The Biggest Supply Chain Attacks of 2021
2021 in Review
The year of 2021 was a busy one for the world’s cybersecurity professionals. From the LinkedIn users data leak to the Colonial Pipeline attack to the ongoing Log4j software vulnerabilities, this year’s cybersecurity landscape was full of unprecedented events and incidents. One of the most notable developments this year was the exponential increase in supply chain attacks. Indeed, a recent study shows that supply chain attacks targeting open source software increased by 650% in 2021 compared to 2020.
So why target the supply chain? In short, because it allows for a maximum number of victims, maximum access to data, and the potential for maximum damage. Launching an attack against a business’ supply chain allows cybercriminals to not only infiltrate a particular company’s networks, but also all of its customers, subscribers, and clients. Supply chain attacks have a domino effect, meaning that when one network falls, other systems are breached as well. Let’s take a look at some of the largest supply chain attacks of 2021, their consequences, and who was responsible.
Colonial Pipeline
Date of Attack: May 2021
Overview: Although this incident originated as a relatively simple ransomware attack, it had large-scale consequences. This attack caused a 6-day shutdown of the Colonial Pipeline, which transports fuel between Texas and New York. Since the Colonial Pipeline provides approximately 45% of the East Coast’s gasoline, diesel and jet fuel, the shutdown sparked widespread panic buying and subsequent supply shortages. The CEO of Colonial Pipeline eventually approved a ransom payment of USD 4.4 million to the hackers in order to avoid further disruption.
Responsible Parties: DarkSide, an apolitical hacking group that provides ransomware-as-a-service (RaaS) and is reportedly based in Eastern Europe. DarkSide is reportedly a potential subgroup of the Russian-speaking hacking unit REvil.
Microsoft Exchange Servers
Date of Attack: January - March 2021
Overview: Over the course of a few months, hackers discovered and exploited 4 zero-day vulnerabilities within Microsoft Exchange servers. These exploits allowed attackers to access user email and credentials, gain administrative privileges, and gain entry into devices on the network. These incidents affected approximately 250,000 servers globally, including those operated by the European Banking Authority, the Norwegian Parliament, and the Chilean Commission for the Financial Market.
Responsible Parties: Hafnium, a Chinese hacking unit
Kaseya Limited
Date of Attack: July 2021
Overview: The ransomware attack leveraged vulnerabilities found within the Virtual System Administrator (VSA) remote management software of US technology company Kaseya Limited. Specifically, the incident exploited flaws within VSA’s latest update, allowing the hackers to replace it with ransomware and hack into 50 managed services providers that used Kaseya’s products. Before Kaseya was able to issue warnings to its customers, the ransomware’s malicious payload had affected approximately 1,500 organizations.
Responsible Parties: REvil, a Russian-speaking criminal group that mysteriously disappeared from the internet following its hacking activities in July 2021.
JBS S.A.
Date of Attack: May 2021
Overview: This incident began as a cyberattack which targeted the Brazilian meat producer JBS S.A., one of the world’s largest food production companies. Specifically, the attack disrupted JBS’ facilities in Australia, Canada, and the US and caused widespread shortages in beef and pork as well as large-scale employee layoffs. Although most of JBS’ facilities were able to recover their operations, the company eventually paid USD 11 million in ransom payments as insurance in case the hackers attempted to compromise the systems again.
Responsible Parties: REvil cybercriminal group
Wrap Up
These are some of the most well-known and highly publicized cases, but it is important to remember that 2021 encompassed even more lower-scale supply chain attacks. While many people may immediately consider the Colonial Pipeline and last year’s SolarWinds attacks as demonstrative examples of supply chain attacks, many more businesses have been targeted and victimized.
Looking forward to 2022, the world can continue to expect cyber attacks to pose a significant risk to the supply chain, particularly in software development environments and mobile phone systems. Organizations should develop risk mitigation methods that focus not only on protection from external threats, but also protection from threats originating from a customer or supplier network. Additionally, ensuring that all third party suppliers maintain an adequate security posture and proper network segmentation strategies can help a business avoid falling victim to supply chain security breaches.
Interested in how the COVID-19 pandemic has fueled increases in cyberattacks? Check out our previous post, Pandemic Problems: The Rise of Ransomware Gangs.