If you’re reading this then you probably don’t keep up with cybersecurity news, if you do happen to, then you’ll already know that the past year has seen one large scale cybersecurity incident after another. Below I’ll delve into some of the latest cyber security attacks to make the headlines over the past year, and detail why such attacks appear to be on the rise.
Over the past 12 months there’s been an ever-increasing number of ransomware attacks (ransomware encrypts files and folders across a business and demands a ransom for decryption), with some of the most prominent attacks even hitting mainstream news. A couple of recent examples include…
- The Colonial Pipeline hack, which took down the largest US fuel pipeline when hackers gained access through a user’s VPN account, installed ransomware and demanded a hefty $4.4million ransom. The account did not use MFA (Multi-factor Authentication), and the user’s password was later found on a dark web database of leaked passwords, leaving the possibility that this user had reused the password on multiple accounts… Something which we always advise against! There was no evidence of phishing in this instance. (1)
- The JBS hack, JBS being one of the worlds largest meat processors were also hit with ransomware in 2021 with an even larger demand of £7.8million ($11million) which was paid to put an end to the incident. (2)
- More recently, as reported by BleepingComputer, Accenture in the UK was hit by what hasn’t been confirmed specifically as a ransomware attack, but an attack that was perpetrated by a known ransomware gang, Lockbit 2.0. Accenture in this case isolated the problem servers and restored from backups, but that isn’t stopping the gang from demanding $50million under threat of them releasing 6TB of Accenture data onto the dark web that may have been exfiltrated. (3)
And it’s not just ransomware on the rise, 2021 also saw its fair share of novel attacks and software vulnerabilities…
- Solarwinds saw hackers breach their systems and inject malicious code into regular updates for their Orion software. This code would then create a backdoor on client IT systems for further exploitation. Very different to the ransomware attacks, in this case the hackers took great care not to raise suspicion and had been in the system for months before one of their clients, a cyber security firm called FireEye traced a breach of their own back to the software. (4)
- Microsoft had to rush to fix several exchange vulnerabilities back in March 2021 which could have allowed attackers to gain full control of servers running exchange 2013-2019. (5) Recent news updates also report that hackers are actively looking for vulnerable servers with the use of Autodiscover.
A few months later, Microsoft then had to contend with the print nightmare vulnerability, in which PCs / servers running the print spooler (most of them do, and if you print, then yours certainly does) could be used to authenticate users at the system level. So an attacker getting into a regular user profile could give themselves above admin level access. Both this and the above exploit had to be fixed by patches, and in the case of the latter, additional registry edits. (6)
The above are just some of the more prominent cyber-security issues of the last year, but many more happen on a smaller scale all of the time. The 2021 Cyber Security Breaches Survey found that 39% of UK businesses have had a security breach or attack in the last 12 months. (7)
Why are cyber attacks on the rise?
We can never say for certain why the number of cyber-attacks have increased over the past year or so, but a very likely candidate more recently has been the rise of the COVID pandemic and the need for a speedy and prolonged move to remote working. This in itself will have opened businesses up to many new attack surfaces, such as through Virtual Private Networks, Remote Desktop Protocol and the interactions between these and other remote connection methods and potentially users home PCs, which tend to be far less secure than business managed ones.
There has also been a steady increase in state-sponsored hackings (8), and regardless of whether hackers fall into this category, or criminal gangs, the practice can be very profitable (for the hackers), in terms of money or information, yet have devastating financial affects for the hacked companies. Many of the larger companies which are falling victim to cyber-attacks are paying out their ransoms, which only encourages more of the same malicious attacks.
The before mentioned Breaches Survey also have plenty to say about the nature of breach attempts, with a staggering 83% of businesses reporting phishing attempts in the last year (phishing being emails trying to get usernames and passwords from workers one way or another) (7). It can’t be stressed enough how important vigilance by employees is to preventing breaches. Tactics such as phishing and calls / emails impersonating others to get credentials are broadly referred to as “Social Engineering” attacks. They rely on circumventing some of the technological protections such as strong passwords, antivirus and security policies, by going straight for the one thing that is generally not directly monitored and controlled…users.
It should go without saying, but just looking at the above cyber security breach examples should give you more than enough reasons to make sure your business is cyber secure, both from a technical and staff training standpoint so that you as a business stand the best chance of not being the next cyber-attack victim.
If you would like a more in-depth chat about cyber security and its affect on businesses, do get in touch. We also have a ‘Social Engineering Red Flags’ infographic which will help guide you on cyber security threats to look out for…