Many people would rather put 2021 behind them. Once again, COVID-19 was front and center in the media, this time as new strains of the virus emerged and social restrictions were reinstated following premature optimism about vaccine rollouts and the end of the pandemic. The cyber security scene also featured the same old news: massive data breaches at Facebook and LinkedIn, and the looming menace of ransomware.
The World Economic Forum named cybercrime, along with COVID-19, climate change, and the debt crisis, as the top risks to society over the next decade at the beginning of the year. As the year progressed, healthcare facilities and hospitals became the targets of a growing number of attacks, proving the truth of that prediction. The attack on Colonial Pipeline, however, highlighted the widespread impact of ransomware for the first time. Millions of Americans were left in a lurch after their gasoline provider was forced to shut down in the face of an attack.
January
The year 2021 got off to a bad start when researchers discovered a massive data leak affecting millions of Brazilian citizens.The leak exposed the personal information of 220 million Americans, including their names, birth dates, and social security numbers.
The hack also included 104 million records containing personal information on residents’ vehicles, such as the make, model, and license plate numbers.
Because this is the kind of data a credit reporting agency would collect, initial reports pointed the finger at Serasa Experian. The group, however, strongly denied involvement in any way.
The denial from the corporation was deemed “insufficient” by Procon, a consumer rights organization in the Brazilian state of Sao Paulo.
You can see more incidents from January in our list of data breaches and cyber attacks.
February
In February, when ransomware first made headlines, it caused major disruption at two hospitals in France.
Malware initially damaged the Villefranche-sur-Saône hospital complex in eastern France. The Dax-Côte d’Argent hospital in southern France was struck less than a week later.
Aline Gilet-Caubere, the hospital’s deputy director, said that while no data had been stolen, the staff had been locked out of patients’ digital information and had been reduced to keeping paper records instead. However, a third hospital network in Dordogne was saved from ransomware after an IT vendor noticed the threat on the group’s servers.
The hospital’s head of IT, Hugues Alegria, revealed that his team had shut off all connections with the vendor and disabled any backup servers they had just to be safe.
These events bring to mind an incident in 2020 at Germany’s Dusseldorf University Hospital, where a patient died after being turned away because the hospital was under siege and unable to treat her. As a response to the recent surge of attacks, French President Emmanuel Macron has outlined a strategy to strengthen government defenses against ransomware.
Macron spoke with hospital administrators and staff and expressed concern about the impact of the attacks on patients.
You can see more incidents from February in our list of data breaches and cyber attacks.
March
In March, state-sponsored attackers targeted Microsoft Exchange Server vulnerabilities, prompting the United States government to step in and try to stop the onslaught.
The IT giant revealed four zero-day flaws that may be exploited for data theft, ransomware, and denial-of-service attacks.
Despite Microsoft’s patch releases, the company’s disclosure of the vulnerabilities attracted the attention of cybercriminals, who subsequently went after businesses that hadn’t upgraded their software.More than 30,000 businesses in the United States may have been affected by the increase in reported breaches.After that, Microsoft was briefed by the Senate Intelligence Committee and the White House National Security Council met to organize a response.
An executive order on cyber security was expected to be released this year in the wake of the SolarWinds assault in 2020, and the administration had already hinted that it would propose rating software providers the government relied on.
You can see more incidents from March in our list of data breaches and cyber attacks.
April
Springtime heralded a renewed sense of hope. The introduction of vaccines was picking up steam, and for the first time in a long time, many started to think that the “new normal” might eventually give way to the “regular normal.”
However, unfortunately, cybercrime is also present everywhere there is anticipation and excitement. There will be a significant surge in malicious travel-related web domains in 2021, according to a Webroot analysis published in April.
According to the system’s real-time analysis of phishing attacks, hackers have been specifically targeting consumers looking for vacations and weekend getaways.
This pattern persisted all through 2018, as increasing demand for air travel and hotel rooms resulted in price increases.
In the meantime, the phone numbers and other personal information of 553 million Facebook users were exposed onto the web in April, making it one of the year’s worst breaches. While the sheer volume of compromised data is alarming, the actual impact of this hack was quite little.
This is because neither financial data nor user credentials (which may be used to steal money) were stolen.
You can see more incidents from April in our list of data breaches and cyber attacks.
