Major cyberattacks have rocked the US, and there are 'a lot of different ways that ransomware actors can disrupt everyone's lives,' experts say
- A number of prominent cyberattacks on US institutions have made headlines so far in 2021.
- Hackers targeted a major gas provider in April and the world's largest meat producer in May.
- Sometimes, experts say, hackers are after ransom, but in other cases intended to steal information.
A slew of cyberattacks against US agencies, institutions, and companies have dominated headlines so far this year, and cybersecurity experts say that these types of damaging attacks are on the rise and can have impacts that "spillover" across supply chains.Cybercriminals, believed to be tied to Russia, in May targeted Colonial Pipeline, the operator of the largest fuel pipeline in the US. When the hackers, from a ransomware group called DarkSide, infiltrated its system, the company quickly shuttered the pipeline to prevent the ransomware from spreading.
View all Offers
OnePlus Nord 2 5G (Gray Sierra, 8GB RAM, 128GB Storage) I Extra upto Rs.1000 off on Exchange₹ 29999Buy On
- 19% OFF
Redmi Note 10 (Aqua Green, 4GB RAM, 64GB Storage) -Amoled Dot Display | 48MP Sony Sensor IMX582 | Snapdragon 678 Processor₹ 12999₹ 15999Buy On
OnePlus Nord 2 5G (Blue Haze, 8GB RAM, 128GB Storage) I Extra upto Rs.1000 off on Exchange₹ 29999Buy On
- 18% OFF
Redmi 9 (Carbon Black, 4GB RAM, 64GB Storage) | 2.3GHz Mediatek Helio G35 Octa core Processor₹ 8999₹ 10999Buy On
- 18% OFF
Redmi 9A (Nature Green, 2GB RAM, 32GB Storage) | 2GHz Octa-core Helio G25 Processor | 5000 mAh Battery₹ 6999₹ 8499Buy On
Cyberattacks can be categorized in three ways, Tyler Moore, a professor of cybersecurity and information at the University of Tulsa, told Insider.
These include the headline-making attacks where criminals exploit systems seeking ransom, such as the attacks on JBS and
There's also a third and more common type category called "email compromise," where a hacker targets a business or organization using an email phishing scam. Business email compromise scams cost US companies a combined $1.8 billion last year, according to a March 2021 report from IC3, the FBI's Internet Crime Complaint Center. There were 791,730 complaints of suspected internet crime in 2020, about 300,000 more than were reported in 2019.In total, these cyberattacks resulted in a loss of more than $4 billion in the US last year, according to the report. In the past, Moore said ransomware hackers often targeted smaller institutions, like local hospitals. These localized attacks rarely garnered national attention, he said.
The growing threat is not just the initial hack but the "spillover harm" it causes, Moore said.
The more recent attacks, like those on Colonial Pipeline and JBS, are cause for concern because they create problems on a larger scale, he said. And, he added, these companies and their systems have long been vulnerable to these types of attacks.
"It becomes more of sentient threat - more of a threat that we're aware of," Moore said of the recent ransomware hacks."They're not trying to necessarily shut down a pipeline," Moore added of ransomware hackers. "They're just trying to make money through ransomware, but they're still having this effect of disrupting our critical infrastructures."
DarkSide claimed it didn't mean to cause any disruption to society. The ransomware group later claimed it would be disbanding following the incident.
"We're seeing more of this spillover harm," Moore added. "We're seeing this harm that spreads far beyond what the original attack was trying to do. And that, that seems to be a growing concern.""These companies have technology supply chains and different pieces of those supply chains are being attacked, which can cause widespread damage across many other companies," Moore said.
Now, hackers expect this and will download data and threaten to release it publicly if the ransom is not paid, Moore added.In the case of Colonial Pipeline, the company quickly paid the hackers $4.4 million in ransom. Officials at the Department of Justice said this week they were able to recover most of the $4.4 million paid to the hackers.
This year alone, cybercriminals have taken out large and small targets
It's not just a perception or an increase in coverage - cyberattacks in the US are both growing and evolving, experts said."There was a big increase in ransomware attacks in 2020 that continued in 2021," said Allan Liska, who works on the computer security incident response (CSIRT) at the cybersecurity company Recorded Future. "What I think we're starting to see is ransomware attacks that have more of an impact on a broad swath of consumers," he added.
