This article is the second part of our cybersecurity series. If you haven’t yet, check out the first part, “The 5 Most Common Types of Cyberattacks: Essential Knowledge to Safeguard Your Digital Assets.“
What price are we paying for attacks in cyberspace? Statistics
It’s estimated that by 2025, cybercrime will cost the world 10.5 trillion dollars.
According to the “Cost of Cybercrime Study” by Accenture, 43% of cyberattacks target small businesses, but only 14% of attacked organizations are prepared to defend themselves.
As Checkpoint reports, the average number of attacks on companies per week worldwide in 2022 is 1200. It’s a 32% increase from the previous year.
The government and military sector reports 1600 attacks per week, a 44% increase. The education sector faces 2315 attacks per week, up 53%.
These staggering numbers underscore the critical need for robust cybersecurity measures across all sectors. We can never be sure about our security. This is true for both individuals and the biggest companies.
Understanding the scale and frequency of these attacks is the first step in preparing and protecting your organization against the ever-evolving threat landscape.
Major cyberattack examples from 2020 to 2022
Let’s go through the attacks from 2020 to 2022. These examples of cyberattacks show that the most common targets for cybercriminals are supply chain entities for larger companies, as well as the medical sector, from which hackers steal our health data.
#1 Microsoft
In 2020, a blog post on Microsoft’s website mentioned that an internal database related to customer service accidentally leaked online.
The database was supposed to contain anonymized user data for analysis. However, the database, which turned out to be unprotected by a password, contained over 250 million records of customer data collected over 14 years of the company’s operations.
Microsoft blamed this incident on a wrong configuration of Azure security rules set on December 5, 2019. The leak exposed email addresses, IP addresses, and other customer-related data.
Microsoft stated that no other personal data were stored in the database.
2# Marriott International
Hackers attacked Marriott International in mid-January 2020. The incident led to a data breach that affected about 5.2 million guests using the Marriott Bonvoy loyalty program. In response to the attack, Marriott forced a change in login data for the accounts of affected users and suggested they enable multi-factor authentication.
It was announced in March 2020 that franchise network employees had gained access to the customer database.
It wasn’t the only incident Marriott had to deal with. Data breaches were also recorded in 2018 (sources say 500 million guests’ data was exposed) and 2022, when hackers accessed confidential business documents, information about hotel customer payments, and their credit card numbers.
#3 Estée Lauder
Jeremiah Fowler, a security researcher and co-founder of Security Discovery, found a huge database online belonging to Estée Lauder, a giant in the cosmetics industry.
According to Fowler, an unprotected archive exposed confidential customer information stored in over 440 million records. It was not apparent whether payment information or other sensitive data was unprotected, but email addresses, IP addresses, and other information became available to anyone.
A spokesperson for Estée Lauder later explained that the data exposure was due to flaws in the security of the middleware software. The flaws could have let malicious software access the company’s applications, data, and systems.
The database was likely part of an educational platform that didn’t contain any consumer data. The company says that there was no evidence of unauthorized data use.
#4 Zoom
In April 2020, many companies switched to remote work because of the global pandemic situation. Businesses and organizations installed various communication tools so employees could stay in touch.
One of the most popular platforms for video conferencing was Zoom, which quickly became a target for hackers. In the same month, a dark web site offered 500 million logins and passwords for the Zoom application for sale.
Due to low security, the phenomenon of hacking and disrupting the flow of (theoretically) private conferences spread quickly. The phenomenon was named after the application: zoombombing.
Besides the attack itself, security researchers also discovered that the company was sharing data of Zoom users (without their consent) with Facebook. Users were dissatisfied with this fact. Also, without notifying anyone, Zoom started storing user data on servers in China due to high demand and increasing maintenance costs.
Zoom tried to address these issues, and the CEO publicly took responsibility for them. In response to these issues, the United States Federal Trade Commission made Zoom take specific and comprehensive measures to protect data.
