Another day, another data breach. This seems to be the mantra of 2021. It seems the pandemic has been the perfect breeding ground for more targeted, meticulous attacks across industries. Let’s take a look at just the first half of 2021 and assess the damage. Here are the top 10 cyber attacks so far in 2021.
Australian broadcaster Channel Nine was hit by a cyber attack in March, resulting in the channel’s inability to air its Sunday news bulletin as well as several other shows. In addition, the unavailability of internet access at its headquarters in Sydney led to interrupted operations across the network. The network’s publishing business suffered as the attack took down its publishing tools. The channel first reported that the outage was due to “technical difficulties” but later confirmed the cyber attack.
Also in March, London-based Harris Foundation suffered a ransomware attack that forced it to “temporarily” disable the devices and email systems of all secondary and primary academies it manages – a total of 50 schools. This resulted in 37,000 students left without access to their coursework and email correspondence.
CNA Financial, known as one of the biggest cyber insurance firms in the U.S., suffered a ransomware attack in March. The attack resulted in the disruption of the organization’s customer and employee services for three days. CNA was forced to shut down to prevent further compromise due to the cyber attack that featured a new version of the Phoenix CryptoLocker malware, a form of ransomware.
Florida Water System
Often, we hear of cyber attacks that have an end goal of financial payout. In the case of the highly publicized Florida Water System cyber attack, a cyber criminal attempted to poison the water supply in Florida. The cyber criminal was able to breach a computer system within Oldsmar and briefly increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million – a potentially dangerous level.
Microsoft Exchange Mass Cyber Attack
Another incident making the top 10 cyber attacks list was the Microsoft Exchange attack. Here, threat actors were able to actively exploit (both domestically and internationally) four zero-day vulnerabilities in Microsoft’s Exchange Server. It is believed that nine government agencies as well as over 60,000 private companies in the U.S. alone were affected by the breach.
Bombardier (Airplane Manufacturer)
Bombardier, a Canadian plane manufacturer, suffered a data breach in February. It was revealed through the investigation that an unauthorized party gained access to the data by exploiting a vulnerability in a third-party file-transfer application. The breach resulted in the compromise of confidential information for customers, suppliers and about 130 employees located in Costa Rica. To add insult to injury, the stolen data was then leaked on a site operated by the Clop ransomware gang.
Acer, known globally for its computers, suffered a ransomware attack in which it was asked to pay a ransom of $50 million. This, according to records, is the largest known ransom to date. The threat actors, believed to be a cyber criminal group known as REvil, announced the breach on their site and leaked some images of the stolen data.
University of the Highlands and Islands
Security professionals discovered the attack on the University of the Highlands and Islands (UHI) was launched using Cobalt Strike, a penetration testing toolkit commonly used for legitimate purposes by security researchers. The cyber attack forced UHI to close all of its 13 colleges and research institutions to students for an entire day. This is just one in a series of cyber attacks seemingly targeting the education sector.
Multinational IoT device manufacturer, Sierra Wireless, was hit by a ransomware attack in March. The attack against its internal IT systems resulted in a halt in production at its manufacturing sites. Luckily, its customer-facing products were not affected. The company was able to resume production within a week.
Accellion Supply Chain Attack
A breach targeting Accellion’s file transfer system FTA left the security software provider’s clients reeling. High-profile organizations including grocery giant Kroger, telecom industry leader Singtel, the University of Colorado, cyber security firm Qualys, and the Australian Securities and Investments Commission (ASIC) were just a few caught in the crossfire. Confidential and sensitive data stolen from various companies by exploiting the vulnerabilities in Accellion’s FTA tool and was leaked online.
Staying off the list of top 10 cyber attacks
Seeing the high profile names on this list and witnessing the damage cyber attacks can cause to an organization should be enough cause to take necessary preventive measures right away. Here are some steps you can take to ensure your organization is protected:
- Create a cyber secure culture. Build a culture that is security-minded. Employees are your last line of defense when all other security measures fail. Generate employee awareness through a proven awareness program such as Global Learning Systems’s Human Firewall program. Courseware, modular learning, gamification, communications toolbox and phishing simulations are just a few examples of how you can engage your users.
- Implement a phishing incident response tool. Empower your employees to detect and report suspicious emails right away, which will help you to significantly reduce cyber security risks.
- Carry out vulnerability assessment and penetration testing (VAPT). Conducting periodic VAPT to detect exploitable vulnerabilities in your IT infrastructure (applications, servers, and networks). Make fixing any detected vulnerabilities a priority.
- Update, update, update. Make sure you keep all of your organization’s hardware and software up-to-date with the latest security updates and patches.
- Enable multi-factor authentication (MFA). MFA adds an extra layer of security and protects you as an organization in case your employee’s user credentials are stolen.
Don’t wait for your organization’s name to be added to a list of top 10 cyber attacks – secure and Strengthen Your Human Firewall today.