During the first six months of 2021, the number of cyberattacks soared by 125 per cent year on year, as revealed in the new Cyber Report from Allianz. The main driver is the COVID-19 pandemic, which is creating a domino effect. As people increasingly outsource their activities to the digital world and work from home, companies must grapple with IT budget cuts. This makes light work for hackers, who are skilfully exploiting new entry points. Their attacks can quickly paralyse entire supply chains, sometimes creating emergencies or restricting the supply of petrol for an entire country. And as if that were not enough, the primary goals of cybercriminals remain unchanged, as Peter Schmitz, Editor-in-Chief of the Security-Insider, recognised back in 2011. Hackers are stealing large volumes of sensitive customer data and misusing them to commit additional security breaches. Years after this expert’s guest commentary, the focus of attention is still on customer data. However, the global strategies pursued by cybercriminals are new. Security expert Nevis summarises the top 7 cybersecurity breaches in 2021 and explains how two-factor authentication can easily plug any vulnerabilities in your company as part of CIAM.
Cyberattacks can have serious consequences regardless of whether they target municipalities, healthcare facilities or companies. After all, attacks not only affect the financial health of the targeted company, but also the victims, their customers and unrelated third parties. This is highlighted in the report on The State of IT Security in Germany in 2021, which also warns that information security – a prerequisite for sustainable and successful digitalisation – is currently insufficient. A large number of serious vulnerabilities in IT products combined with the evolution and professionalisation of attack methods are setting off red alerts in many different domains. The top 7 cybersecurity breaches in 2021 illustrate the explosive nature of the topic and highlight the vulnerability of digitalisation to cyberattacks.
Unsecured database disclosed the data of millions of users
Whereas Facebook, LinkedIn and other services are part of everyday life for many people, the company Socialarks is relatively unknown. This changed suddenly in January 2021 when the Chinese social-media management company hit the headlines following a cyberattack against an unsecured database. The company uses its data management tool to help social media platforms deploy advertising and marketing campaigns. The data leaked during the hack originated from an incorrectly configured Elasticsearch database that had neither password protection nor encryption despite the fact that it contained the personal data of 214 million (408 GB) social-media users from all over the world. Put simply, anyone who knew the IP address of the server could access the database and help themselves to the users’ personal data. In total, the database contained information about almost 12 million Instagram users, more than 66 million LinkedIn profiles and roughly 82 million Facebook profiles.
Even an external cloud is not impervious to hackers
Sometimes, the criminals don’t even need to access internal systems. In January, renowned hacker group ShinyHunters stole data belonging to 7 million users from men’s clothing store Bonobos, which Walmart acquired in 2017. Included in this haul were addresses, account details as well as 3.5 million credit card numbers and password histories. This time, the cause was a security loophole that allowed the hackers to access a backup file hosted in an external cloud environment. This revealed the security gap and disclosed the database – an SQL file containing 70 GB of data, which ShinyHunters immediately made available free of charge on a hacker forum. Bonobos responded not only by notifying its customers but also by disabling access points and resetting passwords in order to protect customer accounts.
When a cyberattack causes supply shortages
A ransomware attack on the fuel distributor Colonial Pipeline led to nationwide supply shortages of petroleum in the USA. The largest pipeline in the USA by volume, which runs from Houston to New York, is responsible for 45 per cent of the supply of petroleum, diesel and jet fuel on the east coast of America. However, the hacker organisation DarkSide created an incident with unimagined consequences.
After successfully deploying a trojan, the group stole 100 gigabytes of data, which it then threatened to release unless a ransom amounting to millions of dollars (US) was paid. As a result, the pipeline was temporarily shut down. Although it remains unclear whether the ransom was actually paid, financial news agency Bloomberg reported that the company transferred five million (US) dollars to the hackers in an untraceable cryptocurrency. Ransom or not, the shutdown of the pipeline immediately drove up petroleum prices in the USA, which jumped six cents per gallon. This led to panic buying at petrol stations, interruptions to deliveries and a supply shortage that saw up to 70 per cent of petrol stations run dry in some areas. In Virginia alone, around 53 per cent of all petrol stations were affected.
Customer data inadvertently made accessible
For over a year, the contact details of more than 3.3 million Volkswagen customers from Canada and the USA were freely available on the Internet. This was due to a slip-up by a business partner that failed to secure the data properly. Specifically, the breach involved data about existing and potential customers of the subsidiary Audi, which had been collected between 2014 and 2019. The sensitive information, in this case, covered the entire spectrum, from the brand and vehicle model of the requested car as well as confidential data including the driver license numbers and registration numbers of approximately 90,000 Audi customers, not to mention highly sensitive information such as national insurance numbers and tax IDs.
LinkedIn data offered for sale
A hack in April was the second time in succession that business platform LinkedIn had fallen victim to a cyberattack. While the first attack affected data belonging to more than 500 million users, the number impacted by the second attack was substantially higher at 93 per cent of all LinkedIn users. Consequently, almost all of the site’s current 756 million members have been affected. In both cases, the data haul was offered for sale on a hacker forum, and some of it was made freely accessible. The technique employed by the criminals was brazen because it didn’t even involve data leaks. Instead, only publicly available information from LinkedIn was accessed and then combined with data from other sources. This included the full name of the user, address, phone number and additional personal details.
When a cyberattack triggers a catastrophe
In June last year, a cyberattack paralysed the district of Anhalt-Bitterfeld in the eastern German state of Saxony-Anhalt for more than a week, triggering the country’s first cyber-catastrophe. The incident was caused by an attack on the computer systems at the district’s regional office, which is responsible for some 157,000 inhabitants. Several servers were infected, programs encrypted and access to the IT systems in the office completely blocked. A total of around 800 employees at the sites in Kötchen, Zerbst and Bitterfeld were impacted, which meant that all services for citizens such as car registrations or the payment of welfare benefits had to be temporarily suspended. The district was able to accelerate the response by declaring a catastrophe. In this type of situation, a team led by the district commissioner then steps in to coordinate cooperation with the Federal Office for Information Security (BSI) as well as the defensive measures. This was the first time that a municipality in Germany had taken such action. Due to the ongoing criminal investigation, details of the perpetrators have not been released.
Domino effect shuts down thousands of companies
A cyberattack on the desktop management tool VSA supplied by US provider Kaseya threatened global supply chains during the summer. The hackers managed to seize control of the tool and imported an update containing malware that subsequently infected thousands of the American management software provider’s customers. In this case, the suspected attacker is the “REvil” group, which demanded a ransom of USD 70 million in Bitcoin to secure the release of the stolen data.
The encryption blocked access to entire billing systems. In the USA alone, eight IT service providers and 200 corporate customers were affected. This ransomware attack was also felt in Europe, where the Swedish supermarket giant Coop was forced to close its 800 branches for three days. The state railway company SJ, a pharmacy chain and petrol stations in Sweden were also affected. The attack highlighted just how easy it is for unauthorised persons to launch strikes against state actors in order to paralyse society and disrupt global supply chains.
Using the latest security technologies to close IT vulnerabilities
Putting a stop to hackers in 2022 requires management of access authorisation backed up with passwordless authentication. The solution is customer identity and access management, and it provides a full overview of each user. Two or more factors of the user are queried for this purpose. In addition to the traditional password, there are options such as smartphones and biometric factors in the form of fingerprint or iris scans. This combination ensures that cybercriminals, who generally only know the password, are identified early and blocked from gaining access. What provides added security convenience for users on the one hand also optimises the digital infrastructure and management of users for companies on the other.