As a result of the attack, Zoom’s reputation was so damaged that some organizations banned their subordinates from using the application.
#5 EasyJet
British airline EasyJet announced in 2020 that it had been the victim of a “sophisticated” cyber attack. As a result, the email addresses and data related to the travel of approximately 9 million customers were exposed.
The British airline faced a class action lawsuit filed by customers affected by the disclosed data breach. It was estimated to be worth £18 billion.
#6 X (Twitter)
In July 2020, hackers took over more than 130 Twitter accounts with millions of followers. The accounts belonged to well-known and prominent individuals like Barack Obama, Joe Biden, Jeff Bezos, Bill Gates, Elon Musk, and companies such as Uber and Apple.
The attackers, posing as the victims, posted tweets asking people to send bitcoins to a specific cryptocurrency wallet. In return for sending money, the donor was supposed to get a gift of double the amount they sent.
Thousands of people fell for this scam. They didn’t know that the messages didn’t come from celebrities.
The accounts were hacked through a “coordinated social engineering attack” on Twitter employees. The attackers gained access to the company’s internal tools, which allowed them to change and take over selected accounts.
Three hours after the incident, Twitter announced that it had resolved the issue, but the scam had resulted in over $100,000 in losses. Coinbase, a cryptocurrency exchange, reported that by blacklisting wallet addresses appearing in the fake tweets, it managed to block over a thousand transactions worth more than $280,000.
Two weeks after the incident, the United States Department of Justice announced the arrest of three individuals, aged between 16 and 22, related to the scam and charged them.
#7 University of California San Francisco
The University of California, San Francisco, reported an attack on the IT systems of the UCSF School of Medicine. Two days earlier, attackers had used ransomware to encrypt files on servers and block access to them. The encrypted files were research data intended for public benefit.
At the time, the institution was working on a drug for COVID-19. Hackers pointed to UCSF’s billion-dollar revenues, which they knew from previously accessed financial data, and demanded a ransom of 3 million dollars.
The university negotiated with the attackers, and it allowed them to reduce the amount to 1.14 million dollars. The school eventually paid in bitcoins.
The NetWalker group responsible for the attack was also identified as the perpetrator of attacks on at least two other universities that same year.
#8 Garmin
A few days after the problems Twitter faced, a ransomware attack hit Garmin. The company had to block access to several of its services because hackers broke into its corporate network, call centers, and production systems.
As a result of the attack, Garmin’s website went down and also did the system responsible for syncing data between the accessories sold by the company and its servers. This prevented customers from using most features of the devices and apps. They couldn’t log training sessions or access health data on their smartwatches or phones. Airplane pilots could not download flight plans needed to navigate planes according to FAA requirements.
At first, Garmin didn’t provide any details about the incident, but some employees shared this info on social media.
Unofficial reports claim a 10 million dollar ransom was paid to restore the network and system, although Garmin has not confirmed this.
#9 SolarWinds
SolarWinds is a software company that provides tools for managing systems, monitoring networks, and infrastructure for thousands of organizations worldwide.
SolarWinds monitoring tools have broad access to IT systems to gather log data and performance information. SolarWinds’s large customer base attracted cybercriminals. Hackers hacked the software produced by the company, which then reached its customers. It let them gain quick access to thousands of organizations.
Reports indicate that the malware affected U.S. government departments, including the Departments of Commerce, Treasury, State, and Homeland Security, as well as private companies such as Microsoft, Intel, Cisco, and Deloitte.
The attack was detected in December 2020 when the cybersecurity firm FireEye confirmed it had been infected with malicious software. It found the same type of infection in its clients’ systems. Microsoft also confirmed that it found signs of the hacker’s software in its own systems.
The attackers using SolarWinds software were a group called UNC2452, sponsored by the Russian government.
Although their actions were discovered in December 2020, an internal investigation showed that the first network breach at the software provider occurred in January 2019. It is estimated that 18,000 customers downloaded faulty updates from early March 2019.
