The Biggest Corporate Hacks of 2021
Connect with us

Datastream

The Biggest Corporate Hacks of 2021

Published

on

The following content is sponsored by Global X ETFs.

Global X BUG ETF

The Biggest Corporate Hacks of 2021

Businesses are a prime target for cybercriminals, regardless of their size, industry, or location.

In this graphic sponsored by Global X ETFs, we’ve visualized the largest corporate hacks of 2021, as measured by ransom size. The full list is also tabulated below.

VictimCountryIndustryAmount paid or requested (USD millions)
MicrosoftU.S.TechnologyUndisclosed
Kia MotorsSouth KoreaAutomotive$20M*
BombardierCanadaAviationUndisclosed
CNA FinancialU.S.Financial Services$40M
Harris FederationUKEducation$8M*
Colonial PipelineU.S.Energy$4.4M
BrenntagGermanChemicals$4.4M
JBSCanadaFood$11M
KaseyaU.S.Technology$70M*
AccentureU.S.Technology$50M*
AcerTaiwanTechnology$50M*

*Requested but not paid in full. Source: Microsoft (2021), CRN (2021)

Continue reading below for details on some of these extraordinary hacks.

Energy: Colonial Pipeline Co.

The Colonial Pipeline ransomware attack was the largest ever cyberattack on an American oil infrastructure target.

On May 7, hackers took down the company’s billing system and threatened to release stolen data if a ransom was not paid. During negotiations, the company halted its pipelines, resulting in gas shortages across the Southeastern United States.

It’s been reported that Colonial Pipeline promptly paid a ransom of $4.4 million in bitcoin (based on prices at the time). The FBI managed to retrieve some of these bitcoins, but their exact method was not revealed.

Technology: Accenture

Accenture, one of the world’s largest IT consultants, fell victim to a ransomware attack in August of 2021. While this may seem ironic, it further proves that any business, regardless of industry, can be susceptible to hackers.

“There was no impact on Accenture’s operations, or on our client’s systems. As soon as we detected the presence of this threat, we isolated the affected servers.”
– Accenture spokesperson

The hack was traced back to LockBit, which claims to have stolen several terabytes of data from Accenture’s servers. A $50 million ransom was demanded, though it’s unknown whether the company actually made any payments.

Automotive: Kia Motors

Kia’s American business fell victim to a ransomware attack in February by a group called DoppelPaymer. Hackers threatened to release stolen data within 2 to 3 weeks if a ransom of $20 million (in bitcoin) was not paid.

This hack affected various systems including the Kia Owner Portal, Kia Connect (a mobile app for Kia owners), and internal programs used by dealerships. This also prevented buyers from picking up their new cars.

Kia denied it was hacked, but the timing of the ransom note and Kia’s service outages was suspicious. According to the FBI, DoppelPaymer has been responsible for numerous attacks since 2020. Victims include U.S. police departments, community colleges, and even a hospital in Germany.

Food: JBS

JBS, one of the world’s largest meat processing companies, experienced disruptions at its North American facilities in May. Shortly after, the company confirmed it had paid hackers a ransom of $11 million in bitcoin.

“This was a very difficult decision to make for our company and for me personally.”
– Andre Nogueira, CEO, JBS USA

This attack, along with the Colonial Pipeline hack, represents an alarming trend of critical industries being targeted. For context, JBS claims it has an annual IT budget of over $200 million, and employs over 850 IT personnel globally. The group responsible for this attack is known as REvil, a now defunct hacker group based in Russia.

Increased Spending on the Menu

The rising frequency and sophistication of corporate hacks is a major threat to the world. In fact, recent research from PricewaterhouseCoopers has highlighted that 69% of businesses predict a rise in future cybersecurity spending.

The Global X Cybersecurity ETF is a passively managed solution that can be used to gain exposure to the rising adoption of cybersecurity technologies. Click the link to learn more.

Subscribe to Visual Capitalist
Click for Comments

Datastream

Ranked: The Top Cyberattacks Against Businesses

Recent research provides insight into the top cyberattacks that businesses faced in 2021. See the results in this infographic.

Published

on

Ranked: The Top Cyberattacks Against Businesses

Cyberattacks hit a record high in 2021, continuing the momentum that had developed during the COVID-19 pandemic. One reason for this increase is the shift to remote work, which has opened up new vulnerabilities. Home networks are typically less secure, and the rapid rise in the use of online services means security is falling behind.

In this graphic sponsored by Global X ETFs, we’ve visualized survey results showing the 10 most successful types of cyberattacks in 2021.

The Results

These results are from a 2021 whitepaper by Osterman Research, a market research firm focused on cybersecurity. They surveyed 130 cybersecurity professionals from mid and large-sized organizations to see which types of attacks were the most prominent.

Type of AttackPercentage of respondents (%)
Business email attack was successful in tricking a lower-level employee53%
Phishing message resulted in a malware infection49%
Phishing message resulted in an account being compromised47%
Domain name was spoofed to perpetrate phishing campaigns38%
Ransomware was detected before it could be activated34%
Business email attack was successful in tricking a senior executive28%
Domain name impersonation resulted in a third-party being compromised16%
Phishing message resulted in a ransomware infection14%
A ransomware attack was successfully launched10%
A ransomware attack rendered internal IT systems non-operational10%

Source: Osterman Research (2021)

The report notes that these figures may be understated because organizations are likely to downplay their security incidents. Organizations may also lack the capability to detect all types of cyberattacks.

