America’s biggest brands are under attack: Apple, Microsoft, Facebook, Amazon, Visa, and many others have been hacked. Nothing is safe. Google? Hacked. Your Peloton bike? Vulnerable. Even your fish tank is suspect.
You can fight back with tightened security, but it also helps to know your enemy. Here are some of the bigger and more bizarre hacks of the decade, along with the suspects lurking on the dark web.
Atlanta-based Colonial Pipeline was hit by a ransomware cyber-attack in May 2021. Colonial took itself offline, disrupting US supplies for days and causing fuel shortages. The Department of Justice later seized most of the ransom paid to hackers - 63.7 Bitcoins then valued at $2.3m, which caused the cryptocurrency to sink temporarily.
SUSPECTS: DarkSide Ransomware Gang, described by the FBI as a ‘Russia-based cybercrime group’, that markets ransomware to criminal gangs who then conduct attacks and share a percentage of the ransom. DarkSide is one of 100 similar gangs the Bureau is investigating as ransomware explodes into a $14bn a year industry.
Brazil’s JB Meat, the world’s biggest meat company, paid their ransom in Bitcoin valued at $11m after ransomware shut down its operations in the US, Canada, and Australia in 2021, threatening to disrupt food supply and lead to inflated prices.
SUSPECTS: REvil, aka Sodinokibi. Bloomberg describes REvil as ‘a cybergang with Russian links’. The gang, suspected of being an offshoot of defunct GandCrab, uses ransomware code similar to DarkSide’s software.
SUPPLY CHAIN HACK
Microsoft President Brad Smith describes the SolarWinds’ attack on 18,000 business and US government agencies as ‘the largest and most sophisticated attack the world has ever seen’. Cyber-attackers buried malicious code in SolarWinds’ software in 2019. When the Texas company sent software updates, it unwittingly delivered the hacked code to its clients, letting criminals access their business intelligence, nuclear secrets, and more. Microsoft, Mastercard, Visa, Lockheed Martin, and most Fortune 500 are SolarWinds’ clients.
Sony Pictures was attacked with a variant of the Shamoon malware in 2014 which can erase a computer’s infrastructure. Hackers leaked personal information about staff, employee emails, executive salary info, film scripts, then-unreleased Sony films, and plans for future movies. Hackers also demanded Sony withdraw The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un, and threatened terrorist attacks.
SUSPECTS: Three North Korean military programmers were indicted in 2021 for the Sony hack and broader plans to extort more than $1.3bn in cash and cryptocurrency from financial institutions and companies. North Korea denies any responsibility.
Oil giant Saudi Aramco was also crippled by a cyber warfare attack linked to Shamoon malware in 2012. At the time it was the biggest hack in history. Within hours, more than 30,000 computers were destroyed or partially wiped. Gasoline tank trucks lining up for refills had to be turned away because there was no way to pay. Ten percent of the world's oil was suddenly at risk.
The malicious computer worm Stuxnet was uncovered in 2010. Stuxnet targets supervisory control and data acquisition systems. First, it focused on Microsoft Windows machines and networks, then Siemens Step7 software used to program industrial control systems that operate equipment, such as centrifuges. It is also believed to be responsible for causing substantial damage to Iran’s nuclear program.
SUSPECTS: Intelligence agencies, possibly in the US and/or Israel. Symantec computer experts Liam O'Murchu and Eric Chien, the first team to investigate Stuxnet, told SPYSCAPE that Stuxnet was likely created by a government.
Microsoft Exchange Servers
A global wave of cyberattacks and data breaches began in January 2021 when four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers access to user emails and passwords, administrator privileges, and access to connected devices on the network. The vulnerabilities could be used to deploy ransomware and data theft in the US and Europe. The European Banking Authority’s email servers were compromised as part of the Microsoft attack.
SUSPECTS: Hafnium, a Chinese state-sponsored hacking group that historically has targeted US defense contractors and other industry sectors, China denies any involvement.
US nuclear weapons contractor Sol Oriens was targeted by a cyberattack in 2021, losing company intel and employee data. Sol Oriens describes itself as helping the ‘Department of Defense and Department of Energy Organizations, Aerospace Contractors, and Technology Firms carry out complex programs’.
SUSPECT: REvil, suspected in the JB Meat attack, claimed to be selling four terabytes of Sol Oriens' data in an online auction.
India’s flagship carrier Air India is the latest carrier to be hit by a massive cyberattack in 2021 which jeopardized the data of 4.5m passengers, including passport and credit card info. It may be part of a bigger campaign to snoop on the airline industry. Global aviation IT giant SITA, based in Geneva, which serves Air India, United, Singapore Airlines, and Lufthansa, was hacked in early 2021.
SUSPECTS: Some finger APT41, the Chinese gang indicted in the US in 2020 for hacking tech and gaming companies. Cybersecurity company Group-IB claims with ‘moderate’ confidence, that APT41 is behind the Air India breach.