Arctic Wolf has been named a leader in the latest IDC MarketScape for Managed Detection and Response.    DOWNLOAD
Skip to main content

The Top Cyberattacks of May 2021

The breadth and frequency of high-profile hacks seems to rise every month, but a trio of exceptionally visible and potentially catastrophic May attacks has thrust cybersecurity into the national spotlight in ways seldom seen before. From hospitals to gas stations to meat processors to home gyms, no one was safe from security breaches. 

May's Biggest Cyberattacks

Colonial Pipeline Hack Sets U.S. Infrastructure on Edge

In what may be remembered as the hack that finally made "ransomware" a household word even for non-techies, a suspected Russian hacking group took Colonial Pipeline offline for more than three days in early May.

As Colonial provides 45% of the East Coast's supply of gasoline, diesel fuel, and jet fuel, this represented a significant hardship. Gas prices spiked across the country, some Eastern gas stations ran out of fuel, over-the-road deliveries were delayed, and there were even reports of gasoline hoarding.

Close up of a pipeline with a factory in the background.

Many of the details of the hack are still being kept under wraps, but it appears likely that it was facilitated via a malicious email or a third-party application. Russia's DarkSide collective was quick to take credit for the attack and reportedly received around $5 million in ransom (with part of that later recovered), although there was some initial dispute about the amount or whether Colonial paid at all.

Congress did move quickly to pass new cybersecurity standards for pipelines, but the damage has already been done in this instance.

While the alleged hackers have ever-so-graciously said that they only wanted money and didn't intend to cause quite so much trouble, the whole affair has been a stark reminder of how vulnerable our online infrastructure really is,  and how much chaos can be created by a relatively simple act of cybercrime.

Hackers Grind Meat Industry to a Halt

In just about any other month, the temporary shuttering of the world's largest meat producer would have been the biggest cybercrime story by far. Even with the Colonial hack dominating the headlines, the late May attack on JBS was fairly staggering. The ransomware attack on JBS servers was reportedly engineered by Russia's REvil hacker collective and halted meatpacking operations at multiple plants for upwards of five days.

Not only did the shutdown drastically disrupt meat production and distribution across the country, it also deprived many non-union employees of several days' wages. That's a very big deal in an industry where many workers are just beginning to recover financially from pandemic layoffs, and where meat plants often employ a large percentage of a town's population. It has not yet been disclosed how the hackers gained access to the JBS system, but the meat industry in general has notoriously outdated security measures and a history of resisting new regulation.

The shutdown does not appear to have impacted meat processing activities or safety measures, but experts are predicting that it will spur more manufacturers to upgrade their outdated cybersecurity systems. It may also cause safety-conscious shoppers to reconsider their meat buying habits, a potential crisis for the industry. Experts also worry that recent attacks on politically controversial industries like oil and large-scale meat processing may inspire copycat attacks from activist hacker groups.

Ireland's Healthcare System Gets Taken Ransom

If the Colonial and JBS hackers may have been counting on a certain amount of public sympathy, that doesn't appear to be the case in Ireland, where the Russian hacker group Conti claimed credit for shutting down much of the country's healthcare system for nearly a full week.

The mid-May ransomware attack led the Irish Health Service to shut down its entire IT infrastructure, interrupting patient care, canceling appointments, and leading officials to plead with the public to seek medical care only when totally necessary.

The attack shut down a stunning number of day-to-day operations across the system, including payroll, access to test results, and even telephone services. Beyond the disruptions in service, Irish officials have said that it is quite likely that confidential patient data has been shared or sold online. That represents a shocking violation of privacy for patients and sets up the possibility of further data theft and even blackmail for people with medical conditions that they want kept private.

Inside of a hospital waiting room. Out of focus look at people waiting.

For now the situation appears to be resolved, as Irish officials were "surprised" to be given the decryption key that allowed IT operations to resume. The government insists that no ransom was paid, so perhaps the hackers had a change of heart after seeing how much havoc they'd wrought. Or, more likely, they simply decided that the purloined personal data was valuable enough that trying to collect further ransom money wasn't worth their effort.

Either way, this episode ranks among the most frightening cyberattacks the world has ever seen, and it likely will not be the last of its kind.

Peloton Tries to Ride Out its Exposed API Issues

A presidential fitness regimen is maybe not the most obvious place for cybersecurity risks to emerge, but it's an issue that has come up repeatedly since it was revealed that President Biden would be bringing his Peloton along to the White House. Now a recent security report has shown that those concerns were, like the fitness-conscious president, far from idle.

UK security researcher Jan Masters began digging into Peloton's privacy practices back in January and quickly determined that the company's API was exposed, allowing any tech-savvy voyeur relatively easy access to Peloton users' personally identifiable information and workout data. Masters informed the company of the issue and gave them a 90-day window to fix the problem before taking the information public. You're reading about it now, so you can probably guess how that went.

Peloton did immediately restrict its API to members only, which would be an effective deterrent against any hacker unwilling to lay down $12.99 for a monthly membership. After TechCrunch ran a story built around Masters' findings in early May, the company says it has now patched the bug entirely, but not before its stock prices dropped amidst a variety of scandals. In the meantime, it remains unclear whether anyone took advantage of the exposure while they had the chance. That should make Peloton users ride a little uneasily, including those in the bicycle seat of power.

May was a scary month online by anybody's measure. Will ransomware shutdowns of the energy system, the food industry, and a national health service finally prompt businesses and governments to start investing in more serious security measures, or will these kinds of attacks continue to grow until there are even more dire repercussions? Let's hope for the former.

Additional Resources