Posted: 10th January 2022
With the Covid-19 pandemic forcing most businesses to unexpectedly digitally transform last year, 2021 saw a 29% global increase in cyber attacks in just the first 6 months.
With the forced move to home working for most people, businesses became more reliant than ever on technology, leaving new vulnerabilities for cyber criminals to exploit.
It’s reported that 47% of employees fall victim to phishing scams whilst working from home.
Many of the attacks through 2021 were ransomware attacks carried out by the growing number of ransomware gangs. In fact, by June 2021, 78.4 million ransomware attacks had been recorded – a new high.
However, there were also some major data breaches, supply chain compromises and DDOS attacks… things got pretty bad!
The 4 worst cyber attacks of 2021
SolarWinds: supply chain trojan attack
This highly sophisticated cyber attack started in September 2019 and lasted into 2021 with thousands of organisations being affected, including the US government, Intel, Microsoft and Cisco.
Cyber criminals gained unauthorised access to the SolarWinds’ network in September 2019 and laid dormant until February 2020. This is when they injected malicious code into the SolarWinds infrastructure. When SolarWinds sent out routine software updates, they unknowingly sent the malicious code with them, giving the cybercriminals access to customer information and IT systems, and enabling them to install more malware across other companies. In December 2020, the malware was finally found.
This attack is one of the largest and most sophisticated cyber attacks the world has seen.
Weir Group: ransomware attack
In September 2021, one of Scotland’s largest engineering firms was hit by a sophisticated ransomware attack. Luckily, this attack was spotted early, and the firm was able to limit the damage caused.
The Weir Group found malware in their infrastructure and were able to shut multiple systems down quickly enough to avoid further spread. The firm reacted well to the incident and yet it has still experienced revenue deferrals of around £50 million for the month of the attack. Not to mention the direct costs of the cyber attack which are expected to be up to £5 million.
Kaseya VSA: supply chain ransomware attack
Early July 2021, 30 managed service providers (MSPs) and their customers fell victim to a ransomware attack due to a vulnerability in this IT solutions developer’s software. Although only 0.01% of Kaseya’s direct customers were affected by the breach, the impact spilt over to the MSPs client, affecting over 1000 companies in total.
The cybercriminals demanded a ransom of $70 million which Kaseya did not pay and instead found means of decrypting their systems themselves. This is a perfect example of how a cyber attack can spread down a supply chain with widespread consequences.
Health Service Executive: ransomware attack
In May 2021, the Health Service Executive (HSE) of Ireland was targeted with ransomware. The attack caused all the HSE’s IT systems to be encrypted and shut down with a ransom payment of €16.5 million demanded to decrypt the data and to not publish any ‘private data’.
As the Irish government refused to pay the ransom, confidential medical information for 520 patients was released into the public domain, as well as other confidential corporate documents.
Eventually, the cybercriminals handed over the decryption tool free of charge, leaving the HSE to restore everything. Not a bad outcome you might think, however, this took over 4 months of downtime to restore all servers and devices with devasting consequences for employees and patients alike.
Learn more about the common cyber attacks on businesses and how to stop them.
Stay on top of cyber attacks
The world of cybercrime develops just as fast (if not faster) as technology and this recent cyber attack ‘boom’ is going nowhere fast. One careless click can be all it takes to compromise your systems, devices and your business.
When it comes to cyber security, we have a proactive approach: We monitor your systems on a daily basis and include regular cyber security audits as standard. Our audits are based on the Cyber Essentials 5 key controls, so you can be confident you’re staying ahead of the game.
To find out more, drop us a line – we’re waiting to share our expertise with you.