Nation state attacks, malicious emails and personal data-related incidents – 2021 saw a proliferation across a litany of cyberattack activities, many of which were catalysed by increasing online activity due to the pandemic.
However, this was undoubtedly the year of ransomware, with the National Cyber Security Centre saying that its threat is now potentially as harmful as state-sponsored espionage.
Global ransomware attacks hit a record 305 million in the first six months of this year. And, according to the DCMS Cyber Security Breaches Survey published in March, 39% of all UK businesses (2.3m) reported a cyber breach or attack in 2020/21.
If you’re looking for hard numbers and a relative visual scale for the years biggest cyberattacks, this guide is about as visually intuitive as they come but otherwise, here’s DIGIT‘s picks for the 10 biggest cyberattacks of 2021.
10 – Tesco Hack
Coming a little closer to home was an attack on Tesco that saw major disruptions to the retailer’s website over a weekend in October.
The company’s website systems crashed, and users were unable to access website services. Customers were unable to order groceries, interact with their online orders or track previous deliveries – Tesco receives 1.3m online orders every week.
Tesco eventually upgraded the website issues from minor disruption to an attempted hack and stated that the disruption was caused by someone attempting to “interfere” with its systems.
9 – CD Projekt Red
Polish game developer, CD Projekt Red (CDPR), famous for developing the Witcher game series and the (infamous) Cyberpunk 2077, had company documents and source code stolen and held under ransom in February of this year.
Data circulating online from the February hack of CD Projekt Red contained not just the source code for games like Cyberpunk 2077 and an unfinished The Witcher 3 build, but the personal details of employees and contractors.
CDPR refused to the pay the ransom demanded from hackers after a cyber attack and it’s thought the source codes could have been sold in an online auction for $7 million.
8 – IKEA Cyberattack
An attack that inserted messages into email chains to gain employee trust to deliver malicious payloads disrupted operations at retail giant IKEA in November.
The attack was revealed by cybersecurity news site Beeping Computer, which gained access to an internal email from the company. The email warned that messages had been sent to staff designed to imitate real emails, appearing as replies to existing email chains.
In addition, other groups affiliated with IKEA, such as suppliers, have also been caught up in the attack.
The attack was linked to a compromised Microsoft Exchange server. Because the scam emails are being sent from internal email servers, there is a higher level of trust in the messages.
7 – SPAR Cyberattack
The supermarket chain suffered a “total IT outage” earlier this month, preventing card payments being taken and locking staff out of systems.
SPAR was severely affected following the “online attack” with staff being unable to accept card payments as well as being locked out of emails and wider systems.
The outage also forced the closure of 330 SPAR stores in the North of England.
Jamie Akhtar, the CEO, and co-founder of CyberSmart, said that the attack was a “perfect illustration” of how quickly the consequences of a cyberattack can spread throughout a supply chain.
“SPAR’s franchise model means that hundreds of small businesses share the same systems, meaning an attack on one quickly becomes an attack on all,” Akhtar said.
6 – Windows and Linux Hack
A group of hackers, known as TeamTNT, were behind a campaign in September called Chimaera which stole confidential usernames and passwords.
The campaign, was made public by AT&T Alien Labs, which revealed that Chimaera had been in operation since July.
AT&T’s Alien Labs claimed that Chimaera was “responsible for thousands of infections globally” across Windows, Linux, AWS, Docker, and Kubernetes targets, all while eluding detection by anti-virus and anti-malware programmes.
The usage of Lazagne, an open-source application developed with one goal in mind: collecting credentials from major browsers, is a significant element of the Chimaera toolkit. Another programme tries to find and exfiltrate Amazon Web Services (AWS) credentials, while an IRC bot serves as a command and control server.
5 – SEPA Cyberattack
The Scottish Environmental Protection Agency (SEPA) suffered a ransomware attack launched by a highly organised, international cybercrime group. It technically took place in 2020 (on Christmas Eve, specifically), but wasn’t reported until the following January.
The cyberattack has knocked a number of key systems offline since, causing great disruption for the government agency.
In a statement, SEPA confirmed that around 1.2GB of data had been stolen as a result of the ransomware attack.
It should be noted in this instance, however, that SEPA received plaudits for its swift handling of the incident and for its thorough investigation following its resolution.
4 – Microsoft Exchange Breach
A wave of ransomware attacks took advantage of a flaw in Microsoft Exchange back in March.
The Microsoft Exchange breach occurred when China-based hacking group Hafnium leveraged a previously unknown zero-day flaw in Microsoft’s systems to steal data from targeted networks. In an example of a low-and-slow attack, the hackers are estimated to have had access to systems since late 2020.
The Wall Street Journal reporting that tens of thousands of organizations had been affected, with one source suggesting that the total number of businesses affected could be higher than 250,000.
It later emerged that the European Banking Authority had been compromised in the attack, with the BBC reporting that they pulled its entire email system offline to assess any potential damage.
3 – JBS Ransomware Attack
One of the world’s largest meat suppliers was hit by a major ransomware attack in May, affecting the worldwide supply.
The attack targeted US and Australian IT systems. Computer networks were hacked, causing some operations in Australia and Canada to temporarily shut down, affecting around one-fifth of the US meat supply.
Additionally, shifts for around 7,000 Australian abattoir workers and at least 3,000 across Canada and the US had to be cancelled in the wake of the attack.
By the middle of June, JBS paid the equivalent of $11m (£7.8m) in ransom to put an end to the cyberattack.
2 – Kaseya Ransomware Attack
Hackers were able to cripple dozens of companies in July by compromising software provided by Kaseya, a US-headquartered software and IT management firm.
Kaseya’s Virtual System/Server Administrator product enables users to automate and manage tasks, including patches and updates.
These products are commonly used by Managed Service Providers (MSPs), which according to researchers at Quorum Cyber meant the attackers were able to target many organisations across a diverse range of sectors.
This domino effect in the wake of the Kaseya attack has led to widespread disruption across a range of industries. Coop, one of Sweden’s leading grocery chains, was forced to close hundreds of stores across the country.
Security researchers also warned that thousands of other businesses and public organisations will have been indirectly affected by the breach, including schools, credit unions, accountancy firms and public sector authorities.
1 – Colonial Pipeline Ransomware Attack
Emergency powers were enacted in the US after fears of shortages rose following the shutdown of an essential pipeline in May.
The US Government was forced to take action after a ransomware attack shut down a major US fuel pipeline.
Fuel prices jumped after the attack on Colonial, operator of one of the country’s largest fuel pipelines, which targeted its entire network with ransomware.
President Joe Biden enacted special executive orders relaxing rules on the transportation of fuel via road to keep supply moving.
Hackers accessed data on computer systems and servers, locking the data and demanding a ransom.
The attack was a substantial blow to fuel supply in the US. Colonial Pipeline carries 45% of the East Coast’s supply of diesel, gasoline and jet fuel – 2.5 million barrels.
Vulnerabilities in the US energy supply infrastructure were exposed by the attack, one of the most disruptive digital ransom operations ever reported.