- A number of prominent cyberattacks on US institutions have made headlines so far in 2021.
- Hackers targeted a major gas provider in April and the world's largest meat producer in May.
- Sometimes, experts say, hackers are after ransom, but in other cases intended to steal information.
A slew of cyberattacks against US agencies, institutions, and companies have dominated headlines so far this year, and cybersecurity experts say that these types of damaging attacks are on the rise and can have impacts that "spillover" across supply chains.
Cybercriminals, believed to be tied to Russia, in May targeted Colonial Pipeline, the operator of the largest fuel pipeline in the US. When the hackers, from a ransomware group called DarkSide, infiltrated its system, the company quickly shuttered the pipeline to prevent the ransomware from spreading.
The shutdown caused gasoline shortages and price hikes for about a week across the East Coast, leading governors in several states to declare states of emergency.
At the end of May,
Cyberattacks can be categorized in three ways, Tyler Moore, a professor of cybersecurity and information at the University of Tulsa, told Insider.
These include the headline-making attacks where criminals exploit systems seeking ransom, such as the attacks on JBS and
Another type, he said, is an espionage attack where foreign criminals breach a system intending to steal information.
There's also a third and more common type category called "email compromise," where a hacker targets a business or organization using an email phishing scam. Business email compromise scams cost US companies a combined $1.8 billion last year, according to a March 2021 report from IC3, the FBI's Internet Crime Complaint Center. There were 791,730 complaints of suspected internet crime in 2020, about 300,000 more than were reported in 2019.
In total, these cyberattacks resulted in a loss of more than $4 billion in the US last year, according to the report.
In the past, Moore said ransomware hackers often targeted smaller institutions, like local hospitals. These localized attacks rarely garnered national attention, he said.
The growing threat is not just the initial hack but the "spillover harm" it causes, Moore said.
The more recent attacks, like those on Colonial Pipeline and JBS, are cause for concern because they create problems on a larger scale, he said. And, he added, these companies and their systems have long been vulnerable to these types of attacks.
"It becomes more of sentient threat - more of a threat that we're aware of," Moore said of the recent ransomware hacks.
"They're not trying to necessarily shut down a pipeline," Moore added of ransomware hackers. "They're just trying to make money through ransomware, but they're still having this effect of disrupting our critical infrastructures."
DarkSide claimed it didn't mean to cause any disruption to society. The ransomware group later claimed it would be disbanding following the incident.
"We're seeing more of this spillover harm," Moore added. "We're seeing this harm that spreads far beyond what the original attack was trying to do. And that, that seems to be a growing concern."
"These companies have technology supply chains and different pieces of those supply chains are being attacked, which can cause widespread damage across many other companies," Moore said.
Ransomware attackers have also evolved. Historically, victims of a ransomware attack could avoid paying the ransom if they maintained regular system backups and restored their systems to them after they had been compromised.
Now, hackers expect this and will download data and threaten to release it publicly if the ransom is not paid, Moore added.
In the case of Colonial Pipeline, the company quickly paid the hackers $4.4 million in ransom. Officials at the Department of Justice said this week they were able to recover most of the $4.4 million paid to the hackers.
This year alone, cybercriminals have taken out large and small targets
It's not just a perception or an increase in coverage - cyberattacks in the US are both growing and evolving, experts said.
"There was a big increase in ransomware attacks in 2020 that continued in 2021," said Allan Liska, who works on the computer security incident response (CSIRT) at the cybersecurity company Recorded Future.
"What I think we're starting to see is ransomware attacks that have more of an impact on a broad swath of consumers," he added.
- New York City officials confirmed this week they were investigating a hack on its Law Department. According to a report from the New York Daily News, the breach left lawyers unable to access documents and may have made put employee's personnel information at risk.
- Earlier in June, at least three US television stations owned by Cox Media Group were hit with a reported
cyberattack , according to a report from NBC News. Cox Media Group did not return Insider's request for comment. - Hackers last month breached computer systems in the city of Tulsa, Oklahoma, prompting officials to quickly shut them down, according to the Associated Press. City residents were left unable to use online systems to pay their water bills. A spokesperson for the city of Tulsa said the hack was stopped before any information could be leaked, according to the AP.
- In April, the Metropolitan Transportation Authority, the New York state agency that operates public transit in New York City was targeted by cybercriminals. Officials said hackers did little damage to its systems and did not access train controls, according to a report from NBC New York.
- And in March, at least 30,000 victims that included small businesses and local governments were hacked by an organization that is thought to have ties to China. The hackers exploited four vulnerabilities with Microsoft's Exchange Server email software, according to Krebs on Security.
"That was an attack where they were not trying to disrupt anything, but the purpose really was to gain access to information," Moore said of the March attack.
"Essentially, you've got the internal corporate email of many, many companies," he added. "This is something that is very valuable to a nation-state adversary like China."
Cyberattacks entered a new era with the attack on the information technology firm SolarWinds, which was first reported late last year. The breach impacted private companies like cybersecurity firm FireEye and the Department of Homeland Security and the Treasury Department, as Insider previously reported.
Top US officials say they believe the SolarWinds hackers were foreign actors from Russia.
This type of cybercrime almost always originates from outside the US, experts said.
"When we say Russia, China or, Iran - all of which have had ransomware actors operate out of their borders - we're generally talking about financially motivated actors that are not necessarily working for the government. But they operate with a tacet approval from the government," Liska said in regard to ransom seekers, like those from DarkSide.
There are reasons for Americans to be concerned about future attacks, Liska said. But there's also room for optimism.
But he added his fears had been assuaged slightly due to recent actions from the US government.
"The Biden administration has had a very aggressive response to these ransomware attacks. And a lot of ransomware actors are rethinking who they want to target," Liska said.
Biden in April slapped sanctions on Russia following its accused involvement in the SolarWinds attack.
"The Biden administration has been clear that the United States desires a relationship with Russia that is stable and predictable," the White House said in April. "We do not think that we need to continue on a negative trajectory. However, we have also been clear - publicly and privately - that we will defend our national interests and impose costs for Russian Government actions that seek to harm us."
The Department of Justice also, in April, established the Ransomware and Digital Extortion Task Force to investigate ransomware hackers. Paul M. Abbate, the deputy director of the FBI, said the agency currently has more than 100 investigations into operations like DarkSide, Insider previously reported.
FBI Director Christopher Wray this month told The Wall Street Journal there were "a lot of parallels" between the September 11, 2001, terrorist attacks and the current state of cyberattacks in the US.
"Part of the persona of these ransomware actors is they're bold and audacious," Liska said. "They issue press releases talking about their exploits and how they're not afraid of anybody and they'll go after anybody. It's really easy to do that until the president calls you out by name."
Liska said it wouldn't be impossible for cybercriminals to target something like the power grid or water treatment facilities (the latter happened in Florida earlier this year). But with growing scrutiny from the US government, criminals might be less likely to set their sights on big targets, he said.
"There are still a lot of different ways that ransomware actors can disrupt everyone's lives without necessarily taking the power grid offline," Liska said.
"We need to invest more heavily in our critical infrastructure," he added.