2021 hasn’t been short of cyber security breaches with the pandemic ushering in a new era of cyber-crime. What’s more, as the world gets more digital and remote, these threats are only going to grow. In our previous blog, we covered some of the big threats we should watch out for in the current climate. But to understand the future, you need to learn from the past, so in this blog, we are looking at some of the biggest cyber-crimes of the past year and seeing what we can learn from them.
HSE attack in Ireland
On the 14th of May, Health Service Executive – an Irish government agency – was hit by ransomware executed by Russian cybercrime group Wizard Spider. 700 MB of patient data was stolen and published on the Dark Web with $20 million being demanded to prevent further publishing. To make matters worse, HSE is looking at fines for failing to meet GDPR laws, no doubt a contributing factor to the severity of the attack.
Colonial Pipeline attack in the U.SIn the same month, the largest U.S fuel pipeline was hit by ransomware. The attackers were demanding $4.4m USD, which the CEO of Colonial Pipeline ended up paying. Quite understandable considering the chaos the attack caused. Fuel deliveries were rattled in twelve states for days.
Channel Nine in Australia
Live broadcasts were delayed because of this attack, with several shows, namely Weekend Today, being unable to air. Technology from emails to editing systems were all put out of action. This disruption also meant that channel nine needed to be disconnected from the government's networks to stay on the safe side. The perpetrators of this attack remain unknown, however, the prevailing theory is that this was from a foreign state. In the past, state-sanctioned attacks have come from countries such as Russia, China, Iran, and North Korea. The favourite here is Russia as it’s thought this was retaliation for Channel 9’s exposé on politically guided poisonings by the Russian government. Unlike your typical cyber-attack, no data was removed, and whilst ransomware was used, no ransom was demanded. This was pure sabotage, with live broadcasts resuming quickly – albeit with weeks of recovery work going on behind the scenes.
CNA in the US
CNA is one of the largest insurance companies in the US that, ironically, sell cyber insurance as one of their core offerings. Back in March, a ransomware group called Phoenix seized large amounts of its data. This must have been a significant enough blow for CNA as they ended up paying the $40 million ransom demanded by the attackers, breaking the record for publicly known ransomware pay-outs.
Looking at the above we can see a few common threads
Firstly, ransomware is clearly the cyber criminal’s weapon of choice. This is most likely linked to the popularity of RaaS. Secondly, a key goal with the above attacks is to simply cause havoc. As you’ll notice, all sorts of organisations have been targeted. A news network, a tech company, an insurance company, a government body, and a fuel supplier all had their businesses sabotaged and in some cases, their customers’ businesses. Lastly, with many of the above attacks, a popular technique is publishing extracted data. This is one step on from traditional ransomware: even if a ransom is paid and/or services are easily restored, the damage is still done. This means that the only way to avoid damage from cyber crime is to prevent it altogether.
It's not just big businesses that should be concerned
Cyber criminals see SMEs as an equally appealing target. From the period May 2020 to May 2021, UK small businesses suffered losses of £2600 on average. However, this doesn’t include the financial cost of the time spent on recovering from these attacks. Bigger businesses certainly offer more money, but SMEs are typically much easier to hack since they have less money to invest in cyber security. This lack of cyber expertise also means they’re more likely to pay ransoms, and criminals are well aware of this. Without dedicated cyber expertise, an SME’s only response to cyber crime is to pay up.
If your team is anything short of 100% cyber aware or you feel like any other area of your security could be lacking, book a consultation with one of our cyber security experts and start your cyber security journey today.