Last year saw a huge spike in cyberattacks, and 2021 thus far has been no different. Bad actors have taken every opportunity to attack all kinds of companies—a gas pipeline, a computer manufacturer, and a meat producer, among others—in their attempts to expose and exfiltrate sensitive data.
In response to the coronavirus pandemic, many businesses accelerated their digital transformation timelines, rapidly migrating to the cloud and implementing new technologies. But this acceleration has had unforeseen repercussions: cyberattackers are finding ample vulnerabilities to exploit as organizations struggle to find their footing in the new normal.
Here’s a look at the most devastating cyberattacks of 2021 (so far), all of which underscore the need for cybersecurity to become a critical business priority.
Colonial Pipeline attacked by DarkSide
In May 2021, Colonial Pipeline suffered one of the largest cyberattacks ever experienced by the oil and gas industry. A group called DarkSide is believed to be behind the attack, which broke the American company’s billing system and crippled its ability to sell to its customers. Attackers also stole about 100 GB of data. The attack threw the US energy infrastructure into disarray; there was a widespread fuel shortage and panic-buying of gasoline.
The intruders demanded a ransom of 75 Bitcoins (US $4.4 million at the time) in exchange for returning the data and not releasing it on the internet. After Colonial Pipeline paid the ransom, the intruders provided the decryption key—which turned out to be slower than the company’s own backup systems.
It took Colonial Pipeline more than a week to resume normal operations. In June, the US Justice Department announced that it had recovered 63.7 of the 75 Bitcoins, although their value had nearly halved in just weeks due to a drop in Bitcoin valuation. The Colonial Pipeline attack was a dramatic demonstration of how ransomware can wreak havoc on essential infrastructure and the economy. It also spotlighted the importance of Zero Trust architecture in preventing and mitigating the damage of such breaches and fueled the Biden administration’s determination to raise cybersecurity standards, reflected in the Executive Order on Improving the Nation’s Cybersecurity.
JBS targeted by REvil
In June 2021, the world’s largest meat producer, Brazilian company JBS, was forced to shut down all of its beef plants and some of its meat packaging facilities in the US by a REvil ransomware attack that also affected its operations in Australia and Canada. The shutdown wiped out nearly 25% of JBS’s American supplies, which led to a spike in the price of meat and concerns about the security of a significant portion of the US food supply.
JBS resumed its operations four days after the attack. It initially refused to disclose whether it had paid a ransom, but admitted later that it had parted with $11 million.
Acer hacked by REvil
In March 2021, Taiwanese electronics and computer maker Acer was hit by a REvil ransomware attack. The hackers demanded a ransom of US $50 million, the largest ever. If Acer did not pay by a certain date, REvil threatened to double the ransom.
To prove that they had successfully breached Acer, REvil published images of documents including financial spreadsheets, bank balances, customer databases, and bank communications. It threatened to auction these documents if the ransom was not paid. Experts believe that the intruders exploited a Microsoft Exchange server vulnerability to carry out this attack.
Acer hasn’t disclosed whether it paid the ransom or not.
CNA Financial breached by Phoenix Locker
Also in March 2021, CNA Financial, one of the largest insurance companies in the US, disclosed that it had suffered a ransomware attack. The company shut down for three days, and customer and employee services faced disruptions. The intruders used Phoenix Locker malware to steal and encrypt the insurer’s data.
While the company consulted with external forensic experts and law enforcement, it also started negotiating with the attackers. About two weeks after the attack, CNA (which offers cyberinsurance among other services) paid the $40 million ransom to regain control of its systems and network.
Don’t be a cautionary tale
So what’s the takeaway from these cyberattacks (and those that will inevitably follow)? As businesses respond to evolving requirements by adopting new technologies faster, they need to make sure their cybersecurity infrastructure is up to the challenge of defending against next-generation threats. Traditional security approaches like firewalls and perimeter defense are insufficient to defend cloud workloads and thwart advanced cyberattacks.
Instead, organizations need modern cybersecurity solutions rooted in the logic of Zero Trust. Micro-segmentation and Zero Trust architecture are highly effective in reducing the attack surface of modern IT networks. A Zero Trust approach makes you more cyber-resilient: able to prevent attacks, immediately detect and mediate those that do occur, and recover quickly with minimal disruption.
To learn how ColorTokens can help you on your journey to cyber-resilience, check out the ColorTokens Xtended ZeroTrust™ Platform or explore our cybersecurity resources.