The worst hack in 2021


If 2020 is year Pandemic lock hack, 2021 is the open season for attackers around the world. The offensiveness of the ransomware group is shocking, Target Health care facility, School and Critical infrastructure At an alarming speed.Hackers continue to launch Supply chain attack Has a wide-ranging impact.along with Pandemic Still raging in the background, system administrators, incident response personnel, global law enforcement personnel, and various security practitioners worked tirelessly to deal with the barrage.and Governments are scrambling to take more concrete action Fight against cyber threats.

However, for now, the seemingly endless game of cat and mouse continues. As John Scott-Railton, a senior researcher at the Citizens Laboratory at the University of Toronto, said, “2021 is the year we realize that the problems that we chose not to solve years or decades ago have plagued us one after another.”

This is WIRED’s review of the most serious vulnerabilities, leaks, data exposures, ransomware attacks, state-sponsored hacking activities and digital chaos this year. If there are no signs of probation in 2022, please pay attention to your back and stay safe.

In early May, ransomware attacked the Colonial Pipeline, which operates a 5,500-mile pipeline that transports nearly half of the East Coast’s fuel (gasoline, diesel, and natural gas) from Texas to New Jersey. As a result of this attack, the company closed some of its pipelines to contain malicious software and took its billing system offline due to the attack.As More and more teams at the gas station Through the southeastern United States, the Department of Transportation issued a Emergency order Allows expansion of fuel distribution by trucks.The FBI also named notorious people related to Russia Ransomware gang DarkSide As the perpetrator of the attack.

Colonial pipeline Paid a ransom of 75 bitcoins-It was worth more than US$4 million at the time-trying to resolve this incident.Law enforcement agencies were able to Recover part of the funds, And DarkSide goes underground to avoid censorship. In November, the State Council Announced a reward of 10 million U.S. dollars Obtain substantive information about the head of the group.This attack is one of the biggest damage ever caused by hackers to critical U.S. infrastructure, and it is also part of a series of shocking hacking attacks in 2021. These attacks finally seemed to be a wake-up call for the U.S. government and its allies to remind them Need to be comprehensive Address and deterrence Ransomware attack.

The SolarWinds hacking frenzy is the most memorable software supply chain attack in 2020 and 2021, but the invasion of the IT management software company Kaseya is another important addition to the history of supply chain attacks this year. In early July, hackers associated with the Russian ransomware group REvil exploited a vulnerability in Kaseya’s virtual system administrator tool. VSA is popular among managed service providers, companies that run IT infrastructure for organizations that don’t want to do it themselves.Due to this Interdependent ecosystem, Attackers can use vulnerabilities in the VSA to infect up to 1,500 organizations around the world with ransomware. REvil set a ransom of approximately US$45,000 for many downstream victims and a ransom of up to US$5 million for the hosting provider itself. The group also proposed to release a universal decryption tool at a price of approximately US$70 million. But then the ransomware gang disappeared, leaving everyone in the dark.At the end of July, Cassia Got a universal decryptor And start distributing it to the target. In early November, the U.S. Department of Justice announced that it had Arrested a major alleged perpetrator In the Kaseya attack, a Ukrainian national was arrested in October and is currently awaiting extradition from Poland.

Amazon’s live broadcast service Twitch confirmed that it was compromised in October after an unknown entity released 128 GB of proprietary data stolen from the company. The vulnerability includes the complete source code of Say At the time, the incident was the result of “server configuration changes leading to improper access by unauthorized third parties.” Twitch denied that the password was leaked, but admitted that information about individual streamers’ income was stolen. In addition to the source code itself and streaming media payment data as early as 2019, the treasure trove also contains information about the internal Twitch Amazon Web Services system and proprietary SDK.

along with Russia’s SolarWinds digital spy frenzy, The Chinese state-backed hacker organization called Hafnium burst into tears. By exploiting a set of vulnerabilities in the Microsoft Exchange Server software, they more widely compromised the target’s email inbox and its organization. These attacks affected tens of thousands of entities across the United States starting in January, and were particularly severe in the first few days of March. Hackers attacked a series of victims, including small businesses and local governments. The event also affected a large number of organizations outside the United States, such as the Norwegian Parliament and the European Banking Authority.Microsoft release Emergency patch March 2 to resolve the vulnerability, but the hacking frenzy has begun, and many organizations have adopted Days or weeks Install the fix, if they do.

