Things tend to slow down for many businesses at the end of the year. As the holidays roll in and employees take time off with their families, December is generally a time to take stock of what transpired over the year and start looking ahead to the next one.
Unfortunately, that’s not how cybercriminals operate.
While December was relatively quiet on the cybercrime front compared to some other recent months, it still brought news of a spate of attacks that run the gamut from insider data breaches to political espionage to good old-fashioned ransomware. Let’s look at some of the attacks that kept security experts on their toes to close out the year.
December 2021's Biggest Cyber Attacks
Shutterfly Operations Shuttered by Ransomware
They say you can’t put a price on memories, but tell that to the ransomware gang that successfully compromised the online photo company Shutterfly.
The late December attack apparently executed by the Russian group known as Conti impacted operations for not just Shutterfly.com, but also its Lifetouch, BorrowLenses, and Groovebook subsidiaries, as well as some corporate and manufacturing processes. The Conti gang also claimed it stole the source code for a Shutterfly store, although it wasn’t immediately clear to which area of the site where that might have occurred.
The stolen material covers a lot of ground, involving legal documents, banking information, and customer data that included partial credit card numbers.
In addition, the thieves reportedly threatened to post some of this information publicly, essentially demanding both a ransom and a hush-money payment. Despite the stolen credit card data, Shutterfly claims that no identifiable financial information was taken and—at last report— was in negotiations with the hackers over their double-pronged ransom demand.
Records Exposed: Financial and legal documents, customer data
Type of Attack: Ransomware, blackmail
Industry: Retail, data storage
Date of Attack: December 2021
Location: Redwood City, CA
Key takeaway: As business models grow more complex, so does cybersecurity. Shutterfly must defend its operations on multiple fronts, and now some arms of its business are impacted severely while others remain unaffected. A comprehensive cybersecurity solution capable of providing equal protection across a company’s entire operations is crucial for any multi-tiered organization.
Hackers Shake up Politics in Poland and the U.S.
A growing political scandal in Poland continues to spotlight the susceptibility of online government functions to bad actors. A December report from the Associated Press revealed repeated spyware attacks against Senator Krzysztof Brejza, a high-profile leader in opposition to the country’s current government.
Several other political organizations were also possibly targeted using tools from the Israel-based hacking collective NSO Group. The victims allege that the Polish government sponsored the attacks, which were used to forge incriminating text messages that may have tipped the balance in recent elections.
Poland’s government denies any hand in the crimes, while NSO Group claims it only sells its products to legitimate government interests. The European Union is currently investigating the case as legislators attempt to shore up cybercrime prevention efforts across Europe. Nonetheless, the damage appears to have already been done as far as Senator Brejza and his allies are concerned.
Records Exposed: Personal and political text messages and online records
Type of Attack: Spyware
Date of Attack: April 2019 to December 2021
Key takeaway: It isn’t only large organizations with troves of data that need to worry about fortifying cybersecurity. Officials in both government and private industry should be aware that their personal devices and networks may be targets for bad actors.
Instituting high-end security measures on personal communications may seem like an extreme reaction, but the scenario illustrated above demonstrates that the threat is very real and potentially very damaging.
Pfizer Breached from Within
In a time of ransomware, businesses understandably put an emphasis on preventing cybercrime from outside sources. Yet, a December report from Pfizer serves as a reminder that sometimes the calls really do come from inside the house.
In October, the pharmaceutical giant caught an employee in the act of uploading more than 12,000 proprietary and confidential files to a personal Google Drive account. The attempted theft allegedly involved sensitive information about pharmaceutical research, including data related to Pfizer’s COVID-19 vaccine program. Company officials believe the employee was being courted by a rival business and may have intended to take those secrets to a competitor.
The data theft was stopped in its tracks largely thanks to Pfizer’s in-house employee activity-tracking software, which alerted the company’s security team as soon as the files were transferred improperly. The employee is reportedly cooperating with the investigation. It appears that no sensitive information actually left the company, marking this as a solid success story for Pfizer’s cybersecurity efforts.
Records Exposed: Pharmaceutical research and development data
Type of Attack: Internal data theft
Date of Attack: October 2021
Location: New York
Key takeaway: The most serious threats don’t always come from shadowy organizations of foreign hackers. For businesses dealing with valuable and sensitive data, it is now crucial to maintain a strong internal cybersecurity defense that monitors employee actions and flags suspicious activity as soon as it is detected.
French IT Operations Disrupted by Holiday Hack
A holiday season attack by hackers using BlackCat ransomware appears to have been a close call for France’s infrastructure. The relatively new ransomware is thought to be the first written in the Rust programming language and has been dubbed the “most sophisticated” cybercrime tool of 2021. It was deployed on December 17 against Inetum Group, an IT company that provides services to a wide range of public- and private-sector organizations across France and around the world.
Quick action by the Inetum team, including isolating servers and shutting down VPN connections, was able to blunt the impact of the attack. Ransomware issues were limited to a small number of functions within France.
That’s fortunate for everyone involved, as Inetum’s extensive client list reaches into 26 countries. If hackers had infiltrated deeper into that client network, this may have been a hugely impactful incident rather than a teachable moment.
Records Exposed: Unknown
Type of Attack: Ransomware
Industry: Information technology
Date of Attack: December 2021
Key takeaway: Instant detection and swift action seem to have saved the day here. By having a cyberattack plan in place and ready to implement, the Inetum team potentially turned a major issue into a relatively minor headache.
This speaks to the importance of investing in not just high-quality cybersecurity systems, but also incident response training that helps your team react quickly and know what to do when attacks do occur.
Internal espionage, political malfeasance, double-pronged attacks and innovative cybercrime tools—December had a little bit of everything. As these four examples illustrate, a prepared team of experts coupled with an up-to-date security system can be the difference between shutting down operations and keeping things rolling after a security hiccup. Make 2022 the year your organization raises its security posture and joins the ranks of the well prepared.