1. Colonial Pipeline: The potential fallout from infrastructure attacks is the stuff of dystopian nightmares at the best of times, let alone during a global pandemic. That fear was amplified a thousand-fold when ransomware crooks attacked Colonial Pipeline forcing them to shut down production for the first time in its 57-year history, creating fuel shortages and price spikes. The nightmare likely started with access to a breached password shared on the dark web. 

2. JBS Foods: The world’s largest meat supplier paid $11 million to ransomware hackers in June after an “organized cybersecurity attack” on North American and Australian systems that shut down all operations in the United States, operations in Australia and a processing plant in Canada. 

3. CNA Financial: The crooks behind this ransomware attack on insurance giant CNA Financial accepted a negotiated payment of $40 million – d a third less than their demand for $60 million. (Mighty big of them.) The crooks gained access through an employee’s workstation via a fake browser update delivered via a legitimate website. 

4. Microsoft Exchange: An estimated 30,000 to 60,000 organizations were hacked last spring in attacks that targeted vulnerabilities in Microsoft Exchange Servers. Investigations ultimately led the United States and its western allies to lay responsibility for ransomware and other cyberattacks that exploited those vulnerabilities at China’s feet.

5. Acer: PC-maker Acer was attacked by ransomware crooks demanding $50 million in a scheme that is suspected of having been executed via Microsoft Exchange vulnerabilities (see previous). 

6. Twitch: Amazon’s streaming platform Twitch was targeted by an activist hacker that publicly released Twitch’s source code and user payout information. The hacker’s self-professed motivation? Creating disruption and competition in the video streaming space.

7. Kaseya: Infrastructure pundit Kaseya became the conduit for a series of ransomware attacks via its MSP customers when hackers exploited vulnerabilities to its Virtual System Administrator (VSA) software. In response, the U.S. Department of Justice seized more than $6 million in assets and facilitated arrests against alleged ransomware criminals from the Ukraine, Russia and Romania. 

 

Protecting Your SMB Clients

Cyberattack threats extend well beyond “headline” attacks that capture global attention. In fact, more than 4,000 ransomware attacks occur every day. The good news is that most of your customers are aware of the threat at this point. The bad news is that too many overestimate their protection (e.g., simple antivirus) or underestimate their ability to prepare for attacks (via cyber resilience). 

 

Moving forward in 2022, your goal should be to explain to your customers both the scope and scale of the threats they face and the surprising efficacy and affordability of establishing cyber resilience. We’ve already shared many resources to help you with those discussions, and we’ll continue to do so throughout the year.