A pandemic-focused year made the events of 2020 unprecedented in numerous ways, and the cyber attacks were no different.
As the world transitioned to virtual everything — work, school, meetings and family gatherings — attackers took notice. Attackers embraced new techniques and a hurried switch to remote access increased cyberthreats across the board.
The list of top cyber attacks from 2020- 2021 include ransomware, phishing, data leaks, breaches and a devastating supply chain attack with a scope like no other.
2020 cyber attacks
Magellan: On May 12, the healthcare insurance giant issued a letter to victims stating it had suffered a ransomware attack. Threat actors had successfully exfiltrated logins, personal information and tax information. The scope of the attack included eight Magellan Health entities and approximately 365,000 patients may have been impacted. “On April 11, 2020, Magellan discovered it was targeted by a ransomware attack. The unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6 that impersonated a Magellan client,” the letter said. The company, which has over 10,000 employees, said at the time of the letter they were not aware of any fraud or misuse of any of the personal information. Phishing, a common attack vector, intensified over the year as threat actors refined their impersonation skills.
Twitter: The popular social media company was breached in July by three individuals in an embarrassing incident that saw several high-profile Twitter accounts hijacked. Through a social engineering attack, later confirmed by Twitter to be phone phishing, the attackers stole employees’ credentials and gained access to the company’s internal management systems; dozens of high-profile accounts including those of former President Barack Obama, Amazon CEO Jeff Bezos, and Tesla and SpaceX CEO Elon Musk, were hacked. The threat actors then used the accounts to tweet out bitcoin scams that earned them over $100,000. Two weeks after the breach, the Department of Justice (DoJ) arraigned the three suspects and charged 17-year old Graham Ivan Clark as an adult for the attack he allegedly “masterminded,” according to authorities.
Solar Winds: The scope of the attack, the sophistication of the threat actors and the high-profile victims affected make this not only the biggest attack of 2020, but possibly of the decade. The incident also highlights the dangers of supply chain attacks and brings into question the security posture of such a large company. Threat actors, who had performed reconnaissance since March, planted a backdoor in SolarWinds’ Orion platform, which was activated when customers updated the software. SolarWinds issued a security advisory about the backdoor which the vendor said affected Orion Platform versions 2019.4 HF5 through 2020.2.1, which were released between March 2020 and June 2020. “We have been advised this attack was likely conducted by an outside nation-state and intended to be a narrow, extremely targeted and manually executed attack, as opposed to a broad, system-wide attack,” the company said. In the three-week-long investigation since, the full breadth of the attack has grown immensely, but is still not yet fully understood.
Fire Eye: In perhaps the most concerning cyber event of 2020, FireEye, the cybersecurity agency for many government institutions around the world, fell victim to a sophisticated cyberattack. Currently the prime suspect of this attack is Russian-backed nation state cybercriminals. The firm said that hackers had used “novel techniques” in order to make off with its own tool kit, which could help them to mount new attacks across the world.
2021 cyber attacks
Acer: In May, a hacker group known as REvil attacked the popular Taiwanese computer giant, Acer. The hackers shared images of stolen files to show proof of breaking into Acer’s security systems. The compromised data included sensitive financial documents and spreadsheets. To access this data, the criminals identified a security vulnerability in a Microsoft Exchange server. In turn, this gave the group access to Acer’s leaked files and images. REvil has demanded $50 million as the ransom fee, but it is not confirmed if the computer manufacturer has paid it.
JBS Food: In Spring 2021, a large-scale ransomware attack occurred on JBS Foods, one of the largest meat-processing companies globally. The hacker group that attacked Acer is considered the responsible party for this cyberattack. While this incident did not stop food production, the company was temporarily forced to halt food operations. As a result, the national meat supply chain was slowed, which led to increased meat prices in grocery stores and restaurants due to the temporary shortages. Indeed, this company experienced costly downtime during the attack.
Kaseya: REvil struck again by attacking Kaseya, a Florida-based company that manages IT infrastructure for big companies worldwide. The hacker group sent out a fake software update via the company’s virtual system administrator, giving the hackers access to Kaseya’s clients and their customers. This ransomware attack impacted one million systems, which were encrypted and held for ransom. In total, this attack affected 1,000 businesses. As a result of this incident, a Swedish grocery chain had to close 800 stores for a week during the attack.
Brenntag: In early May of 2021, DarkSide also targeted a German-based chemical distribution company, Brenntag. The hackers stole 150 gigabytes of data from the company’s North American systems and encrypted data and devices from their compromised network. The cybercriminals demanded $7.5 million in bitcoins as the ransom. This chemical company paid $4.4 million, which was a little over half of what the hackers demanded. Indeed, this is recorded as one of the highest ransomware payments ever made.