The year 2021 is presenting a new variety of extraordinary challenges for companies and individuals as well. 2021 can be referred to as a record-breaking year for data lost due to a lot of data breaches and cyber-attacks taking place this year. Because of the implementation of evolving technologies such as machine learning and artificial intelligence, as well as the greater tactical cooperation among hacker groups and state actors, there is an increase in the number of data breaches and cyber-attacks taking place.
Take a look at the top cybersecurity attacks in 2021
In April, Alon Gal, co-founder, and CTO of cybercrime intelligence firm Hudson Rock seemingly discovered the latest incident which involved the personal information of 533 million Facebook users from 106 different countries. The personal information included Facebook members’ bio, birthdate, full name, location, past location, relationship status, and Facebook IT. The members of the hacking forum have got access to freely avail these pieces of information. Facebook claims that it did not know whose information was leaked and therefore could not inform the members about the leakage.
FTC conducted an investigation pertaining to the incident and concluded that Facebook had used illusive divulgence and settings to undermine users’ privacy preferences in violation of a 2012 FTC order. In short, it means Facebook has enabled third-party applications to collect personal information of Facebook members whose friends had downloaded the applications.
Microsoft Exchange, A Lack of Mending
In March, Volexity, the security firm, unearthed a Microsoft Exchange flaw that enabled hackers to install web shells to extract data and credentials. The four CVEs that were involved are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Among these the first one provides access and the last three allow code implementation. 120,000 systems had been contaminated and less than 10,000 remained unpatched.
On April 14, NIST produced four other distinctive CVEs, all of which included remote execution. Though the FBI’s attempts are necessary, organizations cannot depend on the agency for their safety.
Scripps Health Malware Attack Could Cost Lives
In May, Scripps Health IT systems were closed down due to a malware attack. Scripps Health is a nonprofit health care system in San Diego, Calif. It includes 5 hospitals and 19 outpatient clinics. On May 1, Scripps Health said its IT systems had been harmed by a malware attack that affected its hospitals and other clinics. The company provisionally suspended user access to IT systems, including the patient portal.
Patient appointments and surgical procedures were canceled provisionally and business has recommenced, though not as usual yet.
McDonald’s Cyber Attack Targets Data
On June 4, Mcdonald’s became the victim of a successful cyber-attack that involved the extraction of data. In South Korea and Taiwan, customers’ email addresses, physical addresses, and phone numbers were exposed. Also in Taiwan, some employees’ names and contact information were exposed. However, Mcdonald’s claimed that the volume of information exposed was small and that it had appointed outside consultants to deal with it. It took the company one week to stop unauthorized access to the data.
JBS Faced a Ransomware Attack
In May, JBS USA found that it was the victim of a cyber-attack that infected some of the servers supporting its U.S., Australian, and Canadian IT systems. The company seized all infected systems and then approached law enforcement and third-party consultants to work with internal IT to settle the situation.
On June 3, Andre Nogueria, JBS CEO, stated that the company was able to revive quickly with the help of government consultants and entities. He also said the hackers failed to break the core system which lessened the possible impact.