Takeaways From the Biggest Cyber Attacks of 2021

Posted by Living Security Team
January 05, 2022

Share Article

Cyber attacks have been on the rise year after year, and 2021 has been no exception. Cybersecurity Ventures stands by a prediction they made that cybercrime will cost the world $6 trillion annually by 2021, which has doubled since the $3 trillion in 2015. 

With this rising cost, it’s more important than ever to create and utilize a strong cybersecurity plan to mitigate risk for your organization. 

The silver lining is that with more attacks, we can take away more valuable lessons. 

Here are six of the top cyber attacks of 2021 and what we can learn from them about improving your own organization’s cybersecurity: 


1. The JBS Ransomware Attack

JBS, the world’s largest meat supplier, faced a ransomware attack at the end of May 2021 causing their operations to halt at 13 of their U.S. processing plants and threatening the country’s meat supply. 

AP News reported, “The attack targeted servers supporting JBS’s operations in North America and Australia. Backup servers weren’t affected and the company said it was not aware of any customer, supplier, or employee data being compromised.” 

Lessons Learned

  • It’s crucial to have cybersecurity plans in place. Thankfully, JBS was able to move quickly once the attack occurred.  "We have cybersecurity plans in place to address these types of issues and we are successfully executing those plans," JBS USA CEO Andre Nogueira said to CBS News.

  • Ransomware attacks can be carried out on companies of any size. As the world’s largest meat supplier, it might be assumed that they could avoid situations like this, but even the best security protocols in the largest companies can be beached. 


2. The Twitch Data Leak

On October 6, 2021, the streaming service Twitch confirmed it had been the victim of a breach. 

The BBC called it a “massive data breach” and reported that over 100 GB of data was leaked online. The information leaked contained the payment information on the service’s top streamers, source code, and other confidential information that the organization had not previously released. 

Twitch responded by posting and updating a blog post as they released more information about the attack. Within this, they explained they had reset all stream keys for their users and provided specific information for how users can utilize their new keys. 

They also stated in the blog post, “We take our responsibility to protect your data very seriously. We have taken steps to further secure our service, and we apologize to our community.” 

Lessons Learned

  • Keep your login information updated. While Twitch wasn’t aware of any leak in user login information, it’s still a good idea to update your password anyway. In addition, it’s important to utilize multi-factor authentication whenever possible.

  • Provide updates for your community. As your organization receives more information on the attacks, it’s crucial that you update your community, particularly those who may have been affected. 


3. The Kaseya Breach

In July 2021, IT management software developer Kaseya was the victim of a cyber attack. ZDNet reported that the threat actors found and attacked a “vulnerability in Kaseya's VSA software against multiple managed service providers (MSP)—and their customers.” 

Estimates suggest that 800 to 1,500 customers may have been affected by this attack. 

In response to the attack, Kaseya deployed their incident response team who notified their customers, took necessary precautions to ensure more customers weren’t affected, and otherwise ensured the situation was properly managed. 

Lessons Learned

  • Provide clear next steps for your customers. Whenever possible, it’s important to give your customers specific, detailed directions so they know what they need to do.

  • Have a dedicated incident response team in place. Because Kaseya already had a team in place who knew what to do, the situation was quickly remedied. They also created multiple patches and updates to ensure future security. 


4. The Vulnerability Researchers Attack

Google’s Threat Analysis Group (TAG) began sharing updates in January 2021 about a group that targeted security experts. 

In order to connect with security experts, Google reported that “the actors established a research blog and multiple Twitter profiles to interact with potential targets.” 

By immediately discussing this situation with the community, Google provided other cybersecurity experts with the knowledge they needed to keep themselves safe from this attack and others similar. 

Lessons Learned

  • Anyone can be a target, even cybersecurity experts. That makes ongoing training critical for everyone at work and at home.

  • Share information with others at risk. By creating a trustworthy community and sharing information about the threat actors like Google did, they were able to help others avoid these attacks. 


5. The Pegasus Zero-Day Vulnerability

This attack caused a spyware breach on a number of Apple products. The attack was “known as a ‘zero-click remote exploit,’ which is considered the Holy Grail of surveillance because it allows governments, mercenaries, and criminals to secretly break into someone’s device without tipping the victim off.” 

This allowed the threat actor to access the camera, microphone, texts, calls, and more on users’ phones without their knowledge. 

Apple responded by immediately working to fix the problem and quickly released a new update to fix the vulnerability. 

Lessons Learned

  • Update your devices. Ensure your devices always have up-to-date software, including your computer, phones, and other smart devices.

  • Always assume your information is vulnerable. By utilizing passwords, multi-factor authentication, encryption, and other safety best practices, you can mitigate risks for attacks like these. 


6. Colonial Pipeline

In May 2021, Colonial Pipeline was the victim of a ransomware attack that shut 

down one of the largest US fuel pipelines. They provide gasoline, diesel, and jet fuel to 45% of the east coast of the United States. 

DarkSide, a cybercrime group, took responsibility for the attack that required Colonial Pipeline to shut down all of its pipeline operations and pause IT systems. 

Lessons Learned

  • Ransomware attacks can have trickle-down effects. Though the attack itself caused a significant amount of harm to Colonial Pipeline, it also caused the fear of a gas shortage in the Southeast United States. 
  • The scope of a breach can widen. In August, Colonial Pipeline told CNN that the personal information of roughly 6,000 employees had been involved in the breach as well. 


How Is Your Organization Tackling Risk? 

Through each of these breaches, it’s easy to see that anyone can be a target of a cyber attack. This makes it crucial to ensure you have plans in place to mitigate risk and protect your organization

One of the most effective ways to do this is through the people who work at your organization. In cybersecurity, even though we throw multiple layers of technology at the problem, more than 80% of breaches are caused by human error, action, or inaction. With better human risk management, you can transform your cybersecurity initiative. 

Want to keep your team up to date on the latest cybersecurity attacks and our takeaways from them? Our latest Campaign-in-A-Box on the Kronos Ransomware Attack has everything you need to know and tips to help you and your team stay safe! 

Subscribe To Learn How To Prevent Cybersecurity Breaches

Additional Reading