If 2020 is year of pandemic lock hack2021 is an open season for attackers around the world. Incredibly aggressive ransomware gangs, target health care facility, school and critical infrastructure at alarm level. And hackers keep launching supply chain attacks with extensive fallout. With Disease still raging in the background, system administrators, incident responders, global law enforcement and security professionals of all kinds worked tirelessly to combat the incident. And Governments scramble to take more concrete action against online threats.
For now, however, the seemingly endless game of cat and mouse continues. As John Scott-Railton, a senior research fellow at the University of Toronto’s Citizen Lab, put it: “The year 2021 is the year when we realize that the problems we’ve chosen to not solve for years or years or years. Decades ago came back to haunt us. ”
This is WIRED’s flashback to breaches, leaks, data leaks, ransomware attacks, state-sponsored hacking campaigns, and digital mayhem. No sign of a re-emergence in 2022, keep an eye on your rear and stay safe out there.
In early May, ransomware hit Colonial Pipeline, which operates a 5,500-mile pipeline that carries nearly half of the East Coast’s fuels — gasoline, diesel and natural gas — from Texas to New Jersey. As a result of the attack, the company shut down portions of its pipeline to contain malware, and as the attack took their payment system offline. As growth lines at gas stations across the southeastern United States, the Department of Transportation has released a urgent orders to allow the expansion of fuel delivery by trucks. The FBI also singled out a notorious person with ties to Russia DarkSide ransomware gang was the perpetrator of the attack.
Colonial Pipeline paid 75 bitcoin ransom— worth more than $4 million at the time — in an effort to resolve the issue. Law enforcement was then able to withdraw some moneyand DarkSide went underground to avoid scrutiny. In November, the Ministry of Foreign Affairs announced a bonus of 10 million dollars for exact information about who plays the group’s ringtone. The attack was one of the largest-ever disruption to US critical infrastructure by hackers and was part of a series of alarming attacks in 2021, late last year. The last seems to have served as a wake-up call to the US government and its allies of the need for inclusiveness. address and block ransomware attacks.
The SolarWinds hack is the most memorable software supply chain attack of 2020 and 2021, but the compromise by IT management software company Kaseya is another prominent addition to its supply chain attack record. this year. In early July, hackers affiliated with the Russia-based REvil ransomware gang exploited a vulnerability in Kaseya’s Virtual System Administration tool. VSAs are popular among managed service providers, companies that run IT infrastructure for organizations that don’t want to do it themselves. As a result of this interdependent ecosystems, attackers were able to exploit a vulnerability in VSA to infect 1,500 organizations around the world with ransomware. REvil sets a ransom of around $45,000 for many downstream victims and up to $5 million for the managed service providers themselves. The gang also offered to release a general-purpose decryption tool for about $70 million. But then the ransomware gang disappeared, leaving everyone in the dark. At the end of July, Kaseya get a universal decoder and start delivering it to the targets. In early November, the US Department of Justice announced that it had arrest one of the main alleged perpetrators for the Kaseya attack, a Ukrainian citizen was arrested in October and is currently awaiting extradition from Poland.
Streaming service Twitch, owned by Amazon, confirmed it was breached in October after an unknown entity released a 128GB trove of proprietary data stolen from the company. The breach includes the complete source code of Twitch. Company speak at the time the problem was the result of “a change in server configuration that allowed unauthorized third parties to improperly access it.” Twitch denied that passwords were exposed in the breach, but admitted that information about individual streamers’ revenue was stolen. In addition to the source code and payment data of streamers from 2019 and beyond, the trove also contains information about the internal Twitch Amazon Web Services system and proprietary SDKs.
In the wake of Russia’s SolarWinds Digital Spying, the Chinese state-backed hacking group known as Hafnium took action. By exploiting a group of vulnerabilities in Microsoft’s Exchange Server software, they were able to penetrate more broadly into the email inboxes of their targets and their organizations. The attacks affected tens of thousands of entities across the United States starting in January and with particular intensity in the early days of March. The attacks hit a wide range of victims, including small businesses and local governments. And the campaign also affects a number of organizations outside the US, such as the Norwegian Parliament and the European Banking Authority. Microsoft released emergency patch on March 2nd to address the security holes, but the hack attack was already underway and many organizations were day or week to install the fixes, if they did that.
Israeli spyware developer NSO Group is increasingly becoming the face of target surveillance industry, as its hacking tools are used by an increasing number of autocrats around the world. Communication platform WhatsApp sued NSO in 2019 and Apple follow this year in November, following a string of revelations that NSO created tools to infect iOS targets with its flagship Pegasus spyware by exploiting vulnerabilities in Apple’s iMessage communication platform. In July, an international team of researchers and journalists from Amnesty International, Forbidden Stories, and more than a dozen other organizations published forensic evidence that a number of governments around the world — including Hungary, India, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates — may be NSO customers. Researchers studied a leaked list of 50,000 phone numbers related to activists, journalists, executives and politicians, who are all potential surveillance targets. NSO Group has denied those claims. In December, Google researchers concluded that NSO malware’s sophistication is on par with elite national hackers.
JBS SA, the world’s largest meat processing company, was hit by a massive ransomware attack at the end of May. Subsidiary JBS USA said in a statement in early June that “it was the target of an organized cybersecurity attack that affected several servers supporting IT systems in North America and Australia”. JBS is headquartered in Brazil and has about a quarter of a million employees worldwide. Although its backups were intact, JBS USA was forced to take the affected systems offline and worked frantically with law enforcement and an outside incident response company. to adjust the ship. JBS facilities in Australia, the US and Canada faced disruption, and the attack had a cascade of impacts across the meat industry that resulted in plant closures, staff sent home and cattle must be returned to farmers. The incident, which comes just weeks after the Colonial Pipeline attack, underscores the fragility of critical infrastructure and critical global supply chains.
Firewall provider Accelion has released a patch at the end of December, and then other fixes in January, to address a group of vulnerabilities in one of its network appliance services. However, patches did not arrive or be installed quickly enough for dozens of organizations worldwide. Many suffer data breaches and face extortion attempts due to security vulnerabilities. The hackers behind the attack appear to have connection to the financial crime group FIN11 and the Clop ransomware gang. Victims include the Reserve Bank of New Zealand, Washington state, the Australian Securities and Investments Commission, cybersecurity firm Qualys, Singapore telecommunications company Singtel, prominent law firm Jones Day, and grocery chain Kroger chemistry and the University of Colorado.
Everything old is new again in 2021, as a number of companies already notorious for past data breaches have suffered new data breaches this year. Wireless carrier T-Mobile admitted in August that data from more than 48 million people has been compromised in one violation that month. Of those, more than 40 million victims weren’t even current T-Mobile subscribers, but former or future customers who signed up for credit with the company. The rest are mostly active “postpaid” customers who get paid at the end of each cycle instead of at the beginning. The victim’s name, date of birth, social security number and driver’s license details were stolen. In addition, 850,000 prepaid customers had their names, phone numbers and PINs stolen in the breach. The situation is particularly absurd, because T-Mobile has two violate in 2020, one of 2019, and other in 2018.
Another repeat offender is department store chain Neiman Marcus, whose data of about 4.6 million customers was stolen in a breach in May 2020. The company disclosed the incident in October, expose victim’s name, address and other contact information, along with login information and security question/answer from Neiman Marcus online account, credit card number and expiration date and card number present. Neiman Marcus famous data breach in 2014 in which the attackers stole the credit card data of 1.1 million customers over three months.
Stories with WIRED are more amazing
