsible for an attack on Travelex, a London foreign exchange firm. The hackers took advantage of a vulnerability in a Microsoft Exchange server to get access to Acer’s files. They released images of sensitive financial spreadsheets and documents. The $50 million ransom stood out as the largest known to date.
Attack on a chemical distribution company, BRENNTAG:
Also in May this year, Brenntag, a chemical distribution company, was attacked by the same notorious hacker group that targeted Colonial Pipeline. The group demanded the equivalent of 7.5 million dollars in bitcoin after stealing 150 GB worth of data. Brenntag soon surrendered to the demands and ended up paying $4.4 million. While this is a little more than half of the original demand, it still stands among the highest ransomware payments in history.
Conclusion: Businesses around the globe, be it a small firm, or a big private or public corporation needs to understand the importance of embedding a shift left approach to their security infrastructure. Security needs to be an essential part of your SDLC and compliance framework. Your security team needs to stay alert and train all employees on cybersecurity.