#10 CNA Insurance
CNA Insurance is one of the largest insurance companies in the United States. Attackers broke into the company’s network and encrypted data on fifteen thousand devices, including those used for remote work.
The attack exposed the personal information of seventy-five thousand employees (past and present) and their Social Security numbers. The media revealed that the company agreed to pay a $40 million ransom.
#11 Colonial Pipeline
Colonial Pipeline, a company that delivers about 45% of the fuel on the East Coast of the United States, discovered it had fallen victim to a ransomware attack. The DarkSide group hacked into the company’s systems, stole 100GB of data, and infected computers. It succeeded thanks to an earlier leak of the company’s VPN credentials (most likely through the personal password of a company employee found on the dark web).
While Colonial Pipeline’s corporate IT network suffered as a result of the attack, the hardware and software that control the company’s physical assets, processes, and events were unaffected. However, as a precaution, the company decided to temporarily disable its pipeline management systems to ensure that the infection did not spread to other areas. This resulted in the suspension of fuel deliveries along the coast of the United States (12 states in total).
The hackers demanded a ransom, and the CEO of Colonial Pipeline ultimately authorized a payment of $4.4 million in bitcoins to restore the systems. Through the efforts of the Department of Justice, approximately $2.3 million was recovered.
#12 JBS
JBS is a Brazilian meat processing company. It is the third largest company of its kind in the world.
JBS discovered the intrusion when its IT team noticed irregularities in some of its internal systems. After contacting the FBI and security experts, the company began shutting down systems to slow down the attack.
As a result of the hackers’ actions, slaughterhouses were disabled and facilities in the United States, Canada, and Australia were affected.
Faced with the risk of data loss, JBS paid an $11 million ransom (one of the largest ransoms ever paid for ransomware) to hackers from the Russian group REvil.
#13 Kaseya
Following the attacks on JBS and Colonial Pipeline, the same group of hackers used the same tool to attack Kaseya, a provider of remote monitoring and management software for large IT infrastructures.
The attack on the company had two parts. First, the criminals exploited a vulnerability in Kaseya’s VSA software, which gave them access to the company’s servers. These servers were used in the second phase of the operation to spread the malware to the company’s customers (an estimated 1,500 were affected).
As a result of the successful attack, the criminals targeted the company with a ransom demand of $70 million – the largest ransom ever announced. Kaseya notified all customers of the problem and shut down data centers for the duration of the investigation.
It was another high-profile attack of this type that prompted U.S. President Joe Biden to warn the Russian President that the United States would take action against the worst hacking gangs operating on Russian soil. Kaseya quickly developed a universal decryption key and avoided paying criminals. This led to speculation that U.S. agencies had hacked the Russian REvil group.
#14 Crypto.com
On Wednesday, January 19, 2022, Crypto.com CEO Kris Marszalek confirmed a security breach of the service’s accounts. 483 users of the application associated with the cryptocurrency exchange became victims of the hack.
As we can read in the company’s official message, unauthorized withdrawals amounted to 4836.26 ether (£11.14m), 443.93 bitcoin (£13.7m) and about $66.2 thousand (£48,638.45k). Some of the ransoms were paid in other currencies.
The company’s CEO took the mistake as a very important lesson, which led to changes in the infrastructure in the near future, as well as strengthening the two-step user authentication.
Cryptocurrency markets are becoming increasingly tempting, especially as a result of rising inflation, some people are looking there for salvation for their finances. However, investing in cryptocurrencies continues to raise concerns among consumers surveyed from time to time, especially due to the incomprehensible and huge fluctuations in prices. In addition, if we look at the Crystal Blockchain Report, we can see that more than $4 billion worth of cryptocurrencies were stolen in 2021, which is almost three times more than in 2020.
#15 NVIDIA
One of the world’s largest producers of graphics processors and other computer market integrated circuits was attacked by ransomware in February 2022. Data from the infected machines, which included proprietary information and employee credentials, began to appear online. The Lapsus$ group claimed responsibility for the attack, publicly confirming that they had accessed 1 TB of data.
