2021 is yet another busy year for the cybersecurity space; according to a report by the Identity Theft Resource Center (ITRC), there has been an astounding 564% increase in the number of cyber breaches reported in H1 2021 vs. Q4 2020.
While Covid-19 pushed many companies to digitize or accelerate their digitization, they have yet to fully comprehend the necessity of creating a compatible cybersecurity strategy covering all potential weak spots in and out of their networking infrastructure. And hacker methodologies are getting more creative and brazen by the minute.
As we’re just about to enter the second quarter of 2021, here’s a look back into the biggest cybersecurity breaches of the H1 2021- a warning to heed.
Over the third weekend of 2021, the men’s retail giant, Bonobos, informed their customers of data theft. Threat actor, known as ShinyHunters, notorious for hacking online services and selling stolen databases, posted the full Bonobos database to a free hacker forum. This leaked database was an enormous 70 GB SQL file with the dataset stolen in this breach including sensitive info like customer names, emails and home addresses, and partial payment card information, potentially leading to phishing attack attempts.
The stolen data originated from a backup file stored on an external cloud provider.
Hack the hackers: Reposify monitors cloud providers for misconfiguration and best practices to prevent these types of cases precisely.
A life-threatening ‘remote access’ attack occurred on February 5th, 2021, when hackers accessed a Florida town water operating system on a mission to tamper with the water supply. The attackers scaled up the level of sodium hydroxide (NaOH) and other chemicals, boosting it to 100 times higher than the standard. Sodium hydroxide is used in water supply systems to remove metals and control water acidity.
This time, no sophisticated cybersecurity tool discovered this breach; one of the operators at the institute watched in real-time as a remote attacker took over his computer, escalating the number of chemicals to dangerous parameters. The access into the water system was an ‘amateur’ hack, exploiting weak spots within the network, including poor password security and an outdated Windows 7 operating system used by the water operators. The unsteady network allowed the attackers to gain access remotely, not once, but twice – first, around 8 am and again several hours later for approximately 5 minutes.
Hack the hackers: Remote access services are a significant part of any organization’s web-facing assets and provide a very attractive target for hackers. Knowing which of your services may be exposed is the first step towards preventing an attack.
Bombardier, a Canadian airplane manufacturer, suffered a vicious ransomware attack by a known hacking group, “Clop” who published the stolen data over the dark web. The attackers gained access to Bombardier’s IT network by exploiting a file-transferring application vulnerability. According to the Bombardier team, the app ran on a purpose-built server detached from their main network infrastructure where they housed the organization’s sensitive data. The name of the exposed application was not officially announced by the organization, though many cybersecurity experts suspect that the application was part of the Accellion FTA supply chain. Shortly after the attack, Accellion FTA users started to receive extortion emails, threatening to publish their stolen data in exchange for payment.
Hack the hackers: No matter which file-transfer applications are used, knowing what is or might be exposed, and getting continuous updates on vulnerabilities related to your assets is vital to the security of your organization. Reposify works for security teams monitoring exposure and can keep you in control over your assets.
Rough start for Microsoft and 250K of their users: 4 zero-day exploits on the Microsoft Exchange Server were discovered at the beginning of the year. High-level organizations such as governments and financial institutions across the US turned into live targets, in seconds. The affected Microsoft server vulnerabilities provided attackers with full access to user emails and passwords, access to network-connected devices, and server admin rights and privileges. In March 2021, Microsoft released the updates, calling all users of 2010, 2013, 2016, and 2019 Exchange servers to patch the vulnerabilities. Unfortunately, this did not cover damages caused to the organizations affected, and the backdoors potentially implemented by the attackers still allowed them to access the affected servers even after they were “successfully” updated. In mid-March 2021, another set of vulnerabilities were deployed in the originally affected Exchange servers, forcing Microsoft to shut them down, including those updated and encrypted.
What were the vulnerabilities?
- CVE-2021-26855: CVSS 9.1 Type: Server-Side Request Forgery (SSRF)
- CVE-2021-26857: CVSS 7.8 Type: Insecure Deserialization
- CVE-2021-26858: CVSS 7.8 Type: Arbitrary File Write
- CVE-2021-27065: CVSS 7.8 Type: Arbitrary File Write
Hack the hackers: Reposify keeps up to date with the latest vulnerabilities and can raise an alert if a new vulnerability affects any visible asset on the organization’s perimeter.
“A sophisticated cybersecurity attack” hit CNA Financial, one of the biggest insurance firms in the US. The insurance giant was forced to go offline for three days after an aggressive ransomware attack. Shutting down the systems was crucial to protect their massive database containing extremely sensitive customer information. Although CNA didn’t officially announce the cyber attack, Bleepingcomputer reported that CNA suffered from a ransomware attack applied by an advanced attack vector called ‘Phoenix CryptoLocker’. In May, CNA reportedly paid the hackers a whopping $40M ransom.
500M accounts leaked from Linkedin’s database and are now out for sale in various cybercriminal forums online. The sensitive data stolen by the hackers included work-related information, account IDs, addresses, and other identifying information. Post-incident investigation, LinkedIn claimed that hackers were selling the aggregated data from various open services online, combined with the data poached from LinkedIn. The data scraped from Linkedin’s databases might be considered ‘less sensitive’ than credit card info but it can still be used for malicious activities like phishing attempts.
The latest victim of a significant ransomware attack series is none other than the US Colonial fuel pipeline, which was forcibly shut down for a full weekend. This attack outed one of the biggest cybersecurity threats known to the US exposing how vulnerable the national infrastructure is, especially the energy grid. Even industrial sectors such as fuel pipelines run most of their operations digitally, making them a target for cyberattacks. DarkSide is the group that allegedly stole 100GB of data from the company’s servers.
Hack the hackers: Beyond the critical task of managing user accounts with various access rights, Reposify monitors your online remote access services which is crucial to prevent these types of attacks.
These breaches are only part of a very long, growing list of expensive cyber attacks, with the global average cost of a data breach is $3.86 million. Cybercriminals are adapting to more sophisticated attack methods and security teams are scrambling to keep up after the fact rather than ensuring that they are taking every offensive precaution to ensure that their own organizations won’t be the one sprawled across the news as a latest cyber attack.