Top cyber security attacks and breaches in 2021

Top cyber security attacks and breaches in 2021

This year came with numerous types of extraordinary and advanced challenges for individuals as well as the organization. 2021 is considered one of the record-breaking years for losing data due to cyber-attacks and data breaches which are taking place in huge numbers.

As we all know how the implementation of technology is evolving these days, such as artificial intelligence and machine learning, which helps countries grow at the fastest pace, but malicious cyber attackers and data breaches are increasing with their greatest tactics for accessing information.

Facebook Data Leak showed Impact on 533 Million Users

CTO and co-founder of a cybercrime intelligence organization named Hudson Rock, Alon Gal, managed to discover the incident that involves the personal information of Facebook users from more than 106 countries, around 533 million users. The personal information carried birthday, bio, location, full name, relationship status, and past location of the members of Facebook. In the response, Facebook claimed that they were not aware of leaked information that is why we didn't inform our members about the leakage.

Later, the investigation was conducted by FTC, who concluded that Facebook had made use of settings and illusive divulgence for undermining the privacy preferences of the user in violation of an FTC order. In short, the report confirmed that Facebook had allowed third-party applications to collect facebook member's personal information.

Microsoft Exchange

In the month of March, the security firm named Volexity unearthed a Microsoft Exchange flaw, which enabled cyberattackers the installation of web shells to extract credentials data. Here, they used four CVEs for this process, and those are CVE-2021-27065, CVE-2021-26858, and CVE-2021-26857. Among four of these, the last one helps in providing access, and the remaining three focuses on implementation. Where around 10000 remain unpatched, and 120000 systems have been contaminated. NIST produced 4 other CVEs on 14 of April, which include remote execution.

Scripps Health Malware Attack

Scripps Health IT systems are San Diego’s non-profitable health care system that was closed down because of malware attacks, which includes 19 outpatient clinics and 5 hospitals.

Scripps Health confirmed on the 1st of May that their IT systems had been harmed due to a severe malware attack, which affected its clinics as well as hospitals. For security measures, they prefer suspending provisionally access of users to an IT system that also covers the patient portal.

Surgical procedures and patient appointments were provisionally canceled, and business has started again but not as usual yet.

JBS Faced a Ransomware Attack

JBS USA was founded in the month of May after they became the victim of cyber-attackers which already infected some of the servers supporting its Canadian, Australian, and United States IT systems. The organization seized everything system which seems to be infected and then approached third-party consultants and law enforcement for setting the situation by working with internal IT support.

JBS CEO, Andre Nogueria stated on the 3rd of June about the company which is able to revive the situation quickly with the help of professionals, governmental entities, and consultants. Hr also mentioned that the malicious attacker failed in breaking the core system.

McDonald’s Cyber Attack Targets Data

Once McDonald’s also became the successful victim of cyber-attack which involves the data extractions of numerous users. In countries like Taiwan and South Korea, the personal addresses, email addresses, and phone numbers of the customers get exposed. However, McDonald’s managed to handle the situation at the time by confirming that the information volume which is exposed is small and we had appointed consultants to deal with the situation. But it is confirmed that it took McDonald’s a week to stop cyber attackers from unauthorized access of their data.

These are top 5 breaches and cyber security attacks recorded in 2021, but undoubtedly it is not done yet. Fresh attacks are ready to target employee organizations by promising exchange of million dollars for validating account credentials to access initially.

Researchers confirmed, the LockBit RaaS (ransomware-as-a-service) gang has ramping up its targeted malicious attacks, attempts against firms in The U.K., Italy, Taiwan, Chile by utilizing 2.0 version of the malware. According to a Trend Micro analysis, cyber attackers have successfully employed LockBit 2.0 in the months of July and August.

On the other hand, a major investigation by journalists has uncovered the indication and evidence of malicious software being utilized by governmental authorities globally, which includes spying allegations on leading and prominent individuals known as Pegasus spyware.

Wissenhive has separately covered about Pegasus Spyware on how does it operate, serve, and how to know if your smartphone is at malicious risk?