Most Recent Cyberattacks of 2021

It’s not even over yet and 2021 has already had its share of cyberattacks, breaches, and cyberthreats. Let’s examine five of the top cybersecurity threats of 2021.

“The hits keep coming.” While this old saying started in the music business, it unfortunately appears to apply to the world of cybersecurity today. Cyberthreats and successful cyberattacks keep happening and affecting some of the world’s top companies.

2021 has been a year marked by many high-profile cyberattacks. From the Microsoft Exchange attack to the Colonial Pipeline ransomware event — and many more in between — 2021 has delivered even more proof that cyberattacks are very real threats and may likely be an inevitable cost of doing business in an increasingly digital world.

In this article, we take a closer look at five of the most notable cyberattacks from the first half of 2021, including a description of what went wrong in each case. But it may not all be doom and gloom — this article also shows how the Acronis Cyber Protect Cloud can give managed service providers a valuable security edge for their clients.   

Many experts in the cybersecurity industry caution businesses that cyberthreats should be considered a “when” event; not an “if.” This means businesses of all sizes need to do all they can to protect themselves now, and best prepare for a possible future cyberattack. 

Additionally, as this year’s Colonial Pipeline ransomware attack proved, some types of cyberthreats have the potential to significantly disrupt our access to oil, gas, energy, water, and other vital services and can even lead to temporary energy crises.   

Today, hackers are usually motivated by three objectives: financial, political, or personal. These bad actors look to disable, destroy, or control computer systems, networks, and databases to steal valuable data or damage those systems. In these cases, hackers may be looking either for financial gain or to raise awareness — using hacktivism to advocate for a particular issue or cause. 

University of California

In March of 2021, the University of California announced it had been the victim of a cyberattack that used vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA). The stolen data included the personal information of faculty and students, along with their email addresses. The culprit then sent emails to those addresses threatening to publish individuals’ personal information. 

As soon as the university became aware of the breach, it took steps to contain it and also alerted federal law enforcement. The university then advised potential victims to either forward the email to its information security office or delete it. Additionally, it provided victims with recommendations about how to protect themselves, including activating credit freezes and refraining from opening suspicious emails. 

Unfortunately, social security numbers and bank information may have been compromised in the attack, and so the University of California is now offering victims a year’s worth of credit monitoring and ID theft protection.  

Microsoft Exchange

Immediately after the UC attack, Microsoft announced that its software had been targeted by an aggressive zero-day hacking campaign that exploited four recently discovered vulnerabilities in the Microsoft Exchange Server.

These vulnerabilities are present in on-premises versions of Microsoft Exchange Server email software, and some experts estimate that hundreds of thousands of people may have been affected. Bloomberg later reported that the vulnerabilities in Exchange had possibly led to “at least 60,000 known victims around the globe.”

Microsoft attributed these exploits to a Chinese state-sponsored digital espionage organization known as HAFNIUM. The unit was conducting targeted attacks on Microsoft email systems used by a range of industry sectors including — but not limited to — infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. Scripps Healthcare

On May 1, Scripps Health IT systems were shut down as the result of a malware attack. This attack resulted in its website shutting down for more than two weeks and caused real concerns about the loss of patients’ personal health information (PHI) data. Even worse, this attack could have affected patient health and even lives, since appointments and surgical procedures were temporarily cancelled.

High-risk patients, such as heart attack, stroke, and trauma patients, had to be funneled from Scripps Memorial Hospital La Jolla to other nearby hospitals. At the time, many patients also complained that they were having trouble making appointments with other doctors and that Scripps initially did not do enough to help with the referral process. 

Colonial Pipeline  

In early May, Colonial Pipeline reported that a cyberattack forced it to proactively close operations and freeze IT systems after becoming the victim of a cyberattack — more specifically, a ransomware attack from a group identified as DarkSide.

It was a significant event and had the potential to affect gas availability and prices on the entire east coast of the U.S., if not larger regions of America. The Colonial Pipeline is the largest pipeline system for refined oil products in the U.S. and consists of two massive pipelines that are 5,500 miles long. 

