The Worst Cyberattacks of 2021

As we begin the new year, we should take a few minutes to look back on 2021 and look at some of the biggest cybersecurity headlines. According to the Identity Theft Resource Center (ITRC), the total number of cyberattack-related data breaches is up 27 percent compared to 2020. Credential theft, phishing, and ransomware continue to be the primary attack methods.

According to the IBM and the Ponemon Institute’s 2021 report, the average cost of a successful cyberattack reached $4.24 million per incident among the companies surveyed. While this report focused mainly on larger companies, perhaps the most significant increase in cyberattacks was on small businesses.

According to a report from Fundera, small to medium-sized businesses (SMBs) saw a 424 percent increase in cyberattacks last year. In total, 47 percent of all SMBs fell victim to an attack, and of that number, 44 percent experienced more than one.

The average cost per incident for a small business rose from $34,000 in 2019 to $200,000 last year, and 60 percent of all small businesses will close within six months after an attack, according to the National Cyber Security Alliance.

Perhaps the most shocking statistic about SMBs in 2021 comes from a BullGuard study that revealed 60 percent of all small business owners assume their business is an unlikely target. This incorrect assumption leads to poor cybersecurity. One-third of SMBs are using free, consumer-grade cybersecurity, while one in five reported having no endpoint security at all.

These factors made SMBs the “low hanging fruit” for hackers in 2021. Therefore, it is imperative that all organizations make cybersecurity a priority in 2022, regardless of size. A well-qualified cybersecurity team is needed more than ever to help put all the tools and processes in place to keep your organization safe as you move into the new year.

The most significant cybersecurity incidents of 2021

1. Colonial Pipeline – Perhaps the most infamous ransomware attack of 2021, the Colonial Pipeline incident, caused the closure of a critical fuel pipeline that created a regional gasoline shortage and a spike in gas prices nationwide.

It was later found that the breach was due to the theft of a single employee’s credentials. Because Colonial Pipeline was using a legacy virtual private network (VPN) that did not have two-factor authentication, the hackers were easily able to enter the network and install ransomware.

Despite spending $200 million over the last five years on IT systems, a simple oversight like not requiring two-factor authentication resulted in Colonial Pipeline paying a $4.4 million (75 Bitcoin) ransom to recover their encrypted data.

 

2. CNA Financial – One of the largest insurance companies in the U.S., CNA Financial announced in late March 2021 that it had fallen victim to a sophisticated ransomware attack.

The successful cyberattack crippled the company’s website and internal network for nearly two weeks and exposed the personal information of more than 75,000 people. CNA Financial negotiated a ransom payment of $40 million for the decryption key. This was the largest ransom payment ever reported.

 

3. JBS USA – Shortly after the Colonial Pipeline incident, the largest meatpacking company in the world fell victim to a cyberattack. Cybercriminals exploited vulnerabilities in the network that resulted in lost data. JBS was able to recover some data and partially mitigate damage by restoring backups, but ultimately they were forced to pause operations and incur expensive downtime.

JBS was forced to close its North American plants for two days, which negatively impacted the meat supply chain and led to significant price increases. Eventually, JBS USA was forced to pay an $11 million ransom to prevent further closure.

 

4. Brenntag – Hackers stole 150GB of data from the German-based chemical distribution company’s North American division and encrypted data and devices on the network.

Hackers were able to steal personal data from more than 6,700 individuals, including Social Security Numbers, driver’s license numbers, birthdates, and other sensitive information. On top of the information theft, Brenntag paid $4.4 million for the file decryptor and to prevent further data leaks.

 

5. Buffalo Public Schools – A ransomware attack on the Buffalo, New York public school system led to a complete shutdown of operations for one week, including in-person and remote instruction. This cyberattack affected learning for thousands of students and potentially gave hackers access to highly sensitive information of 34,000 students and more than 110,000 current and former teachers, employees, and vendors.

The school system refused to pay the ransom; however, it’s estimated the response to this incident cost nearly $10 million.

 

6. ExaGrid – A backup storage company specializing in helping businesses recover after a successful ransomware attack, also fell victim in 2021. In addition to ExaGrid’s internal documents, the hackers also stole client data, confidential contracts, and employee records.

To regain access to the encrypted data ExaGrid was forced to pay $2.6 million to the cybercriminals.

 

7. PrintNightmare – Called “PrintNightmare” because this vulnerability was caused by a failure of the print Spooler to restrict access to functionality, allowing hackers to add printers and other drivers. This essentially allowed a criminal to run software (including ransomware) with full SYSTEM privileges.

Microsoft released a series of emergency patches to fix this vulnerability; however, PrintNightmare continues to be an ongoing struggle.

 

8. Log4j Vulnerability – The Cybersecurity and Infrastructure Security Agency (CISA) said, “this vulnerability poses a severe risk” and called upon all organizations to join in the efforts to minimize the potential impact. If exploited, the Log4j vulnerability would allow hackers to remotely execute code on vulnerable servers, essentially giving them complete control.

Described as “unusually easy to exploit,” this vulnerability can be triggered in various ways, making it especially dangerous. The attacker has to cause the target application to save a specially designed command. Since applications routinely log easy to input information such as messages sent and received by users, the Log4j vulnerability could be triggered by simply sending a message.

IT teams and cybersecurity professionals are working tirelessly to patch this previously unknown vulnerability that could allow cybercriminals to access millions of devices connected to the internet.

 

Stay vigilant in 2022

It’s important to note, most ransomware attacks in 2021 made national or worldwide news coverage because they were against large companies who paid massive sums of money to recover. However, most cyberattacks actually affect small to medium-sized businesses and go largely unreported. Because the average cost of a successful attack on a small business is close to $200,000 and damages their reputation, 60 percent of SMBs never recover.

It’s crucial to understand that vulnerabilities such as PrintNightmare or Log4j affect every organization. Without proper security in place, most will not know they were compromised until it’s too late. Therefore, every organization needs to have up-to-date tools and a well-rounded IT team complete with cybersecurity professionals to protect against and mitigate the impact of a cyberattack.

Discover how a team complete with IT and cybersecurity experts from tca SynerTech can be affordable for every business, regardless of size. For less than the cost of a single minimum wage employee, smaller organizations can hire an entire IT department to provide solutions from tech support to enterprise-grade cybersecurity. As your IT department, the service and savings provided by tca SynerTech will scale as your organization grows.

With tca SynerTech on your side, you can rest assured we will stay on top of potential emerging threats and help protect your IT systems before there is a major issue. Contact tca SynerTech today to learn more about how to protect your organization from cyber threats in 2022.