ISMG's Greatest Hits: Top Cybersecurity Stories of 2021From Ransomware to Log4j, a Compilation of Stories, Podcasts and Expert Analysis
This past year has been a whirlwind for cybersecurity leaders. From watching the developments of late 2020's unprecedented SolarWinds cyberattack unfold in the New Year to ending with the Log4j vulnerability saga, 2021 has been another record year for information security - and the speed of news developments will not abate any time soon.
Here is a compilation of some of 2021's must-read stories - categorized by breaking news events, ransomware analysis, best video interviews and cybersecurity predictions for 2022.
Global Breaking News Events
Information security news made many headlines this year, crossing into most mainstream news outlets.
In the United States, the Biden administration responded to the rise in ransomware attacks - including Kaseya, Colonial Pipeline and other attacks on critical infrastructure - showing a growing government focus on security defense in the United States. The U.S. and the world are also grappling with how cryptocurrency will play into the future of finance. How will these new laws and regulations in the cyber sphere affect the security industry in the New Year?
From a global perspective, there were many other major events that affected the security world: the Conti ransomware attack on Ireland's healthcare system, India's government rollout of the Citizen Financial Cyber Fraud Reporting and Management System and the U.K. grappling with data privacy and protection laws, among many other events that had a cybersecurity impact.
Is there a major news event that ISMG covered in your region that has not made this list? Share it with us on social media through Twitter (@ISMG_News) or LinkedIn (Information Security Media Group - ISMG).
A zero-day vulnerability detected in the Java logging library Apache Log4j can result in full server takeover and leaves countless applications vulnerable, according to security researchers, who say that the easily exploitable flaw was first detected in the popular game Minecraft. Experts are predicting the effects of Log4j could affect the security industry for years to come (see: Log4j Updates: Flaw Challenges Global Security Leaders).
In May, a ransomware attack against Colonial Pipeline drove the company to shut down more than 5,000 miles of pipeline for a week, and shaped the way security leaders discussed this topic for the rest of the year. The Biden administration revealed early on that the attack had been carried out using the DarkSide strain of ransomware and prompted Congress to put ransomware regulations front and center. Colonial Pipeline CEO Joseph Blount was severely criticized for his handling of the attack, including paying a ransom - although the FBI later recovered most of it - and Congress questioned what he could have done better to handle the country's critical pipeline networks.
Like Colonial Pipeline and SolarWinds, the ransomware attack involving Kaseya's remote-management software - widely used by managed service providers - marked a major turning point in how security practitioners viewed security best practices, as well as preparation and mitigation strategies. Mark Loman of Sophos said the incident, involving attackers using Kaseya's software to directly push ransomware onto systems managed by MSPs, was the largest such attack he had ever witnessed. Thousands of organizations worldwide were reportedly affected.
The SolarWinds attack first came to light in December 2020 and new developments about this major cyberattack lasted well into 2021. In January, the ISMG Security Report described new details emerging from the SolarWinds supply chain hack investigation (see: Severe SolarWinds Hacking: 250 Organizations Hit?).
The Indian government set up, in June, the Citizen Financial Cyber Fraud Reporting and Management System to report, track - and ultimately freeze - the proceeds of cyberattack-induced financial theft.
As early as this week, the Biden administration may unveil plans to curtail the ransomware attacks that have crippled corporate networks this year. According to a report from The Wall Street Journal, the Treasury Department will announce sanctions and similar guidance designed to disrupt the financial infrastructure that has enabled ransomware attacks to date.
U.S. federal banking regulators have approved a new rule that will require banks to notify regulators no later than 36 hours after the organization determines it has suffered a qualifying "computer-security incident," the nation's top financial agencies announced in November.
The U.K. is preparing to revamp the country's data protection and privacy laws as a way to spur economic growth and innovation in its post-Brexit economy, according to the Department for Digital, Culture, Media and Sport.
T-Mobile USA confirmed that its computer systems were illegally accessed, following reports of an apparent intrusion. But the Bellevue, Washington-based mobile communications subsidiary of Germany's Deutsche Telekom says it's still investigating whether customers' personal customer data was exposed.
While organizations are grappling with ways to tackle what some researchers says is a 35% spike in email phishing attacks, cybercriminals have upped the ante to move to more sophisticated techniques - using advanced deep fake and voice impersonation technologies to bypass voice authorization mechanisms and for voice phishing, or vishing, attacks.
In this ISMG Security Report, Jeremy Kirk discusses how flaws in the systems of ShapeShift, a U.K.-based cryptocurrency exchange, reveal how a North Korean-linked group laundered cryptocurrency that came from a notorious ransomware attack in 2017.
Apple unveiled a new system for detecting child sexual abuse photos on its devices, but computer security experts fear the system may morph into a privacy-busting tool. The system, called CSAM Detection, is designed to catch offensive material that's uploaded to iCloud accounts from devices. It works partially on a device itself - a detail that privacy and security experts say could open a door to broader monitoring of devices.