May
In May 2021, two different instances highlighted the worldwide nature of the threat posed by ransomware to an audience that may not have been previously aware of the severity of the problem. First, there was the hack of the Colonial Pipeline. After ransomware disrupted the fuel supplier’s corporate network, the company had to shut down operations. Without its billing system, Colonial had no means to monitor fuel distribution or provide correct invoicing to its consumers. As a secondary measure, Colonial turned off its operational technology network, which was in charge of the pipeline, to stop the spread of the ransomware.
Considering how ransomware spreads over networks, this was undoubtedly a prudent step; yet, it has heightened the urgency with which the problem must be fixed.
The situation worsened when reports surfaced in the media of gas stations running low on fuel and individuals hoarding supplies, sometimes in dangerous containers like buckets and plastic bags.Colonial initially stated that it would not enter into negotiations with the assailants, but then changed its mind. Early estimates put the charge at $5 million in bitcoin; however, Joseph Blount, CEO of the Colonial, later revealed that the actual amount was $4.4 million (about £3.3 million). If they did, it would be a hollow win for the attackers, as their servers would be seized and their cryptocurrency account emptied practically shortly after payment was made. A little more than a week later, Ireland’s health service was attacked, disrupting care at many facilities.
Paul Reid, CEO of the HSE, called the attack “big and severe,” and the organization immediately shut down all of its critical systems as a precaution. He explained that the gardai, the defense forces, and any third-party support teams are working with the state’s “main supports,” which would include the national security cyber team.
You can see more incidents from May in our list of data breaches and cyber attacks.
June
Because the cause of a cyber disruption isn’t often immediately apparent, the revelation of an attack can be a jarring experience for individuals who have been hit. When the incident is finally made public, however, the full picture becomes apparent.
In June, when a widespread Internet outage temporarily rendered dozens of websites inaccessible, this was not the case. The Guardian, the New York Times, and the Financial Times were impacted, as were Amazon, Reddit, and Twitch.
Also, on the day that British citizens aged 25–29 were encouraged to schedule their COVID-19 vaccination appointments, the government’s website crashed.
‘#cyberattack’ trended on Twitter at first because of the widespread fear that the outage had been caused by a malicious cyber attack, but it turned out to be something less dramatic but nonetheless worrying. The Cloud service Fastly quickly admitted fault after being notified of the issue. The company said a setup mistake had occurred in its worldwide CDN (content delivery network).
One of its clients caused a fault in its Edge Cloud system, which is supposed to help websites load faster, prevent denial of service attacks, and avoid network traffic jams.
The good news is that Fastly was able to pinpoint the issue and bring its systems back online in less than an hour.
You can see more incidents from June in our list of data breaches and cyber attacks.
July
When Amazon was fined €746 million (about £630 million) in July for violating the General Data Protection Regulation (GDPR), it set a new record for the largest such fine.
There have been few revelations concerning the nature of Amazon’s GDPR fine. May 2018, the month that the GDPR went into force, La Quadrature du Net filed a complaint that sparked the investigation.
The French advocacy group, which speaks for 10,000 people, argued that Amazon’s advertising method isn’t based on “free permission.” In other words, when asking for someone’s permission to use their personal information, the request must be worded in clear, plain language that explains exactly how the data will be used. Further, businesses can’t count on inactivity as consent, and they need to shield users from any consequences if they opt out.
A representative for the Luxembourg data protection agency said that until an appeal procedure is finalized, specifics about which rules Amazon is accused to have violated cannot be disclosed due to “professional confidentiality” restrictions in the country. There was no data breach, and no consumer information was shared with unauthorized parties, Amazon said in response. It has officially stated that it plans to appeal the fine.
In October, as was widely expected, Amazon filed an appeal of the penalties; a decision is pending.
You can see more incidents from July in our list of data breaches and cyber attacks.
August
In August, T-Mobile revealed a data breach that illustrated the issues of playing down the seriousness of a cyber attack. On August 18th, the cellular provider disclosed that the personal information of 7.8 million active customers and 40 million potential consumers had been stolen. Full names, ages, SSNs, and other identifying information for customers in the United States were among the details published in a statement on the breach.
In addition, the personal identification numbers and phone numbers of about 850,000 active T-Mobile prepaid subscribers were stolen. T-Mobile stated after the incident was revealed that it was “certain” it had sealed off the entry point the hackers had used.
