By Nicole Allen, Marketing Executive, Salt Communications.
Cyberattacks have been on the rise for years, and the trend shows no signs of slowing down. To add salt (no pun intended) to the wound, the COVID-19 pandemic has just made matters worse when it comes to cybersecurity. Those hoping for reprieve from the growing menace of cybercrime in 2021 will be disappointed, as the number of attacks continues to rise day by day.
Having completed the first half of 2021, already there have been many major cyberattacks that have made headlines throughout the world. We have detailed six of the most significant cyberattacks that occurred in the first half of 2021:
#1 CNA Financial
CNA Financial, one of the US’s top insurance companies, was struck by a “sophisticated cybersecurity attack“ on March 21, 2021. The company’s employee and customer services were disrupted for three days as a result of the cyberattack, which forced the company to shut down “out of an abundance of caution” to prevent additional compromise.
An attack like this, according to Joshua Motta, CEO of security firm Coalition, is a “horror scenario” that might result in a hacker gaining access to cyber insurance policyholder data. This information would provide a hacker with precise knowledge on how much money policyholders are willing to pay out in the event of a future assault. Typically, ransomware hackers must make educated predictions about how much a firm can pay to regain access to its data, and a company can always claim that it lacks the funds — a valuable negotiating chip for the victim. That bargaining chip would be gone with CNA’s insurance data, with hackers having the ability to launch far more effective attacks.
#2 Florida’s water system
A hacker gained unauthorised access to the system controlling a 15,000-person Florida city’s water treatment plant and attempted to contaminate the water supply with a caustic chemical, exposing a threat cybersecurity experts say has grown as systems have become more computerised and accessible via the internet.
The hacker who used a remote access application shared by plant personnel to enter the system at the city of Oldsmar’s water treatment plant temporarily boosted the amount of sodium hydroxide by a factor of one hundred (from 100 parts per million to 11,100 parts per million).
#3 Microsoft Exchange mass cyber attack
Microsoft’s popular Exchange mail server service for businesses has been found to have had several zero-day vulnerabilities. After learning about vulnerabilities, highly-skilled bad actors identified as the Hafnium gang from China actively attacked four zero-day vulnerabilities in Exchange Server, affecting millions of Microsoft clients across the world.
Cybercriminals used security flaws to construct a backdoor into Microsoft’s corporate clients’ networks, allowing them to inject malware, ransomware, steal patented technical documents, trade secrets, and other sensitive data. Using the ProxyLogon vulnerability, ransomware rushed in and started compromising Microsoft Exchange servers. On the evening of March 9th 2021, BleepingComputer reported on a new piece of file-encrypting malware named DearCry being used in attacks on Exchange servers.
#4 Airplane Manufacturer Bombardier
Bombardier, a well-known Canadian jet manufacturer, experienced a data breach in February 2021. The hack exposed the confidential information of suppliers, customers, and approximately 130 Costa Rican employees. An unauthorised individual had gained access to the data by exploiting a weakness in a third-party file-transfer application, according to the inquiry. The stolen information was then leaked onto a site which was operated by the Clop ransomware gang.
The faulty software, although not named by Bombardier, has been widely reported as being the Accellion FTA package. Since the attack on the New Zealand central bank in December 2020, attackers have been targeting Accellion clients. Some of those targeted, however, discover that stolen material is being transferred to a dark web site in an apparent attempt to extort money from the companies. The site has previously been exploited by the Clop ransomware gang in double-dip extortion attempts, according to FireEye.
#5 Accellion supply chain attack
Between December 2020 and January 2021, Acellion patched various reported vulnerabilities. Accellion, a security software supplier, had a security leak in their FTA product, exposing the data of many of their clients to hackers. The Jones Day legal firm, Kroger supermarkets, and Shell Oil corporation, as well as other government and educational institutions, were among the high-profile customers affected.
The Accellion File Transfer Appliance (FTA) is enterprise-level file transfer software. In December 2020, FireEye’s Mandiant reported that the Clop ransomware group was extorting enterprises by exploiting previously unknown vulnerabilities in legacy software, threatening to disclose critical data acquired from vulnerable servers unless a ransom was paid.
The programme was used “to transfer information as part of our customer support system [in] a segregated DMZ environment,” according to the business, but it was kept away from production systems, codebases, and Qualys Cloud. However, a zero-day vulnerability in third-party software had already been exploited, and the corporation received an “integrity alert” on December 24 2020 signalling a possible compromise.
Now in 2021 the reports show Accellion may still not be completely aware of the amount of compromise connected with these vulnerabilities, based on the company’s assertions during the course of 2021. Furthermore, it is suspected that future reports of Accellion FTA abuse will reveal more firms, sectors, and countries than previously revealed, based on the number of industries and nations that comprise Accellion clients.
#6 Channel Nine
A cyber-attack on Australia’s Channel Nine TV network had delayed live broadcasts, raising fears about the country’s vulnerability to hackers. Several shows, including Weekend Today, were unable to air on Sunday 29th March 2021, according to the broadcaster. As soon as the service was discovered, it was disconnected from the rest of the government’s networks as a precaution, and Australia’s Cyber Security Centre were called in to investigate.
The hack was being investigated as “criminal sabotage or the work of a foreign nation,” according to Nine. This isn’t the first time a media company has been hacked, and it’s certainly not the first time a foreign power has been involved. In 2013, Chinese hackers attempted to mine the New York Times for important information, while in 2015, a catastrophic breach that drove a French TV network off the air appeared to be the work of radicals at first, before being tracked back to Russian hackers.
How to protect your organisation from cyber-attacks as we head further into 2021:
Seeing the devastation that cyber attacks can create should be enough to motivate you to take the required precautions right away. So, here are some things you can do to strengthen your company’s cyber security framework and keep it safe from cyber threats.
Raise Cyber Security Awareness: When it comes to cyber security, uninformed workforce might be a company’s biggest weakness. One of the most efficient strategies to safeguard your company from cyber attacks is to raise awareness among your staff about current and emerging cyber threats.
Implement a Phishing Incident Response Tool: Educating your employees is only going to get you so far if you don’t give them the tools they need to deal with cyber threats. A phishing incident response tool, can enable your employees to recognise and report questionable emails right away, decreasing cyber risks dramatically.
Use a secure communications system: Your best option for managing a cyber threat sensitively would be to deploy a secure communications system, and provide extensive and ongoing training to your employees around the importance of that system. Not only would you extinguish the threat of mobile interception, but would also ensure complete privacy and security when sharing information about other potential breaches within your organisation. At Salt Communications we work with businesses of all sizes all around the world to enable them to have secure, confidential discussions wherever they are, at any time.
While hackers leave digital footprints, they are also cunning, often disguising their traces and staying in systems for weeks, if not months, before being discovered. When it comes to causing havoc in an organisation, an encryption assault can be “a near-perfect crime”. To disguise their tracks, attackers frequently delete the decryption keys, leaving their victims with little prospect of recovering the encrypted material. Protect yourself and your organisation now, before it’s too late.
To discuss this article in greater detail with the team, or to sign up for a free trial of Salt Communications contact us on firstname.lastname@example.org or visit our website at saltcommunications.com.
About Salt Communications
Salt Communications is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. Salt is headquartered in Belfast, N. Ireland, for more information visit Salt Communications.
About the Author
Nicole Allen, Marketing Executive at Salt Communications. Nicole has been working within the Salt Communications Marketing team for several years and has played a crucial role in building Salt Communications reputation. Nicole implements many of Salt Communications digital efforts as well as managing Salt Communications presence at events, both virtual and in person events for the company.