2021 is already over and data shows that cybersecurity will become a more vital topic for organisations worldwide. Cybercrime Magazine has already published a forecast that cybercrime will cost the world 10,5 trillion dollars annually by 2025.
And if that year seems far away to you, let’s look at some data and trends:
- Nearly ½ of all cyber attacks (43%) are aimed at SMEs. And only 14% of them have a proper cybersecurity strategy in place – data from Accenture.com;
- A report titled “State of Cybersecurity” by Ponemon Institute, are outlined the 3 biggest threats to organisations – phishing and social engineering attacks, devices being stolen, and breach of credentials;
- Embroker.com published a report with cyber attack information for 2021 where they show that the costs of a cyberattack continue to trouble organisations months and years after the incident.
The fact is that there have been major increases in the numbers and the frequency of the most major types of cyber attacks (check the report from Embroker.com above). In this article in our blog, we will focus on the biggest cyber attacks and data breaches of the year.
We don’t want to scare anybody. Just put caution in your mind. You are going to pay the price for the level of cybersecurity in your organisation. It is better to be before you get hacked. Here is the list of the most interesting cyber attacks and data breaches we picked for you:
2021 was the year marked by the Pegasus Spyware Scandal. The software developed by the NSO group in Israel became a prime news story. Over 50 000 phone numbers worldwide were potential targets of this software. 1000 of them were traced to their owners and guess what – they belonged to people who should not be in the scope of surveillance by the software. They belonged to politicians and high-ranking officials and the already mentioned journalists and human rights activists. It is stated that countries like the UAE, India, Morocco, and Azerbaijan used it to spy on local journalists. The scandal still unfolds and will probably be a major story in 2022 as well. One of the most recent events is related to the fact that Cambridge University halted a deal for over 400 million pounds with the UAE over the findings of the scandal.
Some might argue that this is not a major cyberattack or data leak. However, it is one of the biggest in the NFT world. With the growing popularity of NFTs as digital assets, we think it deserves to be showcased.
The story got in the news of media like BBC and CNN. And it is very interesting to follow it. Here is what happened:
- An art collector paid a large amount of over $330 000 for what he thought was an original Banksy NFT artwork;
- Once he made the bid in an auction and it was accepted, the money was transferred and the auction was over. And then the victim realised he was frauded;
- The case caught the attention of the media and became a major news story;
- The money was returned to the victim.
Yes, there was a happy ending to all of this, but later on, it was found out that probably the website of Banksy was hacked and this was the root of the whole thing. A cybersecurity expert told the BBC that he warned Banksy’s team about vulnerabilities on the website of the artist several times and had no response. And since there is no official comment yet, this seems the most likely scenario.
This one is particularly interesting because it is most likely a result of negligence in most cases. The breach took place back in September. User names and passwords of around 87 000 users from around the world leaked due to a hacker attack. All of them were 87,000 FortiGate SSL-VPN devices. The leak happened after attackers exploited an unpatched “CVE-2018-13379 at the time of the actor’s scan.” (stated by the company).
Fortinet states that this was an old flaw in security they fixed back in 2019. Since then they communicated with their customers to make the needed updates to fix these issues. However, The Hackers News wrote that: “CVE-2018-13379 also emerged as one of the topmost exploited flaws in 2020, according to a list compiled by intelligence agencies in Australia, the U.K., and the U.S. earlier this year.”.
Although the company warned about the problem many times and offered a solution, the customers didn’t seem to take the measures needed. And this made the leak of user names and passwords possible.
For the cherry on top, we left the top 3 data breaches for the year, according to securitymagazine.com:
- Facebook — 553 million accounts from 106 countries containing e-mails and other information;
- LinkedIn – 700 million users – almost 93% of all registered accounts;
- Cognyte — Over 5 billion data records. Some of them contained passwords and other information.
These cases are only a few selected ones. There are many more stories similar to those. Cybercrime will get more vicious and more widespread. However, countermeasures can be taken. You just have to make cybersecurity a priority for your organisation. Remember that this is not a one-time effort. It is a constant and evolving process that needs to adapt to the needs you have. The first step is realizing you need to take measures.