A newspaper reporter in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor, in what many experts characterize as being a political attempt to punish a whistleblower.
Ransomware Attacks: Analysis and Breakdown
Ransomware continues to be a top threat globally, with experts closely tracking threat actors and how their techniques have been evolving. Nation-state and criminal groups alike have not slowed down on launching campaigns dedicated to espionage, ransomware as a service, and general disruption targeting critical infrastructure around the world.
The Ransomware Files
In an effort to provide more depth to ransomware coverage, ISMG's Jeremy Kirk released the new podcast miniseries called "The Ransomware Files," which gives listeners the chance to experience what it is like being in the trenches as a ransomware attack unfolds.
- The Ransomware Files, Episode 1: The School District
- The Ransomware Files, Episode 2: Bridging Backup Gaps
- The Ransomware Files, Episode 3: Critical Infrastructure
Each episode features a guest discussing what it is like being the victim of ransomware - detecting the threat, deciding whether to pay the ransom, and sharing what was learned to provide additional defense tactics for IT security teams. All episodes are currently available to download on your preferred podcast streaming platform.
The FBI and the White House confirmed that the DarkSide ransomware variant was used in attack that caused disruptions at Colonial Pipeline, which operates a 5,500-mile pipeline that supplies fuel, gasoline and other petroleum products throughout large portions of the eastern U.S.
U.S. President Joe Biden has ordered federal intelligence agencies to investigate the incident involving IT management software vendor Kaseya, which sustained a suspected REvil ransomware attack. Attackers reportedly compromised Kaseya's remote monitoring system, VSA, leading the company to urge its managed service provider customers to temporarily shut down their on-premises servers while it prepared a fix.
The Scottish Environment Protection Agency says a ransomware attack last month continues to cause serious outages and warns that ransom-demanding attackers also stole some data.
The world's largest meat supplier, JBS, says an "organized cybersecurity attack" has led it to shut down servers in North America and Australia, and experts say a prolonged outage could have a noticeable impact on the global supply of meat.
Researchers say cryptocurrency wallets used by the operators behind the Ryuk ransomware strain and the gang's affiliates hold more than $150 million.
For cracking down on individual ransomware operations, one hurdle remains on the current threat landscape: As ever, multiple strains of crypto-locking malware are being used by many different attackers - not just operations and affiliates based in Russia - and there's a constant influx of new strains and players, driven by the increasing profits to be obtained via ransomware, and backed by a vibrant cybercrime-as-a-service economy.
Defenders across every type of targeted organization - including government agencies and private businesses - would do well to have more effective defenses in place. Such defenses would ideally include organizations proactively looking for known ransomware attackers' tactics, techniques and procedures. That kind of threat hunting can help defenders spot attacks in the reconnaissance phase before they progress to data being exfiltrated or systems getting crypto-locked.
As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential first steps they should take to smooth their recovery?
If you're a criminal, practicing good operational security would seem to preclude granting tell-all news media interviews. And yet we've seen a spate of attackers who wield ransomware - including MountLocker, LockBit, REvil and DarkMatter - sharing insights into their inclinations, motivations and tactics.
After Health Service Executive, Ireland's state health services provider, shut down all its IT systems serving hospitals in the wake of a ransomware attack in May, some security experts praised its decisive action and refusal to pay a ransom.
The medical malpractice lawsuit - connected the death of an infant to a 2019 ransomware attack - is potentially the first in the U.S. alleging a death was tied to a hospital ransomware attack, and stands as a stark example of what some experts have been warning about in recent months.
Australia plans to require larger businesses to report ransomware attacks to the government, as part of a comprehensive strategy that also includes new criminal penalties and assistance for victims.
Ransomware attacks have become the game changer in driving up security requirements, policy premiums and rejection rates for healthcare sector entities seeking new cyber insurance policies or renewals, says Doug Howard, CEO of privacy and security consultancy Pondurance.
ISMG's Video Interviews With CyberSecurity Thought Leaders
If you missed watching any of these video interviews, here are a few must-watch discussions collected by ISMG's editorial staff. From "passwordless" technology to zero trust, these interviews with leading industry professionals can offer insight on trends that will surely continue to grow in 2022.
RSA came from the virtual stage in 2021, and resilience was the fitting theme for the year. ISMG replaced its usual two live on-site studios with a suite of home studios and produced a diverse group of interviews on timely topics with thought leaders who will be solving cybersecurity's most urgent problems. ISMG conducted more than 100 interviews with the world's leading security experts.
When he co-founded the firm Beyond Identity in 2020, serial entrepreneur Jim Clark said he felt somewhat responsible for the proliferation of passwords. Now he and partner Tom Jermoluk are doing something about it. They are providing access to their passwordless technology for free.
When it comes to navigating Major Security Events, Jamil Farshchi has been there. As CISO of Equifax, he knows what it's like to be a victim of a high-profile cyberattack. And he knows breached companies have a choice: "Are they going to be a force for good by helping the rest of the industry learn from their experience?"
