The Year in Cybersecurity Recap
The top trends and stories from 2021 in the world of cybersecurity and related topics are covered in our latest podcast episode and accompanying blog.
Visit the podcast page for all episodes or listen on the platforms below.
Most Impactful Cyber Attacks of 2021
To help structure this recap we are going to reference Google Search Trends, which track and show reports on search volume.
Solarwinds Hack Fallout Continues from 2020
At the end of 2020, the Solarwinds platform was hacked by likely a Russian group. The result was that thousands of organizations, including many in the government, were compromised and records were breached. The perpetrator was thought to be the Russian government. In this case, the goal was not money or ransom it seems.
Impact of Colonial Pipeline Ransomware Shuts Down Countless Gas Stations
On May 7, 2021, Colonial Pipeline fell victim to a cyber attack. Shortly after the attack, the company paid a ransom. The group responsible was likely a Russian hacking group DarkSide. The attack appears to have started with a phishing email. Next in the chain of events was a ransomware infection. In order to contain the attack, the company shut down its operations until May 12, 2021. During this time, the media reports surrounding the attack began to report. This spurred massive runs on different gas stations, as people feared they would be without gas. Areas without reliance on the actual pipeline even reported shortages resulting from the panic.
Kaseya’s Malware Infection Highlights Supply Chain Risk
In July 2021, another supply chain-style hack was revealed to have occurred via Kaseya. Hundreds of managed service providers had REvil ransomware dropped on their systems through the software company’s desktop management software. This led to President Biden making some strong comments to Putin. The group itself went offline a few weeks after the attack. Many suspect that the pressure was too much, but the members might re-brand as a new group in the future. On November 8, 2021, the United States Department of Justice unsealed indictments against Ukrainian nationals thought to be responsible.
Most Popular Articles Posted to Cipher Social Media
New articles are posted to Cipher’s LinkedIn and Twitter accounts on a regular basis. The stories that received the most clicks and interest were:
- November 9, 2021: Robinhood says a hacker talked their way past the stock-trading app’s defenses, stealing millions of user email addresses, bank card numbers, and more.
- August 25, 2021: Global consulting firm Accenture was recently infected with LockBit 2.0 ransomware.
- June 24, 2021: Beware of phishing emails claiming your free trial subscription is over. Attackers are urging you to call a number to cancel your “subscription” before you get hit with monthly fees.
- April 8, 2021: Threat actors are using unpatched VPNs to gain access to company networks and infect targets with ransomware.
- October 7, 2021: The Amazon-owned gaming platform Twitch has suffered a data breach that experts have called a “highly targeted attack”.
Most Visited Cipher Blog Posts of 2021
The most visited blogs from Cipher reflect a desire to learn and grow:
- 10 Personal Cyber Security Tips: Learn 10 personal cybersecurity tips that we recommend from our experience managing millions of security events for businesses and professionals worldwide.
- Which Country is #1 in Cybersecurity?: USA? Russia? China? This post looks at which countries are more or less prepared for cybersecurity offensive and defensive actions.
- 20 Important Data Privacy Questions You Should be Asking Now: Security leaders face critical decisions to ensure their organization is safeguarding data – here are data privacy questions you should start reviewing now.
- How Blockchain Can Be Hacked: The 51% Rule and More: How can Bitcoin, Litecoin, and Ethereum get hacked? The blog looks at what happens if a single entity gets over 51% of the computing power.
- The Must-Have Skill Sets & Certifications for Cyber Security Careers: Cybersecurity careers are one of the hottest and most in-demand fields for IT professionals. Discover the top skills needed for a career in cybersecurity.
Core Underlying Trends of 2021
In many of the attacks above, the ransomware was payable in bitcoins or other cryptocurrencies. This year was a wild ride in terms of prices. 2021 started with about $30,000 per Bitcoin. The price now is a bit below $60,000 per coin. This has been fueled speculation and people seeking to capitalize. Dogecoin skyrocketed in interest and percent value early in the year and this led many to see crypto and alternative forms of securities or currency as a way to get rich quick.
COVID and Remote Work Continues
Remote work and flexible work remains a factor. Forty-five percent of full-time U.S. employees worked from home either all or part of the time in Gallup’s September update of its monthly employment trends. This is down from 59% at the height of the pandemic but still shows that a mass return to offices for white-collar workers has not happened.
54% of IT professionals consider remote workers to pose a greater security risk than traditional workers.
Top Trends in Attack Prevention
SASE and Zero Trust
Cipher partners with many top technology vendors. And we continue to see new interest in ways people can defend against the many attacks mentioned and maintain security as workplace dynamics change. Two concepts that have continued to grow are Secure Access Service Edge or SASE and Zero Trust.
According to Google, in 2021, the terms related to SASE and Zero Trust increased in search volume growth quite a bit year-over-year.
1. “SASE Definition” up 400%
2. “What is Zero Trust Security” up 300%
3. “What is Zero Trust” up 250%
4. “What is SASE” up 110%
5. “SASE Meaning” up 110%
6. “Zero Trust Architecture” up 90%
Convergence of Digital and Physical Security and Risk Management
The threats we have mentioned earlier often blur the lines between the physical and digital world. Taking a holistic view is key. Prosegur has a new Global Risk Services unit and their CEO Robert Dodge said this in the whitepaper we wrote on the topic earlier this year:
“The hallmark of effective risk management is how effectively enterprises manage access control both physically and digitally. Today’s 21st-century sophisticated threats leverage both physical and digital approaches in combination to achieve their goals.”
2022 promises to be another year full of intrigue and excitement in the world of security and risk. Comment below on what you predict for the next year!