This incident involved a ransomware that hit Colonial Pipeline’s networks. Apparently DarkSide operators targeted the business side rather than operational systems, which implies the intent was focused on securing a ransom, rather than sending the pipeline crashing down.

Unfortunately, the attack proved successful. Colonial Pipeline CEO Joseph Blount revealed he authorized a $4.4M ransom payment to the perpetrators. Despite his own personal misgivings, he realized there were larger issues at play, including national implications. “It was the right thing to do for the country,” he said, “I didn’t make it lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this.”

Twitch

Most recently, Amazon-owned streaming platform Twitch reported a breach and theft of a huge amount of data. On October 6, 2021, an anonymous user uploaded 125GB of Twitch’s data to 4chan.

This data included Twitch’s own source code for both its website and its services, employee salaries, revenue figures for prominent streamers, internal documents, and other sensitive information. 

Twitch issued a statement that reported that the breach was related to “an error in a Twitch server configuration change that was subsequently accessed by a malicious third party” and that “credit card numbers were not exposed.” 

While the “malicious third party” has not yet been identified, the culprit appears to have been a disgruntled user or past Twitch employee. In the leak, the hacker called Twitch a “disgusting toxic cesspool” and that they posted the data “to foster more disruption and competition in the online video streaming space.”  

While 2021 saw a spike in the total number of ransomware attacks, it is also clear that hackers will continue to use virtually every type of cyber threat to gain — and keep — the upper hand. Many cybersecurity experts warn that phishing, cryptomining, and endpoint attacks will continue to be extremely popular. 

Additionally, cybercriminals will increase their levels of sophistication and the coordination of their attacks — making these attacks potentially much more devastating and more difficult to stay a step ahead of.

How could these cyberattacks have been prevented? One way would have been with the Acronis Cyber Protect Cloud — the best way to prevent client downtime and data loss with essential cyber protection. 

Acronis Cyber Protect Cloud unites backup and next-generation, machine-intelligence (MI)-based anti-malware, antivirus and endpoint protection management in one solution. Integration and automation provide unmatched ease for service providers — reducing complexity while increasing productivity and decreasing operating costs.

The Acronis Cyber Protect Cloud also enables managed service providers to expand their offerings with advanced protection packs. These include: Advanced Security — take advantage of integrated cyber protection that includes full-stack malware prevention. This solution extends the endpoint capabilities of the Acronis Cyber Protect Cloud, helping MSPs reduce the risk to clients with enhanced anti-malware protection and remediation services. 

Advanced Backup — this integrated approach to cyber protection enables service providers to extend the cloud backup capabilities clients require to proactively manage their data.

Advanced Disaster Recovery — now MSPs can get their clients back to business in just minutes and ensure immediate data availability after a disaster strikes. The Advanced Disaster Recovery add-on helps make disaster recovery painless and increases efficiency with orchestration, runbooks and automatic failover.

Advanced Email Security — block any cyberthreat, including spam, phishing, business email compromise, advanced persistent threats and zero-day attacks — before they reach end users. 

Advanced File Sync and Share — this advanced pack extends the capabilities found in the Acronis Cyber Protect Cloud’s integrated file-sharing capabilities with remote notarization, verification and online signing. It becomes a critical advantage in improving the collaboration and productivity of client teams.

Advanced Management — enable automated patch management and overall protection management. The Advanced Management add-on is the ideal way to keep clients’ systems up to date while simplifying protection management efforts.

Unfortunately, 2021 is not unique in that cyber criminals and hackers have continued to succeed with high profile cyberattacks and cyberthreats. Yet managed service providers can rely on the Acronis Cyber Protect Cloud and its advanced protection packs to strengthen their security services and minimize their clients’ risks.

Learn more about the Acronis Cyber Protect Cloud and its advanced services packs by visiting https://www.acronis.com/en-us/products/cloud/cyber-protect/ today.