With cybercrime on the rise, thousands of cyber attacks and data breaches are recorded each day. The phenomenon is surely not showing any signs of slowing down, with several big cyber attacks making the headlines so far this year. In 2021, the number of attacks increased day after day, rising to no less than 151 publicly disclosed data breaches and attacks in March. Let’s take a look at some of the biggest cyber attacks that took place in the first three months.
Florida Water System Attack
In early February, news broke that hackers had tampered with a water treatment facility in Florida. Cybercriminals were able to remotely control a computer to change the chemical levels of the water supply, increasing the amount of sodium hydroxide (lye) before a supervisor was able to catch the act in real-time and revert the changes.
The Oldsmar breach alarmed state and local officials around the country. Four agencies, including the FBI, EPA, and a federally funded group that tracks cybersecurity issues for states and local governments, released a joint advisory warning. Although the intrusion likely happened through TeamViewer, the federal advisory offered two other possible ways the attacker accessed the system: “poor password security” and outdated Windows software. While the advisory did not explicitly say that Oldsmar’s systems were run on Windows 7 operating software, it said that the version of Windows software is particularly susceptible to attack.
CNA Financial Hit By “Sophisticated Cybersecurity Attack”
Insurance provider CNA Financial was hit by a “sophisticated cybersecurity attack” on March 21, 2021. The cyber attack disrupted all employee and customer services for three days, as the company shut down, “out of an abundance of caution”, to prevent further compromise. The attack itself utilized a newly revised version of the Phoenix CryptoLocker malware, a form of ransomware. Over 15,000 company devices were infected with the encryption payload.
The perpetrators responsible for the attack allegedly belong to the Evil Corp group. Maksim V. Yakubetes, known by the nickname “aqua”, uses his stolen millions to enjoy a lavish lifestyle. Evil Corp is responsible for last year’s deployment of WastedLocker ransomware in relation to at least one high-profile breach, according to CyberTalk.
Harris Federation Ransomware Attack
On March 27, London-based multi-academy trust Harris Federation suffered a ransomware attack, forcing the charity to shut down its IT systems, and temporarily disable its email system and switchboard services. Ransomware gang, Revil, is thought to be responsible for the cyber attack, which led to 37,000 students being locked out of their emails and coursework. The “highly-sophisticated attack” forced the schools to take the precautionary measures of temporarily disabling its email and internet-enabled telephone system, as well as any Harris Federation devices, including those used by pupils.
The attack followed an updated alert from the UK’s National Cyber Security Centre warning about an increase in targeted ransomware attacks against education institutions since late February. The wave of ransomware attacks came on the heels of a previous one that impacted the UK education sector last year, in August and September.
Channel Nine Unable to Broadcast News Bulletin
On March 28, major Australian broadcaster Nine Network was the victim of a cyber attack that took it off air for a period of time. Current affairs program, Weekend Today, was not aired and staff were told to work from home, without access to production systems and email. The network managed to get back on the air later that day, but its services remained heavily disrupted.
The attack on Channel Nine coincided with “technical disruption” at Australia’s Parliament House, where MPs and senators lost email access over the weekend. The issue was related to an unnamed external provider, according to the country’s Defense Minister, Andrew Hastie.
Microsoft Exchange Server Data Breach
At the beginning of March, security firm Volexity uncovered a Microsoft vulnerability that allowed hackers to take advantage of an Exchange Server flaw. It appears the threat actors have been planting web shells that enable administrative access and the ability to steal data as far back as January. The scale of the attack is astonishing. It is believed that more than 60,000 private companies and nine government agencies in the US alone fell victim to the attack.
On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange.
Cyber attacks are increasing daily, with threat actors learning and adjusting their methods. For example, next-generation ransomware attacks are loaded with advanced AI technology and can smoothly evade malware detection programs. To combat cybersecurity threats, both emerging and familiar, organizations need a plan of attack that combines new tools with tried-and-true best practices.