5. Florida water system attack (2021)
A troubling reminder that outmoded tech can provide hackers with an easy entrance point onto an otherwise sophisticated network. In the case of this attack on a water treatment facility in Oldsmar, Florida, an old PC running Windows 7 with no firewall enabled a hacker to gain access and increase the amount of sodium hydroxide in the water by a factor of 100. The breach could have been catastrophic had it not been caught in time.
6. Colonial Pipeline Company ransomware attack (2021)
Perhaps the most shocking thing about this cyberattack is the fact that it supposedly took just one compromised password to disable the largest petroleum pipeline in America for several days. On 7 May 2021, the Colonial Pipeline Company reported that it had fallen prey to a cybersecurity attack involving ransomware and had been forced to take its pipeline – which supplies about half of the East Coast’s gasoline – offline. The potential impact of a prolonged disruption was deemed serious enough to justify paying the hackers, an eastern European outfit called DarkSide, $4.4 million worth of bitcoin.
7. Kaseya supply chain ransomware attack (2021)
This ransomware attack echoed the SolarWinds hack in that it targeted MSPs (Managed Service Provider) to achieve a more far-reaching impact. Breach an MSP and you can compromise far more than one company. In June 2021 Kaseya, a Florida-based IT management software provider used by numerous MSPs was hit by a supply chain ransomware attack.
Hackers (identified as the ransomware gang REvil) had pushed malware to Kaseya’s global customer base via a phoney update for its Virtual System Administrator (VSA) solution. The ripple effect was extremely widespread, impacting 60 Kaseya customers (mostly MSPs) and their customers. It’s been reported that more than 1,500 companies were affected.