It went on to say that it was performing a “deep technical analysis of the problem across [its] systems” to determine the full scope of the attack. Two days later, however, it announced that an internal probe had found that an additional 5.3 million subscribers had been compromised.
If a company’s reputation takes a hit after they reveal a data breach, the last thing they need is for the story to drag on and for them to have to admit the situation is far worse than they first imagined. In addition, businesses can lessen the blowback from a breach announcement by showing they take cyber security seriously and that the intrusion was not due to lax practices. Customers’ faith in your talents will be put to the test if you quickly downplay an occurrence only to have to back track later.
You can see more incidents from August in our list of data breaches and cyber attacks.
September
Although 2021 was a breakthrough year for the cryptocurrency industry, it wasn’t all roses for Coinbase, the largest cryptocurrency exchange platform in the world. More than six thousand consumers had “a third-party campaign” obtain access to their accounts and steal money from them, the company warned in September. It is possible that the hackers employed phishing attempts to get access to the victims’ email accounts and other personal information before attempting to login in to the Coinbase accounts in question. Coinbase accounts are protected by 2FA (two-factor authentication), therefore the attackers should have been unable to log in even with all this information.
A security weakness in Coinbase’s SMS Account Recovery process allowed attackers to intercept the 2FA token meant for the victim and gain access to the accounts. The hackers emptied victims’ Coinbase accounts of their cash. When Coinbase found out about the hack, it immediately revised its procedure for recovering compromised accounts via SMS and began compensating users. The amount of cryptocurrency that was stolen is unknown at this time.
You can see more incidents from September in our list of data breaches and cyber attacks.
October
In October, news broke that malicious actors were using prominent YouTube channels as part of phishing campaigns to steal users’ cookies. Google, which owns YouTube, has released a report claiming that more than 4,000 accounts have been compromised and are being used to broadcast cryptocurrency scams or to sell login information.
Phishing emails pretending to come from established businesses offering to advertise on their sites were the initial trigger for this attack. Common and lucrative sponsors for YouTube channels include virtual private networks (VPNs), photo editing programs, and antivirus software. This kind of offer is tempting, and it’s easy to see why a victim may take advantage of it.
Anyone who takes advantage of the offer will receive a file that looks like the advertised product as an attachment. The file appears harmless, but it actually includes malware that will infect the victim’s computer and steal their cookies and passwords. Google discovered more than a thousand domains specifically designed to harm YouTubers, and it believes the true scope of the attack is far greater.
From its investigation, it learned that the attackers used 15,000 email accounts and sent over a million messages.
You can see more incidents from October in our list of data breaches and cyber attacks.
November
This is the stock market app. Twenty-one was not a good year for Robinhood in the media. It was first criticized for failing to meet regulatory costs, the main reason investors were reluctant to put money into GameStop.
As a result of the outrage it created, it was attacked by cybercriminals many months later. Robinhood issued a statement validating that a phisher had successfully accessed its defenses.
According to Robinhood, the attackers have demanded a ransom in exchange for the secure restoration of the data. Despite the organization’s rejection of the demand and subsequent efforts to reach affected users, the threat may not have been eliminated. It’s possible that the hackers would use the stolen data to launch additional assaults against individual customers. Emails purporting to come from the compromised business often request that users change their passwords.
You can see more incidents from November in our list of data breaches and cyber attacks.
December
Some analysts said the zero-day flaw discovered by cyber security researchers at the end of 2021 “set the Internet on fire” and “will haunt us for years.” The Log4Shell exploit is a remote code execution flaw in some distributions of log4j, a widely used open-source Java logging library. Security teams around the world are still working feverishly to find a solution to the problem, which affects a staggering number of programs, servers, and gadgets connected to the web as of this writing.
Some of the companies impacted include Apple, Amazon, Baidu, Google, IBM, Tesla, Twitter, and Steam.
This flaw has been assigned the highest possible severity rating (10.0) and is being tracked as CVE-2021-44228. This means that an attacker might take complete control of a victim’s system remotely via the Internet without them even realizing it was happening. Additionally, it does not necessitate a high degree of competence to carry out. As a result, exploits are visible all over the Internet, and criminal hackers are using this flaw to spread malware, enact ransomware, mine cryptocurrency, and steal sensitive information.
You can see more incidents from December in our list of data breaches and cyber attacks.
