The new year started out on the wrong foot for Mimecast. In January, the same bad actors responsible for the SolarWinds attack late in 2020 stole a digital certificate. That certificate then allowed the hackers to read and modify encrypted data. In addition to the digital certificate, privileged credentials were likely stolen. This breach affected about 10% of Mimecast’s 60,000 companies using their services. The number of potentially breached data records remain unknown.
2. Microsoft Exchange
Microsoft revealed in March that hackers were exploiting security gaps in its Exchange Server. Although they made their statement in March the vulnerabilities were known for 10 years and addressed with multiple patches. Hackers began their assault in January 2021, affecting upwards of 250,000 individuals, and costing corporations and governments significant bucks as they abandoned in-house email servers in favor of cloud-based email solutions. Thankfully this vulnerability had no impact on cloud-based Microsoft offerings like Office 365 and Microsoft 365 subscriptions.
3. NBA’s Houston Rockets
Showing a propensity for diversification, hacker groups targeted all kinds of businesses, including the National Basketball Association’s Houston Rockets. In this April ransomware attack, the bad actors claimed to have stolen confidential information. They demanded a ransom and, if not paid, the group threatened to release contract details as well as other sensitive information. The Rockets cooperated with the FBI, and the damage was not as severe as initially feared.
4. JBS Foods
Also in April, a ransomware attack shuttered operations of JBS Foods. The hackers took control of the company’s IT system and shut down operations in North America and Australia. Although experts generally advise against paying out ransoms, sometimes the company has no choice. If their systems are locked up, they’re not producing. In this case, as one of the country’s largest meat processors, JBS opted to pay the ransom to quickly get their operations up and running again.
5. Colonial Pipeline
In early May, compromised VPN credentials led to the shutdown of the Colonial Pipeline, a major fuel supply for the East Coast. Marking a move toward infrastructure attacks, the hacker group DarkSide was able to access Colonial Pipeline’s IT system. Many aspects of this breach are worrisome, but none more so than showing that hackers are getting very close to using similar tactics to gain access to operational technology (OT) control systems.
Kaseya is an IT solutions developer and in July, their VSA supply chain software was hit with a cyberattack that resulted in another record ransom request-this time $70 million. A fake update released by the attackers dispersed malware throughout Kaseya’s managed service provider clients. That action, in turn, had a downstream effect on other companies. Kaseya did not pay the ransom as it obtained the decryption software through a third party.
Apache Log4j is an open-source logging library used by the likes of Microsoft, Apple, Amazon, and Twitter. In December 2021, Apache disclosed a vulnerability and immediately released a patch. However, once that genie was out of the bottle, attackers moved quickly before companies could get their patches in place. Just a few short weeks after the patch was deployed, cybersecurity experts reported nearly half of all global corporate networks had seen attack attempts.
Should You Be Worried?
You might think, “well, that’s just happening to big companies. I’m ok.” True, your income statement might not look like theirs, but you’re still at risk. Cybercriminals are targeting small- to-midsize business with increasing frequency. They know these companies often have limited budgets and resources to fend off attacks. We’d love to talk with you about your data security concerns. Our Managed IT Services offer state-of-the-art security to deliver peace of mind at an affordable price. Contact us today!