The year in review: A look back at some high-profile cyber events of 2021
Like the year before, 2021 was a record-breaking year for cyber events, with billions of records being compromised. Here are some of the most prominent incidents.
Summary: By September 2021, the number of data breaches had already exceeded the total number of those from the year before, with the manufacturing and utility sectors being among the most deeply impacted, followed closely by healthcare. As companies focus on improving their security postures for 2022, it is important to reflect on the past year’s major events.
Like the year before it, 2021 was another record breaker in the world of cybersecurity, with the total number of victims of the previous year’s cyberattacks being exceeded in September by 17%. In the first half of 2021 alone, more than 3.2 million records were exposed in the period’s ten most significant data breaches. Eighty percent of those breaches targeted the healthcare sector.
The average cost of data breaches also continues to increase, with IBM’s latest Data Breach Report putting the figure at $4.24 million. The cost equates to a 10% increase over the 2020 report. The report also found that the rise of remote work during the coronavirus pandemic was one of the main drivers for this increase. Moreover, compromised account credentials were the number-one attack vector, while AI-powered security systems proved the most effective countermeasure.
With the cyber threat landscape constantly evolving, IT security teams have never been more important to advance their strategies. Strategic advancement should focus on developing a more proactive and offensive stance involving an optimal combination of blue teaming and red teaming. There is also growing pressure on IT security leaders to adopt industry-standard models, such as the MITRE ATT&CK framework.
With these trends in mind, it is also essential to reflect upon the past year’s major events. Here are some of the most noteworthy:
Having suffered major security incidents in 2018, 2019, and 2020, the world’s largest social media platform is no stranger to data breaches. The 2021 breach, which occurred in April, was one of the largest, involving the leaking of account details belonging to over half a billion users.
Although Facebook sought to downplay the incident, claiming it to be an ‘industry problem’ and ‘a normal occurrence’ in a leaked internal email, the fact remains that the breach included the full names, phone numbers, locations, and other details pertaining to hundreds of millions of users.
Facebook claimed that the data was leaked due to a vulnerability that the company supposedly patched in 2019. It was then posted on a hacking forum by an anonymous user. While none of the data leaked was particularly sensitive, malicious actors can and do leverage such data for carrying out highly targeted social engineering scams. Indeed, social media is the phishing scammer’s go-to research resource when carrying out reconnaissance on potential targets.
Twitch
In October, American live video streaming service Twitch reported a security incident resulting from a server configuration change. Over 125GB of leaked data was publicly posted on the controversial imageboard website 4chan in full public view. While the data did not include any payment information or login credentials, it did reveal how much Twitch was paying high-profile gamers using its platform.
The Twitch incident is a textbook example of hacktivism, in which activists depend on hacking techniques to promote a cause. The anonymous user who posted the torrent containing the leaked data claimed to have done so to reveal how much the platform’s top streamers were making. Naturally, this did not go down well with the platform’s users.
Colonial Pipeline
Among 2021’s biggest cybersecurity headlines was the Colonial Pipeline ransomware attack, which resulted in fuel shortages lasting several days in some US states. The company is the largest pipeline transporter of refined oil products in the US, demonstrating that no one is immune from attack.
Although they did not directly claim responsibility, it is believed that DarkSide – a cybercrime group purportedly operating out of Russia – was behind the attack. Due in part to the fact that the group specifically avoids targets in certain geographic regions, including member states of the CIS, it has also been alleged that the Russian government sanctions the group.
The attack had far-reaching consequences, prompting President Biden to declare a state of emergency on May 9th. Colonial Pipeline ultimately ended up paying a $4.4 million ransom to regain access to its systems, eventually bringing the six-day shutdown to an end.
Accenture
In August, global professional services and IT consulting firm Accenture faced a $50 million ransom demand from Lockbit, a group of cybercriminals ransomware developers. However, given that the company itself consults on cybersecurity matters, the $50 million was probably less worrying than the potential reputational fallout.
That reputational damage was undoubtedly further exacerbated because the company took almost two weeks to report the attack publicly. However, all the infected systems had been recovered from a recent backup by then.
The attack was discovered through monitoring systems and had no impact on its services and operations or its client systems. On the other hand, the ransom was for 6TB of stolen data, some of which was briefly exposed after the first ransom deadline had passed. Thus, the Accenture attack is a strong reminder of the recent uptick in double-extortion tactics, whereby attackers do not stop at encrypting data but steal it and threaten to release it if the victim fails to pay the ransom.
Cybrary for Teams is an all-in-one workforce development platform that helps organizations develop stronger cybersecurity skills, prepare for new certifications, and track team progress.
