Understanding 3 Major Cyberattacks in the U.S.

Cyberattack.

Understanding 3 Major Cyberattacks in the U.S.

Cyberattacks have been a consistent news headline over the past few years. As a result of these attacks increasing in frequency, people are becoming more vigilant about cybersecurity measures as they realize the severe damage these attacks can produce. Cyberattacks can range widely regarding the number of victims, the type of damage done, the technology used to carry out the attack, and more. Keep reading to learn about a few of these significant cyberattacks as we break down what happened in each situation.

 

SolarWinds — Malware

SolarWinds is an IT management software for companies around the globe. As with most software providers, the company routinely releases software updates for its clients to fix bugs and improve performance. It is believed that Russian hackers carried out the SolarWinds cyberattack by using the software update as a vessel to infiltrate computers. Essentially, Russian hackers snuck malware into the software update, so when clients installed the update, the Russian malware was unknowingly downloaded onto users’ computers. Then, the hackers were able to install additional malware onto users’ computers, thus allowing them to gain access to companies’ network servers so they could spy on organizations.

Months passed before anyone realized the cyberattack was occurring, with up to 18,000 clients downloading the compromised software, including hospitals, higher education institutions, and government agencies. For reference, some compromised organizations were Microsoft, Intel, Nvidia, The Department of Homeland Security, and The Treasury Department. This attack is referred to as a supply chain attack because the product (in this case, the software update) was hacked before it was available to consumers. Also, the hackers streamlined the hacking process by inserting malware into the software update that was deployed to thousands of companies in a vast array of industries instead of going after companies one at a time.

To prevent attacks like this, companies should implement multi-factor authentication with biometrics. Basic multi-factor authentication involves something a user knows or has, which includes a username and password, as well as a mobile device. Only requiring a username and password is not very protective because hackers can easily bypass this. Multi-factor authentication with biometrics incorporates something an individual is, such as a fingerprint scan or facial and voice recognition. Biometrics are much harder for cybercriminals to circumvent.

 

Colonial Pipeline — Ransomware

One of the most familiar cyberattacks in recent memory is the Colonial Pipeline attack. The Colonial Pipeline is the longest petroleum pipeline in the U.S., stretching more than 5,500 miles, and provides gasoline to nearly half of the U.S.’s eastern coast. Cybercriminals were able to gain access to Colonial’s systems for a few reasons. First and foremost, the company did not have multi-factor authentication set up, which again is a fundamental cybersecurity practice. Additionally, the criminals accessed a leaked password found on the dark web and discovered an inactive VPN account. This created the perfect trifecta to carry out the attack.

After hacking into the systems, the cybercriminals used ransomware to lock Colonial out of their back-end data systems. The hackers then demanded payment in Bitcoin and claimed they would restore Colonial’s access to its systems once the payment was processed. The company responded by ceasing company operations which included halting the pipeline. Colonial ended up paying $4.4 million in Bitcoin to regain access; however, decrypting the locked data and re-opening the pipeline was a slow and intensive process. A month after Colonial completed the ransom demand, the U.S. government recovered $2.3 million of the total payment.

 As a result of Colonial temporarily shutting down its pipeline, consumers swiftly began panic-buying, which resulted in a slew of negative consequences. These include mass gasoline shortages, extremely long lines at gas pumps, and price increases due to the surge in demand and decrease in supply. Responsibility for this attack was claimed by the hacker group, DarkSide, an apolitical team that is believed to be centered in eastern Europe.

 

Apple — Spyware

The most recent cyberattack of the three covered in this article is the Apple spyware attack. The attack started in February 2021 and lasted until it was identified by independent researchers in September of the same year. In this situation, hackers accessed users’ devices by sending them a zero-click, malicious PDF file through iMessage. Zero-click means the malware infected victims’ devices without them even having to open the compromised file. Therefore, once hackers sent the file through iMessage, the hackers would have access to the recipient’s device, and there would be no sign that the hack is occurring.

This method was never seen before this attack and is believed to have been the work of the Israeli technology firm, NSO Group. Furthermore, the suspected targets for this attack were journalists and human rights activists. For reference, spyware is used to secretly collect information, data, and activity on a device through malicious software. Apple claims that these attacks cost millions, have a short lifespan, and are hyper-targeted, so the average consumer would not have to worry about being a victim. The attack impacted most Apple devices, including iPhones, iPads, Macs, and Apple watches.

In general, there is no clear solution to prevent zero-click spyware from infecting devices. To combat this attack, Apple quickly created a patch that would fill in the security gap. As for spyware that is not zero-click, the primary way to avoid becoming a victim is to not click on suspicious links or files.

As technology continues to advance, so will cyberattacks. Accordingly, cybersecurity must evolve, and companies need to be proactive about keeping up with the latest security software, researching trends in the cybercrime space, and monitoring suspicious activity. For more updates and news on cybersecurity and emerging technologies, continue to check our blog. Lastly, if you are curious how Quantilus can help your business or would like more information, contact us at info@quantilus.com, and we can set up a time to talk

Blog