If you’ve seen the news at all this year, chances are you have seen headlines regarding cybersecurity breaches in major US organizations. Given the frequency, it’s no surprise that the total number of individuals affected by cyber breaches have increased by over 185%, from 8 million people in the first six months of 2020 to 22.8 million within the first 6 months of 2021 according the mid-year report from Fortified Health Security. In case you missed it, we have compiled 5 of the top cybersecurity breaches so far in 2021.
On February 5th, 2021, a plant operator noticed his cursor being moved on his screen, opening programs and software that control the water treatment of the facility. The operator was then caught off guard when he saw the level of sodium hydroxide in the water being increased.
Sodium hydroxide, or lye, helps remove acidity and metals from drinking water and it is safe at low level. The cybercriminal had increased the levels more than 100 times the standard amount. Lye poisoning can cause burns, vomiting, swelling in the throat, breathing difficulty, and vision loss when exposed or consumed by individuals. Luckily, the operator changed the levels back immediately, so no harm was done to the 15,000-person city of Oldsmar, Florida.
Executives of the Florida Water Systems have claimed that an automated PH testing safeguard would have caught this mistake and triggered an alarm before it hit the population. Unfortunately, no fail safe is perfect, and this hack could have caused incredible harm to the entire community.
The hackers entered the operating system by first exploiting a gap in their IT infrastructure. These networks were connected, making Florida Water Systems more vulnerable to attacks like this one. Pinellas County Sheriff, Bob Gualtieri, stated "There is merit to the point that critical infrastructure components shouldn’t be connected... If you’re connected, you’re vulnerable."
Although breached sometime in August 2019, data stolen from Facebook was released in April 2021 on a low-level hacking forum. This breach has since been resolved, but not before data was collected from roughly 533 million Facebook users, spanning over 106 countries. This information included:
While this information is not as sensitive as financial or medical information, any release of data can pose a threat to the affected users. For example, this data can be used to provide cybercriminals the crucial information they need to impersonate users or scam them by demonstrating a knowledge of who they are.
Many have looked down on Facebook for their decision not to notify the affected users that their personal data has been stolen and released to the public. This would have been a particularly smart move, as many users remain unaware that their information is no longer private and are at risk for cyberattacks. By notifying these users of the potential problems this breach created, they would have helped users become hyperaware of scams that land in their email inbox or over the phone.
3. Microsoft Exchange User Hack
In early January 2021, four zero-day bugs were discovered within Microsoft Exchange. Zero-day bugs are flaws in the security of a software that are known by the manufacturer, but with no known solution to fix it. By March 2nd, patches were released to secure these four vulnerabilities within the server software, but the damage was already done with Microsoft stating that these bugs were being exploited in "limited, targeted attacks".
Microsoft may not have been correct when calling these attacks "limited", as the number of victims is estimated to be in the tens of thousands. In fact, cybersecurity reported, Brian Krebs, has reported that the attack hit at least 30,000 Microsoft customers. These targeted attacks greatly range in industry, including organizations within law firms, higher education, small businesses, government entities, and more.
Microsoft was quick to blame this data breach on Chinese hackers dubbed Hafnium with alleged ties to the Chinese Government. Two cybersecurity experts that briefed the US National Advisors on this attack told security news and investigation site,KrebsOnSecurity, that Hafnium was thought to have seized control over "hundreds of thousands" of organization's Exchange servers worldwide.
Microsoft has warned their users to install the security patches delivered as to protect them from further damage. Additionally, they have stated that they are working with the Cybersecurity and infrastructure Security Agency for guidance and mitigation help for their customers. Microsoft has also encouraged that affected users to reach out to support for more help and resources.
4. Scripps Health Patient Data Breach
On May 1st 2021, the San Diego based, five hospital healthcare system was breached and infected with malware. The bad actors behind this attack stole 147,000 users personal information including users:
-Social Security Numbers
-Patient Care Records
This breach took Scripps Health's systems offline for nearly a month, with them back up and running by early June. These systems being down caused crucial problems, as it delayed providers from accessing medical records, including lab results, which in turn delayed critical patient care.
Scripps Health is now facing lawsuits from patients who claim that their data was not kept secure from cybercriminals due to the negligence of the care provider. The lawsuit claims that Scripps Health "failed to take appropriate steps" to protect patient data, and this could have been prevented by "properly securing and encrypting" the medical data. Additionally, plaintiffs claim that they are "at imminent and impending risk of identity theft" that "will continue for the rest of their lives" and that Scripps Health failed to comply with regulations such as HIPAA, the Federal Trade Commission, and more.
On June 1st, Scripps Health released a statement on their website stating that as soon as the unusual network activity was identified, they initiated their response protocol as well as an investigation. They claim that less than 2.5% of patients the Social Security number and Driver’s license were also affected. Additionally, they have mailed notification letters to those affected which provided guidance on how they can help protect their information, though they indicate that “there is no indication that any data had been used to commit fraud.”
5. Colonial Pipeline Ransomware Attack
On May 7th, the Colonial pipeline was shut down for the first time in its 57-year history after an employee found a ransom note on the computer. This pipeline provides 45% of fuel for the east coast and transports gasoline, diesel, jet fuel, and other products from the Gulf Coast. The shutdown lasted for 6 days which pushed costs to the highest prices in over 6 years due to the supply issue, caused mostly by panic. In order to retain balance, some states suspended state gas tax, while others enacted price gouging laws.
After the initial shut down, it was identified that a hacker gained access into the network through a VPN, or virtual private network, that allowed employees to remotely access the network. The hackers, thought to believe Russian based group, DarkSide, were granted access to the server by stealing a single password for the legacy VPN, as the pipeline used single-factor authentication. The Pipeline’s CEO, Joseph Blount, stated “It was a complicated password, I want to be clear on that. It was not a Colonial123-type password."
Blount stated that they began negotiations with the hackers during the evening of May 7th, and subsequently authorized a 75-bitcoin ransom, valued at $4.4 million, although 64 were eventually recovered by the Ransomware and Digital Extortion Task Force. Pipeline executives were unsure how badly the attack had breached the system as well as how long it might take to bring the pipeline backup. After payment, the hackers provided Colonial Pipe with an encryption tool, which helped “to some degree” but it still took significant work to get them back up and running.
Blount has stated that due to this breach, the company is now compliant with cybersecurity regulations “almost to a T” to prevent future ransomware attacks.
Need help identifying your organization's security gaps to help prevent cybersecurity breaches from occurring in your organization? Book your free consultation today!