- New York City officials confirmed this week they were investigating a hack on its Law Department. According to a report from the New York Daily News, the breach left lawyers unable to access documents and may have made put employee's personnel information at risk.
- Earlier in June, at least three US television stations owned by Cox Media Group were hit with a reported
cyberattack, according to a report from NBC News. Cox Media Group did not return Insider's request for comment.
- Hackers last month breached computer systems in the city of Tulsa, Oklahoma, prompting officials to quickly shut them down, according to the Associated Press. City residents were left unable to use online systems to pay their water bills. A spokesperson for the city of Tulsa said the hack was stopped before any information could be leaked, according to the AP.
- In April, the Metropolitan Transportation Authority, the New York state agency that operates public transit in New York City was targeted by cybercriminals. Officials said hackers did little damage to its systems and did not access train controls, according to a report from NBC New York.
- And in March, at least 30,000 victims that included small businesses and local governments were hacked by an organization that is thought to have ties to China. The hackers exploited four vulnerabilities with Microsoft's Exchange Server email software, according to Krebs on Security.
"That was an attack where they were not trying to disrupt anything, but the purpose really was to gain access to information," Moore said of the March attack.
"Essentially, you've got the internal corporate email of many, many companies," he added. "This is something that is very valuable to a nation-state adversary like China."Cyberattacks entered a new era with the attack on the information technology firm SolarWinds, which was first reported late last year. The breach impacted private companies like cybersecurity firm FireEye and the Department of Homeland Security and the Treasury Department, as Insider previously reported.
Top US officials say they believe the SolarWinds hackers were foreign actors from Russia.
This type of cybercrime almost always originates from outside the US, experts said."When we say Russia, China or, Iran - all of which have had ransomware actors operate out of their borders - we're generally talking about financially motivated actors that are not necessarily working for the government. But they operate with a tacet approval from the government," Liska said in regard to ransom seekers, like those from DarkSide.
There are reasons for Americans to be concerned about future attacks, Liska said. But there's also room for optimism.But he added his fears had been assuaged slightly due to recent actions from the US government.
"The Biden administration has had a very aggressive response to these ransomware attacks. And a lot of ransomware actors are rethinking who they want to target," Liska said.Biden in April slapped sanctions on Russia following its accused involvement in the SolarWinds attack.
"The Biden administration has been clear that the United States desires a relationship with Russia that is stable and predictable," the White House said in April. "We do not think that we need to continue on a negative trajectory. However, we have also been clear - publicly and privately - that we will defend our national interests and impose costs for Russian Government actions that seek to harm us."The Department of Justice also, in April, established the Ransomware and Digital Extortion Task Force to investigate ransomware hackers. Paul M. Abbate, the deputy director of the FBI, said the agency currently has more than 100 investigations into operations like DarkSide, Insider previously reported. FBI Director Christopher Wray this month told The Wall Street Journal there were "a lot of parallels" between the September 11, 2001, terrorist attacks and the current state of cyberattacks in the US.
"Part of the persona of these ransomware actors is they're bold and audacious," Liska said. "They issue press releases talking about their exploits and how they're not afraid of anybody and they'll go after anybody. It's really easy to do that until the president calls you out by name."
Liska said it wouldn't be impossible for cybercriminals to target something like the power grid or water treatment facilities (the latter happened in Florida earlier this year). But with growing scrutiny from the US government, criminals might be less likely to set their sights on big targets, he said."There are still a lot of different ways that ransomware actors can disrupt everyone's lives without necessarily taking the power grid offline," Liska said.
"We need to invest more heavily in our critical infrastructure," he added.
- Ransomware attacks hit record 300 million in first half of 2021, reveals new report
- Tokyo Olympics: India's Satish Kumar exits from quarter-finals in boxing after losing to Bakhodir Jalolov
- From the US to Western Europe to New Zealand — natural disasters which wreaked havoc in the last 6 months
- Fino Payments Bank files papers for ₹1,300 crore IPO
- OfBusiness, a platform that helps SMEs get raw materials, becomes the newest unicorn from India