The Impact of Phishing Attacks

Phishing refers to an attack where the perpetrator pretends to be a trusted entity. These attacks can be carried out over email, text message (SMS), and even social media apps. The goal is often to trick the victim into opening a malicious link.

According to the whitepaper, opening malicious links can result in credential theft or ransomware infections. Credential theft is when attackers gain access to internal systems. This is incredibly dangerous, as it allows attackers to commit fraud, impersonate company officials, and steal data.

A powerful tool for preventing credential theft is multi-factor authentication (MFA). This method requires users to provide multiple verification factors to access a resource (instead of a single password).

The Threat of Ransomware

Ransomware is a type of cyberattack that involves blackmail, often for financial gain. For ransomware to be successfully planted, attackers must first gain access to a company’s networks.

Access can be gained through phishing, as discussed above, or alternate means such as compromised software updates. One such attack impacted over 57,000 Asus laptop owners in Russia after hackers created a malicious update tool on an official Asus server.

Cybercriminals have become increasingly ruthless in how ransomware attacks are executed.
– Osterman Research

Researchers have warned that ransomware attacks are becoming more dangerous and sophisticated. In addition to locking organizations out from core systems, hackers are also stealing data to increase their leverage. If a ransom is not paid, the stolen data may be published or even sold to the highest bidder.

Under Siege

The rising frequency and sophistication of cybercriminal activity is a major threat to the world.

According to the World Economic Forum’s 2022 Global Risks Report, ransomware attacks have increased by 435% since 2020. Furthermore, there is an estimated shortage of 3 million cybersecurity professionals worldwide.

To catch up, businesses and governments are expected to increase their spending on cybersecurity over the next several years.

The Global X Cybersecurity ETF is a passively managed solution that can be used to gain exposure to the rising adoption of cybersecurity technologies. Click the link to learn more.

Continue Reading

Datastream

AWS: Powering the Internet and Amazon’s Profits

Amazon is best known for its sprawling ecommerce empire, but three-quarters of the company’s profits actually come from cloud computing.

Published

on

This graphic shows the surge in AWS profits which now represent 74% of Amazon's total profits

The Briefing

  • Cloud computing has become a hugely important element of Amazon’s business
  • In 2021, AWS accounted for 13% of Amazon’s revenue, but clocks in nearly three-quarters of their operating profit

AWS: Powering the Internet and Amazon’s Profits

The Amazon growth story has been a remarkable one so far.

On the top line, the company has grown every single year since its inception. Even in going back to 2004, Amazon generated a much more modest $6.9 billion in revenue compared to the massive $469 billion for 2021.

Most of these sales come from their retail and ecommerce operations, which the company has come to be known for. However, on the bottom line, the source of profit paints a completely different picture. That’s because 74% of Amazon’s operating profit comes from Amazon Web Services (AWS).

Here’s a closer look at the financials around Amazon and AWS:

YearAWS Operating Profit ($B)Total Operating Profit ($B)AWS % of Operating ProfitRevenue ($B)
2021$18.5$24.874%$469.8
2020$13.5$22.959%$386.1
2019$9.2$14.563%$280.5
2018$7.2$12.458%$232.8

Ultimately, the data suggests that the cloud business has been, and possibly will always remain, a higher margin business and consistent profit center in comparison to ecommerce and the physical distribution of goods.

A Glance at AWS

AWS is Amazon’s cloud computing service that provides the critical infrastructure for an assortment of applications like data storage and networking. With this, they help fuel over a million organizations including businesses like Twitter and Netflix and even both the U.S. and Canadian Federal Governments.

Here are some other notable entities and the monthly payments they’ve made towards AWS:

AWS CustomerMonthly Payments ($M)
Netflix$19
Twitch$15
LinkedIn$13
Facebook$11
Turner Broadcasting$10
BBC$9
Baidu$9
ESPN$8
Adobe$8
Twitter$7

Source: Continho (2020)

Based on these monthly figures from 2020, AWS collects $1.3 billion in sales a year just from these 10 customers, while raking in $62 billion of revenue overall. Moreover, this makes them the leader in the competitive cloud market.

Chart showing the market share of cloud computing companies as of 2021. AWS leads at 33%

In an industry worth an excess of $180 billion, Amazon’s 33% market share position exceeds both Google and Microsoft (Azure) combined. Their market share also surpasses the bottom six shown on the chart combined, who are formidable tech giants in their own right.

The Future of AWS?

AWS has been a cash cow for years and there have even been rumors of an Amazon split up, where AWS would spin off as its own entity. It’s believed by some that if the cloud segment of the business separates, it will be seen as a pure play on the cloud industry and will be awarded a higher valuation multiple by the market.

One thing is for sure, from the perspective of profits, Amazon could be better be described as a cloud company, with an ecommerce business on the side.

Where does this data come from?

Source: Amazon SEC Filings
Notes: Operating profit is the profit from the business before the deduction of non-operating expenses like interest and taxes.

Continue Reading

Subscribe

Popular