In exchange for unlocking the computers, the hackers demanded that NVIDIA remove the Lite Hash Rate feature, which prevents cryptocurrency mining, from their new graphics cards and release the source code of their drivers under an open-source license. NVIDIA responded quickly to the ransomware attack by strengthening its security measures and immediately engaging experts to contain the situation.
Some news outlets even suggested that NVIDIA allegedly “hacked the hacker,” tracking down Lapsus$ members and infecting their systems. However, this information has not been officially confirmed. NVIDIA did not confirm these rumours or address them in their statement. According to current U.S. law, hacking hackers is illegal.
The attackers claimed to have stolen over 70,000 employee email addresses and passwords and information on yet-to-be-announced processors, SDKs, and GPU source code.
#16 Kojima Industries, Denso and Bridgestone
When the first of the automotive suppliers, Kojima Industries, was hit by a cyber attack, it had to shut down operations at its 14 Japanese plants.T he attack reduced the company’s monthly production capacity by 5%, according to web reports.
Eleven days later, two other suppliers, Denso and Bridgestone, also fell victim to ransomware attacks.
Denso, a Fortune 500 company, supplies automotive components to major manufacturers such as Toyota, Ford, Honda, Mercedes-Benz, Volvo, Fiat, and General Motors. With more than 200 subsidiaries worldwide and more than 168,000 employees, the attack on Denso was claimed by the Pandora Group, which threatened to leak trade secrets, transaction information, orders, technical diagrams, and emails.
Meanwhile, Bridgestone, the world’s largest manufacturer of rubber products and tires, faced an attack that shut down computer networks and manufacturing facilities in Central and North America. LockBit claimed responsibility for the attack.
#17 Shields Health Care Group
Shields Health Care Group, an independent healthcare provider, fell victim to a hack in early 2022. As a result, the data of 2 million patients was stolen, and the breach affected 56 healthcare facilities and the patients they treated. In a statement, the company said it learned of the attack on March 28 and immediately hired cybersecurity specialists to determine the scope of the incident.
It turned out that the hackers had access to the organization’s systems from March 7 to March 21, allowing them to potentially gain insight into patient information, which included: names, Social Security numbers, birthdays, home addresses, benefits information, health insurance information, and access to medical records. The case resulted in a class action lawsuit filed by affected individuals.
#18 Government of Costa Rica
On April 17, 2022, a ransomware attack was launched against nearly 30 institutions of the Costa Rican government. Affected by the crime were, among others, The Ministry of Finance, the Ministry of Science, the Ministry of Innovation, the Ministry of Technology, the Ministry of Telecommunications, the Ministry of Labor and Social Security, the National Meteorological Institute, the National Internet Service Provider, the Social Security Fund, the Social Development and Family Benefits Fund, and the Administrative Board of the Municipal Electricity Service.
The incident gained significant attention as it was the first time a country declared a state of emergency in response to a cyberattack. The attack paralyzed government services and the private sector involved in import/export activities. The attack also impacted the tax systems and the national budget, causing around 16,000 public sector employees to either not receive their salaries or have them miscalculated. Dozens of people took to the streets in protest.
The Conti group claimed responsibility for the attack, initially demanding a ransom of $10 million, which was later doubled.
Another attack occurred at the end of May, plunging the country’s healthcare system and social security fund into chaos. This time, it directly affected ordinary Costa Ricans by blocking the country’s healthcare systems. The U.S. Department of State offered a reward of $10 million for anyone who provided information leading to the identification of the leaders of the hacker group responsible for the attack.
Conclusion
The threat of cyberattacks is real and growing.
From small businesses to global corporations, no one is 100% safe. Hackers try to steal, damage, and disrupt, costing billions each year.
The stories of major breaches show just how clever and destructive attackers can be. To protect against such threats, stay updated and educated, and take security seriously.
No matter how big or small the company, understanding and preparing for cyber threats is a must.