Cybercriminals were very busy in 2021. Here are three of the most troubling cyberattacks they perpetrated.
The year 2021 was a busy year for cybercriminals — and for the US Federal Bureau of Investigation’s (FBI’s) Internet Crime Complaint Center. “IC3 saw complaints increase nearly 70% between 2019 and 2020,” said the FBI. “The latest numbers indicate 2021 may be another record year.”
One particularly telling number was reached back on May 15, 2021. On that day, the center received its 6 millionth complaint. “It took nearly seven years for the FBI’s Internet Crime Complaint Center (IC3) to log its first million complaints,” said the FBI. “It took only 14 months to add the most recent million.”
While the increasing rate of cyberattacks in 2021 is alarming, some of the cyberattacks are concerning for other reasons. Here are three of the most troubling cyberattacks and why we should be worried:
- T-Mobile Data Breach
In August 2021, hackers stole the personal data of more than 54 million past, present, and prospective T-Mobile customers. In addition, data about 52,000 current Metro by T-Mobile customers was taken. Besides names and addresses, the stolen data included Social Security and driver license numbers.
The number of victims is not why this cyberattack is concerning. While 54 million is a big number, much larger data breaches have occurred. Yahoo, Aadhaar, and Cam4 have had breaches that involved billions of victims. This cyberattack is troubling because it is the fifth major data breach at T-Mobile in the last three years.
T-Mobile is not the only company that has experienced multiple breaches. LinkedIn, Marriott International, and Yahoo are only some of the many large businesses that have experienced two or more breaches.
Multiple data breaches are also common in small businesses, according to the Identity Theft Resource Center’s “2021 Business Aftermath Findings” report. Sixteen percent of the 1,467 small businesses represented in the study reported having a data breach — and nearly 75% of those 235 businesses have experienced two or more breaches.
Having multiple data breaches is indicative of a larger problem: Despite being attacked, some breached companies fail to find and fix the weaknesses in their IT systems to prevent future data breaches. Cybercriminals know this so they try to attack victims again.
- Google Brand Phishing Attack
A phishing email supposedly from Google was making the rounds during the third quarter of 2021. The cybercriminals took great care in making it look like a real email from Google.
The email had the subject line “Help strengthen the security of your Google Account” and was sent from a spoofed Google email address that looked legitimate at first glance. The email message began with the statement “Add ways for us to make sure it’s you”, which was displayed in large letters using the same font that Google uses. The email went on to say, “Users with extra ways to verify their identity are far less likely to be hacked or locked out. Add additional ways to prove it’s really you and see other personalized security recommendations in the Security Checkup.”
If the email recipients clicked the “Take action” button or the accompanying link in the email, they were sent to a fake Google login page that looked like the real deal. Google users who entered their credentials were handing them over to cybercriminals.
This is an example of a brand phishing attack that cybercriminals use to trick people into revealing sensitive online account information. Cybercriminals create emails or texts that look like the ones from popular brands. The top 5 impersonated brands are Microsoft, Amazon, DHL, BestBuy, and Google, according to Check Point researchers. The emails and texts try to get the recipients to click a link that takes them to a fake malicious web page. Typically, the web page instructs them to log in to their account or provide some other type of sensitive information.
Brand phishing attacks have become so prevalent in recent months that the FBI issued a warning about them on November 23, 2021. “As consumers more routinely make purchases, conduct business, and receive support online and through mobile applications, cybercriminals continue to target brand-name consumers due to the sheer number of people using brand-name services and the level of trust and legitimacy associated with these companies,” stated the FBI.
- Quanta Computer Ransomware Attack
In April 2021, a ransomware gang named REvil hacked into the network of Quanta Computer, an electronic device manufacturer that Apple and other electronic companies use to assemble their devices. Before encrypting Quanta’s files, the gang stole a lot of data, including proprietary information for several soon-to-be-released Apple products.
Quanta refused to pay the $50 million ransom, so the cybercriminals upped the ante two ways. First, they started demanding $50 million from Apple as well as Quanta. Second, they threatened to sell the stolen Apple documents to the highest bidder if their ransom demand wasn’t met.
This cyberattack spotlights a dangerous trend: Ransomware gangs are increasingly focusing on data theft and extortion. Initially, they would steal data before encrypting it to simply pressure companies that were unwilling to pay the ransom. However, the gangs have discovered that the fear of having data publicly exposed is an effective motivator in and of itself, especially if the stolen files contain proprietary or personal data. The latter is of particular concern because many companies use and store personal data that is regulated by laws such as the US Health Insurance Portability and Accountability Act (HIPAA). Having data stolen is considered a data breach. If the stolen data is publicly posted, regulators might find out about the data breach and fine the business.
Some gangs even use the data they steal during ransomware attacks for additional extortion attempts later on. For example, one gang member stole thousands of patient records from a psychotherapy practice. The records contained the patients’ personal data and therapy-session transcripts. Initially, the gang member posted some of the patients’ personal data on a leak site to get the practice to pay the ransom. Two years later, the cybercriminal tried to blackmail individual patients directly, threatening to expose their personal data and transcripts if they did not pay up.
The REvil gang probably had multiple extortions in mind when it picked Quanta as a target, as this company has many high-profile customers (e.g., Apple, Dell, HP, Microsoft, Toshiba). “Quanta was likely a target of opportunity and was likely pursued not because it would pay a large ransom, but because it held confidential data belonging to many of its customers and those customers could be extorted for ransoms,” according to a threat detection expert.
Cybersecurity flickr photo by Infosec Images shared under a Creative Commons (BY) license