Israeli spyware developer NSO Group is increasingly becoming Targeted surveillance industry, Because its hacking tools are used by more and more authoritarian clients around the world.Communication platform WhatsApp sued NSO and Apple in 2019 Secondly suitable In November of this year, after a series of disclosures, NSO created a tool to Infect iOS target Its flagship Pegasus spyware exploits flaws in Apple’s iMessage communication platform. In July, an international group of researchers and journalists from Amnesty International, Forbidden Stories, and a dozen other organizations published Forensic evidence Many governments around the world—including Hungary, India, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates—may be NSO customers. The researchers studied a leaked list of 50,000 phone numbers related to activists, journalists, executives, and politicians, all of whom are potential surveillance targets. NSO Group refuted these claims. Last December, Google researchers concluded that NSO malware is as complex as elite nation-state hackers.

JBS SA, the world’s largest meat processing company, suffered a major ransomware attack at the end of May. Its subsidiary JBS USA stated in a statement in early June that “it was the target of organized cybersecurity attacks that affected some of the servers supporting its North American and Australian IT systems.” JBS is headquartered in Brazil and has approximately 250,000 employees. Although its backups were intact, JBS USA was forced to take the affected systems offline and worked frantically with law enforcement agencies and external incident response companies to repair the ship. JBS factories in Australia, the United States and Canada are facing disruptions. The attack has had a series of effects on the entire meat industry, resulting in the closure of factories, the sending of employees home, and the return of livestock to farmers. The incident occurred a few weeks after the colonial pipeline attack, highlighting the fragility of critical infrastructure and important global supply chains.

The firewall manufacturer Accellion released a repair In late December, and then More fixes in January, In order to solve a set of vulnerabilities in its network equipment products. However, for dozens of organizations around the world, the release or installation of patches is not fast enough. Because of these vulnerabilities, many people have suffered data breaches and face extortion attempts.The hacker behind the orgy seems to have connect Financial crime group FIN11 and ransomware group Clop. The victims included the Reserve Bank of New Zealand, Washington State, the Australian Securities and Investments Commission, cybersecurity company Qualys, Singapore Telecom Singtel, well-known law firm Jones Day, grocery chain Kroger and the University of Colorado.

In 2021, everything will be completely new, because many companies that are notorious for past data breaches have encountered new incidents this year.Wireless operator T-Mobile admitted in August The data of more than 48 million people have been compromised In the violation of that month. Among them, more than 40 million victims are not even current T-Mobile users, but former or potential customers who have applied for credit from the company. The rest are mainly active “post-paid” customers who are billed at the end of each cycle rather than at the beginning. The victim’s name, date of birth, social security number and driver’s license details were stolen. In addition, the names, phone numbers and PIN codes of 850,000 customers of the prepaid plan were also stolen.This situation is particularly absurd because T-Mobile has two violation In 2020, one 2019 yearAnd the other is 2018.

Another repeat offender is Neiman Marcus, a department store chain, which stole the data of approximately 4.6 million customers in a violation in May 2020. The company disclosed the incident in October, which exposed the victim’s name, address and other contact information, as well as login credentials and security questions/answers from an online Neiman Marcus account, credit card number and expiration date, and gift card number .Neiman Marcus The famous 2014 data breach During this period, the attackers stole the credit card data of 1.1 million customers in three months.

More exciting connection stories


Source link

Recommended For You

About the Author: News Center