Over the past couple of years, it has become hard to ignore that the digital life we all live in is completely exposed to cybercriminals. Hackers are happy to take almost any opportunity to make money or have fun, from creating free gym memberships for their entire family to hacking into the energy systems of different countries.
Even though the year is just in full swing, the storm of cyber incidents never stops. Today, let’s take a look at the biggest cyberattacks of recent times.
Perhaps this attack could be considered the « apocalypse among ransomware » or a big headache. Whatever we call it, the malicious cyberattack on global IT provider Kaseya affected some 1,500 businesses worldwide, disabled local governments, shut down a popular Swedish supermarket chain, and worsened already strained relations between the United States and Russia.
The cybercriminals spread the malware through a popular Kaseya software product called VSA. Many of the victims were service providers and firms helping small businesses and government agencies to outsource IT tasks. As a result, the malware infected hundreds of companies around the world.
A Russian-speaking group called REvil was behind the cyberattack, asking for $70 million in exchange for a « universal decryptor » that would unlock all files frozen by a single attack around the world. By mid-July, however, the group had just disappeared from the radar.
The attack is one of the largest of its kind the world has ever seen.
The SolarWinds hack is likely to spark discussions about U.S. cybersecurity for years to come. According to U.S. authorities, the hack involved Russian and Chinese hackers who penetrated the networks of major federal agencies and U.S. companies through hacked software. That helped the hackers gather a myriad of intelligence information about the U.S. government and private sector. Although the incident first came to light in December, subsequent disclosures about the extent of the hack have continued over the past six months, leading to numerous congressional hearings, audits, and investigations.
According to the Cybersecurity and Infrastructure Security Agency (CISA), even though the hack is commonly referred to as « SolarWinds, » at least three different software companies were hacked, including SolarWinds, Microsoft, and VMWare. Hackers have been confirmed to have infiltrated 12 federal agencies, including the Department of Defense, the Department of Homeland Security, the Federal Aviation Administration, the Judiciary, NASA, and others. Hackers have also allegedly infiltrated the networks of major Fortune 500 companies.
As dramatic and sweeping as the SolarWinds bug was, what came after it was perhaps even more massive. In March, a variety of security flaws in Microsoft Exchange were discovered. Bloomberg reported that vulnerabilities in Exchange led to at least 60,000 known victims around the globe, about 30,000 of whom were in the United States. However, that’s not all. Hackers took advantage of the window of opportunity and looted vulnerable servers as well as deployed many backdoors.
The attack on Colonial Pipeline, was also a big blow. In May, hackers affiliated with the DarkSide ransomware gang managed to penetrate the network of Colonial Pipeline, one of America’s largest oil and gas companies. The pipeline temporarily shut down, causing an energy crisis in the southeastern United States that turned into a panic rampage at gas stations in several states. But there was some good news, too. The FBI was able to trace and confiscate a significant portion of the cryptocurrency ransom that Colonial paid to the hackers.
CNA, one of America’s largest insurance companies, focuses on selling cyber insurance. Ironically, they were attacked in March by a group of cybercriminals calling themselves « Phoenix » who successfully stole a large amount of data. CAN paid the thieves $40 million, a number that is a record for publicly known payouts in such cases.
Cyber experts say the data obtained would enable more targeted attacks. Although the ransom amount received will probably cause hackers to abandon future attacks and retire to hacker heaven.
In late May, JBS, America’s largest supplier of beef and pork, discovered that hackers from the REvil group had successfully hacked its networks. The company reportedly paid hackers $11 million to decrypt its data. What caused the attack is unclear. Perhaps the hackers simply prefer a vegan diet.
U.S. Metropolitan Police Department
One would wonder why a local cyber attack made a list? It became one of the most dramatic in recent memory and demonstrated the willingness of cybercriminals to use increasingly dangerous tactics against law enforcement. The Babuk group took control of 250 gigabytes of sensitive internal data, including disciplinary files on past and current police officers, intelligence on a local protest activity, and, most disturbingly, information about informants embedded in criminal networks. The hackers demanded a ransom of $4 million. The police were so upset that they offered to pay $100,000 for the files, but the hackers refused – and subsequently posted everything online.
The hack of a little-known cloud company, Accellion, was the biggest « sleeper » attack of the year. In December, a group of ClOP ransomware developers used security flaws in one of Accellion’s most common products to hack the files of dozens of well-known companies around the world. Victims included Shell Oil, about half a dozen American universities, a Canadian aerospace manufacturer, banks and transportation agencies, a telecommunications conglomerate in Singapore, and Kroger, one of the largest American supermarket chains.
The second half of the year is ahead, and we don’t know what it will bring us. But judging by the trends, these big hacks are unlikely to be the last.