No script, no filter: Just Microsoft's Edna Conway and Cisco's Wendy Nather gathering with privacy leader Michelle Dennedy to discuss the impact of the SolarWinds supply chain attack and to play Buzzword Mystery Date with secure access service edge, customer identity and access management, and "passwordless" authentication. Are these cybersecurity trends dreamboats or duds?
Flavio Aggio, CISO of the World Health Organization, has had a long career across many sectors. He understands supply chain risk, and he sees the SolarWinds hack as "resumption of a very old attack - in new packaging." He offers insights on mitigating this and other cybersecurity risks.
The zero trust model is outdated in today's cloud environment, says Ian Thornton-Trump, CISO at Cyjax, a threat intelligence company, who recommends the use of segmentation and monitoring for anomalous behavior instead.
Gregory Touhill, the retired Air Force general and former federal CISO under President Obama, minces no words when he describes the Colonial Pipeline ransomware attack as a "global day of reckoning" for critical infrastructure protection.
Over the past year, we've seen development for the SolarWinds attack, the Microsoft Exchange Server exploits and the Colonial Pipeline ransomware strike. The threats are more imminent than ever. But Philip Reitinger of the Global Cyber Alliance believes strongly: We created this mess, and we can fix it.
From identity and access management to cloud migration and connected devices, retired RSA CEO Art Coviello looks beyond the pandemic and says, "It's going to be a Roaring '20s for technology." But he also foresees a potentially calamitous decade for security.
As CISO of Johnson & Johnson, Marene Allison was used to gauging her security posture by the top threat activity: nation-state, cybercrime, insider or hacktivist. But in 2020, they all struck at once. Here is one CISO's take on the state of the industry.
The U.S and its allies formally accusing China of cyberattacks on Microsoft Exchange servers comes as no surprise because it's "indicative of the behavior of the administration in China for many years now," says Cybereason CSO Sam Curry.
Key challenges from the recent State of Cybersecurity 2021 include "integrating risk with maturity and keeping up with industry trends," says Jenai Marinkovic, member of the ISACA Emerging Trends Working Group.
Including psychology in cybersecurity educational awareness programs allows employees to recognize and trust their own instincts when dealing with a potential security incident, says Denise Beardon, head of information security engagement Ransomware continues to be a top threat with experts predicting how threat actors' techniques and cyber insurance policies will evolve.
2022 Predictions in Cybersecurity: Trends and Analysis
As we wrap up 2021, many are likely thinking: What topics and trends will be the most critical for security teams in 2022? Check out the latest videos and articles - featuring leading security experts and professionals - for discussions about what is on the horizon.
On the heels of supply chain attacks, critical infrastructure hits and ransomware gone wild, what more can we expect from cyber attackers in 2022? Plenty, says Derek Manky of Fortinet's FortiGuard Labs. He details his New Year predictions.
As of Dec. 13, 2021, the UK is facing a "tidal wave" of infections from the COVID-19 Omicron variant, and case numbers are rising in North America as well. What do health experts know so far about the spread and severity of Omicron infections? Pandemic expert Regina Phelps shares insights.
On the cusp of 2022, John Kindervag - the father of the zero trust security model - reflects on how the zero trust dialogue has evolved in 2021 and makes his New Year's predictions. Will the president's executive order be an accelerator or an anchor? Which myths are ripe to be busted?
Principal analysts at Forrester, Sandy Carielli and Jeff Pollard, discuss their latest research, "Predictions 2022: Cybersecurity, Risk and Privacy," which highlights the need for gaps in third-party relationships, collaboration and trust to be addressed.
Automation, a good criminal network and the ability to use accounts as an alias are some of the factors contributing to synthetic ID fraud, says a panel of three experts - Karen Boyer, vice president, fraud at People's United Bank; John Buzzard, lead fraud and security analyst at Javelin Strategy and Research; and Greg Woolf, CEO of FiVerity.
As ransomware attacks continue to pose a significant threat to enterprises and individuals, "We will keep banging the message that basic cyber hygiene makes a big difference to lots of people," says Andy Bates of the Global Cyber Alliance.
What does the C-suite want to know about its organization's ransomware preparedness and response strategies? Clar Rosso of (ISC)² shares findings from the company's new report that provides insights into the minds of C-suite executives and how they perceive their organizations' readiness for ransomware attacks.
Garry Hargreaves, director of the NATO Communications and Information - or NCI - Academy, says the academy aims to prepare "the leaders of tomorrow" for a "volatile world."
The cryptocurrency industry has come together and formed a group called the Cryptocurrency Compliance Cooperative. What is the aim of this group, and how will it help the industry? Three experts - Ari Redbord, head of legal and government affairs, TRM Labs; Seth Sattler, Bank Secrecy Act officer, Digital Mint; and Michael Fasanello, director of training and regulatory affairs at the Blockchain Intelligence Group - share their insights.
Two years into the pandemic, pharmaceutical firms remain a top target for cybercriminals, and that trend will undoubtedly persist, says former Department of Defense threat analyst Paul Prudhomme.