zephyr_p - stock.adobe.com
The past 12 months have seen no shortage of cyber crime incidents as ransomware gangs ran amok, with security teams seemingly powerless to do much more than watch on in shock.
Some of the bigger cyber attacks of the year even had damaging real-world implications, which served to bring cyber crime mainstream attention, and to the top of national security agendas, particularly in the US and UK.
Meanwhile, the impact of the Covid-19 pandemic continued to loom large, with cyber criminals showing no shame as they attempted to disrupt organisations in the healthcare sector.
Here are Computer Weekly’s top 10 cyber crime stories of 2021:
Though it did not trouble the fuel supply at petrol stations in the UK, the DarkSide ransomware attack against Colonial Pipeline – the operator of the largest fuel pipeline in the US – in May 2021 was one of the most impactful cyber incidents of recent years. Indeed, it may have prompted concerted action against ransomware gangs at long last – time will tell.
As we reported in the immediate aftermath of the attack, the US government was forced to declare an emergency and the Department of Transportation temporarily relaxed regulations across most of the Mid-Atlantic and southern US, and Texas, that governed how long truckers were permitted to remain behind the wheel, to improve flexibility in the fuel supply chain.
It was a 4 July summer blockbuster as the REvil ransomware crew demanded a cumulative $70m ransom payment from over 1,000 businesses whose IT systems were locked after the gang compromised services provider Kaseya in a classic example of a supply chain hack. Such was the scale of the incident that the REvil group was forced to go into hiding for a time, subsequently emerging only to find that their infrastructure had been hacked back by law enforcement. One gang member is now facing extradition to the US to answer for his crimes; others are on the run.
Ransomware gangs come and go for many reasons, but one thing is certain, whether a rebrand of an existing group or a new player in the game, there will always be someone else ready to take their place. One of 2021’s more impactful emergent ransom crews is known as BlackMatter, and in September, we reported on a spate of attacks against multiple targets that prompted warnings from around the security community.
On the morning of 14 May, the Conti ransomware gang hit the headlines after they encrypted the systems of the Irish Health Service Executive in a callous and truly heartless cyber attack. The incident caused significant disruption to patient services across Ireland and prompted a large-scale response that even saw the army drafted in. Mercifully, there were no recorded fatalities as a direct result of the incident, but over six months on, the service has not fully recovered.
Cyber criminals also tried their best to disrupt the roll-out of the Covid-19 vaccine programme in Europe, when data relating to the Pfizer/BioNTech Covid-19 vaccine, which was stolen in December 2020 following a cyber attack against the European Medicines Agency, was leaked on the internet in January 2021. The data dump included screenshots of emails, peer review information, and other documents including PDFs and PowerPoint presentations.
6. Police raids around world after investigators crack An0m cryptophone app in major hacking operation
In June, police in 16 countries launched multiple raids after intercepting the communications of organised criminal groups. The gangs had been sending messages on an encrypted communications network, unaware that it was being run by the FBI. This was only one of several similar raids in 2021, which, while successful at disrupting organised and cyber crime, have at the same time surfaced legitimate concerns over the ability of law enforcement to conduct surveillance, and the admissibility of the evidence they collected.
In March, Computer Weekly broke the news that fashion retailer FatFace had paid a $2m ransom to the Conti ransomware gang following a successful cyber attack on its systems that took place in January. The ransomware operators had initially demanded a ransom of $8m, approximately 213 bitcoin at the prevailing rate, but were successfully talked down during a protracted negotiation process.
Over the years, Computer Weekly has often covered data loss incidents at organisations that failed to secure their databases correctly, so it was gratifying in May to find that cyber criminals and fraudsters are bad at operational security too. This unfortunate scammer accidentally exposed more than 13 million records in an open ElasticSearch database and in doing so blew the lid on a massive fake review scam implicating hundreds of third-party Amazon sellers in unethical and illegal behaviour.
Roy Castle and Cheryl Baker taught a generation of British schoolchildren that records are made to be broken, so perhaps members of the REvil ransomware gang also watched BBC1 after school when they were younger. Either way, the $50m ransom demand made against PC company Acer was – for a time – the highest ever made. Details of the record-breaking double-extortion attack emerged in March when the gang published Acer’s data to its leak site, but investigations by Computer Weekly’s sister titles LeMagIT and SearchSecurity were instrumental in uncovering and highlighting the ransomware demand.
Finally, in July 2021, we reported on how the increasing sophistication of the cyber criminal underground was being reflected in how ransomware operations put together their operations, seeking out specialist talent and skillsets. Indeed, researchers from Kela found that some gangs are coming to resemble corporations, with diversified roles and even outsourced negotiations with victims. Naturally, people skills are in high demand as gangs try to sweet-talk their victims into coughing up.