While it’s hard to predict where threat actors will head in 2022, we expect the 2021 trends to continue and ransomware to be on the rise.
To be better prepared, in this blog, we are going to take a look back at the major cybersecurity incidents that made the headlines, caused tremendous headaches for businesses and cyber security practitioners around the world, and the lessons learned.
We have prepared a video summarizing the blog in two minutes. Watch here:
Let’s look at some alarming statistics first:
- According to the Identity Theft Resource Center (ITCR) report, the number of breaches that had taken place over the first three quarters of 2021 had exceeded the total number of breaches in 2020.
- A study by Sophos showed 37% of organizations – over a third of the 5,400 surveyed – were hit by ransomware in 2021.
Here are some of the most notable security incidents, cyberattacks, and data breaches over 2021.
The SolarWinds Attack
This massive campaign — which has potentially compromised networks tied to the Treasury, Defense, Commerce, and State departments — was clearly more proactive and multifaceted than previously known.
While this attack came up in December 2020, organizations across the world still felt the effects into the start of 2021.
Cyber criminals somehow got into SolarWinds’ development operations and inserted malicious code while the software update was being assembled. Those who downloaded the malicious patch, gave away the access to their IT systems in the hands of cyber threat actors.
- The biggest lesson was “don’t trust anyone”.
- Network segmentation is the key to success.
HAFNIUM Targeting Exchange Servers
While some large organizations were still unpacking SolarWinds, HAFNIUM threat actors came along targeting several zero-day vulnerabilities in Microsoft Exchange Servers in March 2021.
“ProxyLogon,” one of the vulnerabilities disclosed as part of this campaign, was the most dangerous.
The threat actors, a group assessed to be state-sponsored and operating out of China, used these zero-day vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.
- Always make sure all relevant security updates are applied to every system
- Hunt proactively
Colonial Pipeline Hack
A cyberattack on the US largest oil pipeline system, Colonial Pipeline, rattled the US once again after the SolarWinds hack. The company fell victim to this attack on May 7, 2021, which led to a voluntary shutdown of the pipeline supplying 45% of fuel to the East Coast in the US. It was perhaps one of the worst cyberattacks to date on U.S. critical infrastructure. The hacking group DarkSide claimed responsibility for the attack. This wound up being a wake-up call for critical infrastructure in the U.S.
- Ransomware attacks often result from (spear) phishing emails
- The importance of system monitoring
JBS Hit Cyberattack
JBS, a massive meat distribution worldwide, was hit with a ransomware attack and eventually paid an $11 million extortion payment in June. Although no operations were affected, it does lead to consumers panic buying meat at grocery stores in the U.S. over shortage concerns.
- Knowing your IT infrastructure helps thwart recovery efforts, especially in the face of modern strains of cyberattacks.
- Have a back-up plan in place
A vulnerability in a platform developed by IT services provider Kaseya was exploited in order to hit an estimated 800 – 1500 customers, including MSPs.
- The importance of continuous monitoring
- The importance of assessing and monitoring the relationship with third party vendors with access to critical data or systems
Pegasus is an advanced spyware that is developed and sold by an Israeli company named NSO Group. And, it can infect a phone with a “zero-click” interaction from the phone’s owner.
This spyware can record your calls, copy your messages and secretly film you, to name a few.
In July 2021, Amnesty International uncovered that Pegasus was still being widely used against high-profile targets. It showed that Pegasus was able to infect all modern iOS versions up to iOS 14.6, through a zero-click iMessage exploit.
- While Pegasus is an advanced spyware, however, we can be on the safer side if we always keep your smartphone up to date.
Last month on December 9, 2021, a very serious vulnerability in the popular Java-based logging package Log4j was disclosed. Log4j is a popular Java library developed and maintained by the Apache foundation.
The Log4j library is embedded in almost every Internet service or application we are familiar with, including Twitter, Amazon, Microsoft, Minecraft and more.
By December 20, 2021, over 4,300,000 attempts had been made to exploit the vulnerability, according to leading cybersecurity firm Checkpoint, with more than 46% conducted by known malicious groups.
- An accurate Software Bill of Materials (SBOM) is your best friend when working in vulnerability management.
- Consider specialized tools to give you an advantage.
- Have a response plan ready
That just seemed to be how 2021 went — one hit after another for the cybersecurity community. As mentioned above, we had everything from massive oil pipelines go offline, to state-sponsored actors raising the stakes.
So, the lessons we learned along the way should be taken seriously to minimize upcoming catastrophic security attacks because we should not expect the scourge of ransomware to miraculously disappear in 2022.
Wishing you a safe and healthy new year!