It seems appropriate that during a global pandemic, the cybersecurity news cycle would be filled with events and breaches that make us forget the previous one. Suddenly it’s as if we had the memory of goldfish, or maybe it was a diminished attention span caused by the ongoing drama of COVID and work from home. But this last year each new cyber event definitely seemed to out do the last, as if to say, “hold my beer, watch this!”
In today’s blog post, we’re going to recap five of the biggest cybersecurity industry news stories from 2021. While there are many to choose from, we believe these had the biggest reach and impact on the “state of the union.”
2020 may have hinted at the SolarWinds breach, but 2021 gave insight into exactly how bad it was. Beginning as early as March 2020, SolarWinds’ “Orion” software system was compromised by malicious actors believed to be from Russia. Orion, a system used by over 33,000 customers to manage IT resources, had suffered a breach from a code injection that gave the actors a backdoor into customer’s information technology systems.
But you probably knew all of this… What we didn’t know at the time was just how impactful the attacks would be to the organizations affected, the industry as a whole, and the common citizen alike. It’s not every day you talk about a security breach at the dinner table…
But, just as we were catching our breath from SolarWinds, our attention returned to ransomware and the huge ransoms demanded by bad actors. Additionally, to ensure payment, many ransomware gangs turned to publicly naming and shaming organizations. Websites showing the company name and the amount taken, along with how long before the gang would leak the data for non-payment, started popping up like weeds.
Because Darknet websites don’t garner as much attention, these threat actors began weaponizing social media in a more accessible way, using Twitter, Tumblr, and Facebook as distribution channels, to gain more mainstream attention. 2021, if not the year of short memories, was the year of ransomware. Ransomware had certainly gained immense popularity among adversaries over the past few years, but now even Mom knew who got hacked and for how much.
To make matters worse, hackers gained entry into the networks of Colonial Pipeline Co. on April 29. A week later, just before 5 a.m., an employee in Colonial’s control room saw a ransom note demanding cryptocurrency appear on a computer. The employee notified an operations supervisor who immediately began to start the process of shutting down the pipeline. It was the first time Colonial had shut down the entirety of its gasoline pipeline system in its 57-year history.
Colonial paid the hackers, an affiliate of a Russia-linked cybercrime group known as DarkSide, a $4.4 million ransom shortly after the hack. The hackers also stole nearly 100 GBs of data from Colonial Pipeline and threatened to leak it if the ransom wasn’t paid. In an unusual turn of events, on June 7, the Department of Justice announced that it had recovered 63.7 of the bitcoins (approximately $2.3 million) from the ransom payment.
The Colonial Pipeline drove the point home about the threat of ransomware and built upon the fear of nation state cybersecurity threats following breaches like those in the 2016 Presidential election. Now more than ever, the security industry called on the U.S. government to prioritize and neutralize these actors.
Speaking of the United States government, President Joe Biden and his administration signed an executive order (EO) on May 12, 2021 titled Improving the Nation’s Cybersecurity. This EO was a direct response to the numerous breaches in the first half of 2021, and a tangible investment by the federal government in an industry that was consistently under attack and in need of support.
The EO, which saw large bi-partisan support, gave several federal government agencies tight deadlines to produce new rules and guidance on stringent cybersecurity requirements that the White House hopes will better protect government offices from malicious digital activity. In addition, the administration designed the order to spur federal government hardware and software suppliers to ratchet up their security efforts in order to hang onto their government contracts.
The hope of the EO was that by exercising the power of the purse, the federal government’s new rules would have a positive spillover effect for private sector organizations, too. While the results are still to be determined one thing’s clear: Cybersecurity’s prioritization by the United States government is at an all-time high.
And now we find ourselves in the present, December 2021, where incident response (IR) teams are working much too hard this holiday season in order to remediate vulnerabilities exposed by log4j, a Java-based logging utility. The bug found in a popular and widely used piece of computer code, was first reported on December 9th. And just like that, mass hysteria! Many of the largest companies on the planet raised alarms to DEFCON 1 and dropped everything to patch their platforms and minimize potential damages.
While the true damage from log4j has not been realized to this point, Jen Easterly, the U.S. Cybersecurity and Infrastructure Security Agency director stated, “The log4j vulnerability is the most serious vulnerability I have seen in my decades-long career.” The unprecedented nature of this vulnerability is largely due to the widespread use of log4j across organizations like Google, Amazon, Microsoft, and thousands more.” Time will tell just how much the log4j vulnerability will be exploited and the real cost of the damage, but for now the race is on for cybersecurity professionals to identify and patch the many, many places their organization could be insecure.
While log4j will be plaguing the industry for some time to come, 2021 is wrapping up. Although many may want to say, “Good riddance,” the upside of the year’s chaos is the lessons we can learn from it. The threats are relentless, but so are the good guys working to stay ahead of them.
If you ready for some positive takeaways on 2021 and some advice on moving your security program forward in 2022, check out Beyond Trends: Practical Cybersecurity Insights for 2022, a webinar featuring Dan DeCloss of PlexTrac and Keith McCammon and Adam Mashinchi of Red Canary.
And, of course, visit us at plextrac.com to learn how PlexTrac can help you and your team be better prepared to combat all the novel threats 2022 will surely bring.