A year that redefined attack techniques
Not surprisingly, there were many significant cybersecurity moments in 2021, so much so that it is no mean feat to shorten a long list to just a few stories that rocked the cybersecurity world in 2021. From ransomware attacks on the US government, to supply chain attacks and major vulnerability disclosures, the list is no shortsighted. Nonetheless, the following is a summary of cybersecurity attacks, vulnerabilities, and major cybersecurity developments that stood out the most.
A year that redefined attack techniques
Ransomware and extortion on the rise
Looking back at 2021, there have been many notable cybersecurity incidents, but the standout item might be the effort and mistake of cybercriminals to cause a huge gas station waiting line across the east coast of the US. The ransomware attack on the Colonial pipeline made the ongoing incident of ransomware and cyber-attacks a political issue, with the electric industry becoming the ultimate victim. This incident demonstrated a unified response and resolve to bring this wave of extortion attacks under control. The need to protect the critical infrastructure from cyber-attacks was also highlighted by another ransomware attack on a water processing company in Florida. The attackers demonstrated the potentially fatal chaos that could be unleashed by adjusting the sodium hydroxide levels in the water plant’s facility. Fortunately, a vigilant employee discovered the intrusion in time and raised the alarms.
In April, we saw an unusual intervention by law enforcement in the US when the FBI started accessing hundreds of US-based Microsoft servers and started removing hundreds of malicious code samples that cyber hackers inserted. The underlying issue here is a series of zero-day vulnerabilities announced by Microsoft in March that hackers took no time to exploit. These were actively being exploited by bad actors. A research team noted that at least 10 APT groups were involved in exploiting these vulnerabilities to compromise servers all over the world, giving them access to very sensitive data.
Ransomware and extortion on the rise
Looking back at 2021, there have been many notable cybersecurity incidents, but the standout item might be the effort and mistake of cybercriminals to cause a huge gas station waiting line across the east coast of the US. The ransomware attack on the Colonial pipeline made the ongoing incident of ransomware and cyber-attacks a political issue, with the electric industry becoming the ultimate victim. This incident demonstrated a unified response and resolve to bring this wave of extortion attacks under control. The need to protect the critical infrastructure from cyber-attacks was also highlighted by another ransomware attack on a water processing company in Florida. The attackers demonstrated the potentially fatal chaos that could be unleashed by adjusting the sodium hydroxide levels in the water plant’s facility. Fortunately, a vigilant employee discovered the intrusion in time and raised the alarms.
In April, we saw an unusual intervention by law enforcement in the US when the FBI started accessing hundreds of US-based Microsoft servers and started removing hundreds of malicious code samples that cyber hackers inserted. The underlying issue here is a series of zero-day vulnerabilities announced by Microsoft in March that hackers took no time to exploit. These were actively being exploited by bad actors. A research team noted that at least 10 APT groups were involved in exploiting these vulnerabilities to compromise servers all over the world, giving them access to very sensitive data.
Supply chain woes
Cyber-attacks on the supply chain continued. A program developed by Kaseya used by numerous managed service providers to provide remote IT support was exploited. The latest attack used a two-step malware delivery process that establishes a backdoor entry into the environment. Different from SolarWinds, the cybercriminals behind this attack were after monetary gain and not cyber espionage.
The cybercriminals planted ransomware by taking advantage of the trust relationship between Kaseya and its customers. Kaseya’s response was issued in a timely manner that classified the incident and pushed notifications to customers that may be affected. The notification recommendation was to immediately shut down the VSA (remote monitoring and management) server that may be affected. Once the VSA server was infected, the malware will close administrative access and start encrypting data, which is a precursor to the entire ransomware attack cycle that followed. After the infection, and the completion of the encryption process, the desktop wallpaper of the affected system was changed to an image nobody likes to see on their system. The common “files have been encrypted message” appeared on the screen. As a result, more than a thousand companies were exposed to this vicious ransomware attack.
Supply chain woes
A world without passwords?
A world without passwords?
Another, notable moment in the cyber industry that cannot go unmentioned is Microsoft’s announcement of the removal of reliance on password use. This was a bold move that will eliminate the need for complex passwords and password manager software, which is a change that will most likely carry to other areas of the cyber industry.
The final nail in Y2021 – Log4j
Finally, the year-end brought what looks like the worst major vulnerability announcement of the year. Besides the timing of the release, the Log4j critical vulnerability was found in the apache code library. The open-source Java-based login library is widely used, and the issue received a top score of 10 on the CVSS scale. The cybercriminals moved fast to exploit the issue and cybersecurity teams across the world went into action to patch the issue. The big challenge of the cybersecurity teams was to identify all instances of the use of the Log4j library, as the library was embedded in the products and services of many vendors. The ultimate risk of an exploited Log4j vulnerability is a complete takeover of the system by the bad actors.
The final nail in Y2021 – Log4j
Finally, the year-end brought what looks like the worst major vulnerability announcement of the year. Besides the timing of the release, the Log4j critical vulnerability was found in the apache code library. The open-source Java-based login library is widely used, and the issue received a top score of 10 on the CVSS scale. The cybercriminals moved fast to exploit the issue and cybersecurity teams across the world went into action to patch the issue. The big challenge of the cybersecurity teams was to identify all instances of the use of the Log4j library, as the library was embedded in the products and services of many vendors. The ultimate risk of an exploited Log4j vulnerability is a complete takeover of the system by the bad actors.
A concerning statement issued by Microsoft indicates that the Log4j vulnerability is only going to cause more cyber-attacks since state-sponsored and cyber-criminal attacks are increasing. With additional malware kits created and Log4j vulnerability incorporated in the existing attack techniques, it is safe to say that we will hear a lot more news this year regarding Log4j.
The past only makes us better
It is safe to say that the requirements to work from home will also continue and that the new hybrid environment is here to stay, solidifying a stable and more flexible working environment.
This creates many challenges for the cybersecurity industry. The positive side is that cybersecurity is now seen as a business-critical function as it demonstrated its importance in allowing companies to continue doing business as usual. This is good news as cybersecurity will provide organizations the ability to adapt to these ever-changing circumstances, we find ourselves in and to drive the current and upcoming digital transformation.
The past only makes us better
As the curtains on 2021 draw, it is important to realize what are the lessons learned. Majority of cyber-attacks and exploits revolve around ransomware attacks and vulnerabilities. Taking this into consideration, companies should put priority action into patching by developing and optimizing a good vulnerability management program. Additionally, protection from ransomware attacks and other malware-based cyber-attacks should also be on the top of the list of every organization whilst building strong processes and governance around ransomware resilience.
It is safe to say that the requirements to work from home will also continue and that the new hybrid environment is here to stay, solidifying a stable and more flexible working environment.
This creates many challenges for the cybersecurity industry. The positive side is that cybersecurity is now seen as a business-critical function as it demonstrated its importance in allowing companies to continue doing business as usual. This is good news as cybersecurity will provide organizations the ability to adapt to these ever-changing circumstances, we find ourselves in and to drive the current and upcoming digital transformation.
See also: