3rd Party Risk Management , Application Security , Blockchain & Cryptocurrency

ISMG's Greatest Hits: Top Cybersecurity Stories of 2021

From Ransomware to Log4j, a Compilation of Stories, Podcasts and Expert Analysis
ISMG's Greatest Hits: Top Cybersecurity Stories of 2021
The May attack against Colonial Pipeline reshaped the national narrative on ransomware (Source: Colonial Pipeline)

This past year has been a whirlwind for cybersecurity leaders. From watching the developments of late 2020's unprecedented SolarWinds cyberattack unfold in the New Year to ending with the Log4j vulnerability saga, 2021 has been another record year for information security - and the speed of news developments will not abate any time soon.

See Also: Panel Discussion | Partnering to Achieve Zero Trust Maturity

Here is a compilation of some of 2021's must-read stories - categorized by breaking news events, ransomware analysis, best video interviews and cybersecurity predictions for 2022.

Global Breaking News Events

Information security news made many headlines this year, crossing into most mainstream news outlets.

In the United States, the Biden administration responded to the rise in ransomware attacks - including Kaseya, Colonial Pipeline and other attacks on critical infrastructure - showing a growing government focus on security defense in the United States. The U.S. and the world are also grappling with how cryptocurrency will play into the future of finance. How will these new laws and regulations in the cyber sphere affect the security industry in the New Year?

From a global perspective, there were many other major events that affected the security world: the Conti ransomware attack on Ireland's healthcare system, India's government rollout of the Citizen Financial Cyber Fraud Reporting and Management System and the U.K. grappling with data privacy and protection laws, among many other events that had a cybersecurity impact.

Is there a major news event that ISMG covered in your region that has not made this list? Share it with us on social media through Twitter (@ISMG_News) or LinkedIn (Information Security Media Group - ISMG).

Frequency of attempts to test or exploit the Log4j flaw, seen across 58 countries over a 48-hour period (Source: McAfee)

Severe Apache Log4j Vulnerability Threatens Enterprise Apps

A zero-day vulnerability detected in the Java logging library Apache Log4j can result in full server takeover and leaves countless applications vulnerable, according to security researchers, who say that the easily exploitable flaw was first detected in the popular game Minecraft. Experts are predicting the effects of Log4j could affect the security industry for years to come (see: Log4j Updates: Flaw Challenges Global Security Leaders).

Colonial Pipeline Ransomware Attack

In May, a ransomware attack against Colonial Pipeline drove the company to shut down more than 5,000 miles of pipeline for a week, and shaped the way security leaders discussed this topic for the rest of the year. The Biden administration revealed early on that the attack had been carried out using the DarkSide strain of ransomware and prompted Congress to put ransomware regulations front and center. Colonial Pipeline CEO Joseph Blount was severely criticized for his handling of the attack, including paying a ransom - although the FBI later recovered most of it - and Congress questioned what he could have done better to handle the country's critical pipeline networks.

Kaseya Ransomware Attack: 'Largest Attack I've Witnessed'

Like Colonial Pipeline and SolarWinds, the ransomware attack involving Kaseya's remote-management software - widely used by managed service providers - marked a major turning point in how security practitioners viewed security best practices, as well as preparation and mitigation strategies. Mark Loman of Sophos said the incident, involving attackers using Kaseya's software to directly push ransomware onto systems managed by MSPs, was the largest such attack he had ever witnessed. Thousands of organizations worldwide were reportedly affected.

Video: SolarWinds Supply Chain Hack: Investigation Update

The SolarWinds attack first came to light in December 2020 and new developments about this major cyberattack lasted well into 2021. In January, the ISMG Security Report described new details emerging from the SolarWinds supply chain hack investigation (see: Severe SolarWinds Hacking: 250 Organizations Hit?).

India Launches Effort to Track, Freeze Cyber Fraud Proceeds

The Indian government set up, in June, the Citizen Financial Cyber Fraud Reporting and Management System to report, track - and ultimately freeze - the proceeds of cyberattack-induced financial theft.

US to Unveil Sanctions on Use of Cryptocurrency for Ransoms

As early as this week, the Biden administration may unveil plans to curtail the ransomware attacks that have crippled corporate networks this year. According to a report from The Wall Street Journal, the Treasury Department will announce sanctions and similar guidance designed to disrupt the financial infrastructure that has enabled ransomware attacks to date.

Regulators: Banks Have 36 Hours to Report Cyber Incidents

U.S. federal banking regulators have approved a new rule that will require banks to notify regulators no later than 36 hours after the organization determines it has suffered a qualifying "computer-security incident," the nation's top financial agencies announced in November.

UK Looks to Revamp Data Privacy Policies Post-Brexit

The U.K. is preparing to revamp the country's data protection and privacy laws as a way to spur economic growth and innovation in its post-Brexit economy, according to the Department for Digital, Culture, Media and Sport.

T-Mobile Probes Attack, Confirms Systems Were Breached

T-Mobile USA confirmed that its computer systems were illegally accessed, following reports of an apparent intrusion. But the Bellevue, Washington-based mobile communications subsidiary of Germany's Deutsche Telekom says it's still investigating whether customers' personal customer data was exposed.

Deepfakes, Voice Impersonations Used in Vishing-as-a-Service

While organizations are grappling with ways to tackle what some researchers says is a 35% spike in email phishing attacks, cybercriminals have upped the ante to move to more sophisticated techniques - using advanced deep fake and voice impersonation technologies to bypass voice authorization mechanisms and for voice phishing, or vishing, attacks.

Cryptocurrency Exchange Bug Reveals 'WannaCry 2.0' Clues

In this ISMG Security Report, Jeremy Kirk discusses how flaws in the systems of ShapeShift, a U.K.-based cryptocurrency exchange, reveal how a North Korean-linked group laundered cryptocurrency that came from a notorious ransomware attack in 2017.

Apple's Image Abuse Scanning Worries Privacy Experts

Apple unveiled a new system for detecting child sexual abuse photos on its devices, but computer security experts fear the system may morph into a privacy-busting tool. The system, called CSAM Detection, is designed to catch offensive material that's uploaded to iCloud accounts from devices. It works partially on a device itself - a detail that privacy and security experts say could open a door to broader monitoring of devices.

Missouri Refers Coordinated Bug Disclosure to Prosecutors

A newspaper reporter in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor, in what many experts characterize as being a political attempt to punish a whistleblower.

Ransomware Attacks: Analysis and Breakdown

Photo Credit: Pixabay

Ransomware continues to be a top threat globally, with experts closely tracking threat actors and how their techniques have been evolving. Nation-state and criminal groups alike have not slowed down on launching campaigns dedicated to espionage, ransomware as a service, and general disruption targeting critical infrastructure around the world.

The Ransomware Files

In an effort to provide more depth to ransomware coverage, ISMG's Jeremy Kirk released the new podcast miniseries called "The Ransomware Files," which gives listeners the chance to experience what it is like being in the trenches as a ransomware attack unfolds.

Each episode features a guest discussing what it is like being the victim of ransomware - detecting the threat, deciding whether to pay the ransom, and sharing what was learned to provide additional defense tactics for IT security teams. All episodes are currently available to download on your preferred podcast streaming platform.

FBI DarkSide Ransomware Used in Colonial Pipeline Attack

The FBI and the White House confirmed that the DarkSide ransomware variant was used in attack that caused disruptions at Colonial Pipeline, which operates a 5,500-mile pipeline that supplies fuel, gasoline and other petroleum products throughout large portions of the eastern U.S.

Biden Orders Investigation of Kaseya Ransomware Attack

U.S. President Joe Biden has ordered federal intelligence agencies to investigate the incident involving IT management software vendor Kaseya, which sustained a suspected REvil ransomware attack. Attackers reportedly compromised Kaseya's remote monitoring system, VSA, leading the company to urge its managed service provider customers to temporarily shut down their on-premises servers while it prepared a fix.

Ransomware Disrupts Scottish Environment Protection Agency

The Scottish Environment Protection Agency says a ransomware attack last month continues to cause serious outages and warns that ransom-demanding attackers also stole some data.

Meat Processing Grinds to Halt After 'Cybersecurity Attack'

The world's largest meat supplier, JBS, says an "organized cybersecurity attack" has led it to shut down servers in North America and Australia, and experts say a prolonged outage could have a noticeable impact on the global supply of meat.

Ryuk Ransomware Profits: $150 Million

Researchers say cryptocurrency wallets used by the operators behind the Ryuk ransomware strain and the gang's affiliates hold more than $150 million.

Ransomware Landscape: REvil Is One of Many Operators

For cracking down on individual ransomware operations, one hurdle remains on the current threat landscape: As ever, multiple strains of crypto-locking malware are being used by many different attackers - not just operations and affiliates based in Russia - and there's a constant influx of new strains and players, driven by the increasing profits to be obtained via ransomware, and backed by a vibrant cybercrime-as-a-service economy.

Ransomware: Beware of 13 Tactics, Tools and Procedures

Defenders across every type of targeted organization - including government agencies and private businesses - would do well to have more effective defenses in place. Such defenses would ideally include organizations proactively looking for known ransomware attackers' tactics, techniques and procedures. That kind of threat hunting can help defenders spot attacks in the reconnaissance phase before they progress to data being exfiltrated or systems getting crypto-locked.

Alert for Ransomware Attack Victims: Here's How to Respond

As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential first steps they should take to smooth their recovery?

Secrets and Lies: The Games Ransomware Attackers Play

If you're a criminal, practicing good operational security would seem to preclude granting tell-all news media interviews. And yet we've seen a spate of attackers who wield ransomware - including MountLocker, LockBit, REvil and DarkMatter - sharing insights into their inclinations, motivations and tactics.

Ransomware Attack Leads to IT Shutdown for Irish Hospitals

After Health Service Executive, Ireland's state health services provider, shut down all its IT systems serving hospitals in the wake of a ransomware attack in May, some security experts praised its decisive action and refusal to pay a ransom.

Lawsuit: Hospital's Ransomware Attack Led to Baby's Death

The medical malpractice lawsuit - connected the death of an infant to a 2019 ransomware attack - is potentially the first in the U.S. alleging a death was tied to a hospital ransomware attack, and stands as a stark example of what some experts have been warning about in recent months.

Australia Plans Ransomware Attack Reporting Requirement

Australia plans to require larger businesses to report ransomware attacks to the government, as part of a comprehensive strategy that also includes new criminal penalties and assistance for victims.

Why Ransomware Is a Game Changer for Cyber Insurance

Ransomware attacks have become the game changer in driving up security requirements, policy premiums and rejection rates for healthcare sector entities seeking new cyber insurance policies or renewals, says Doug Howard, CEO of privacy and security consultancy Pondurance.

ISMG's Video Interviews With CyberSecurity Thought Leaders

ISMG editors (clockwise from top right) Tom Field, Anna Delaney, Suparna Goswami and Mathew J. Schwartz discuss ransomware.

If you missed watching any of these video interviews, here are a few must-watch discussions collected by ISMG's editorial staff. From "passwordless" technology to zero trust, these interviews with leading industry professionals can offer insight on trends that will surely continue to grow in 2022.

The Best of RSA Virtual Conference 2021

RSA came from the virtual stage in 2021, and resilience was the fitting theme for the year. ISMG replaced its usual two live on-site studios with a suite of home studios and produced a diverse group of interviews on timely topics with thought leaders who will be solving cybersecurity's most urgent problems. ISMG conducted more than 100 interviews with the world's leading security experts.

Jim Clark: Why He's Giving Away Passwordless Technology

When he co-founded the firm Beyond Identity in 2020, serial entrepreneur Jim Clark said he felt somewhat responsible for the proliferation of passwords. Now he and partner Tom Jermoluk are doing something about it. They are providing access to their passwordless technology for free.

Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains

When it comes to navigating Major Security Events, Jamil Farshchi has been there. As CISO of Equifax, he knows what it's like to be a victim of a high-profile cyberattack. And he knows breached companies have a choice: "Are they going to be a force for good by helping the rest of the industry learn from their experience?"

Unscripted: 3 Security Leaders Dissect Today's Top Trends

No script, no filter: Just Microsoft's Edna Conway and Cisco's Wendy Nather gathering with privacy leader Michelle Dennedy to discuss the impact of the SolarWinds supply chain attack and to play Buzzword Mystery Date with secure access service edge, customer identity and access management, and "passwordless" authentication. Are these cybersecurity trends dreamboats or duds?

World Health Organization CISO on Supply Chain Risk

Flavio Aggio, CISO of the World Health Organization, has had a long career across many sectors. He understands supply chain risk, and he sees the SolarWinds hack as "resumption of a very old attack - in new packaging." He offers insights on mitigating this and other cybersecurity risks.

'Zero Trust': An Outdated Model?

The zero trust model is outdated in today's cloud environment, says Ian Thornton-Trump, CISO at Cyjax, a threat intelligence company, who recommends the use of segmentation and monitoring for anomalous behavior instead.

Colonial Pipeline: 'A Global Day of Reckoning'

Gregory Touhill, the retired Air Force general and former federal CISO under President Obama, minces no words when he describes the Colonial Pipeline ransomware attack as a "global day of reckoning" for critical infrastructure protection.

SolarWinds, Ransomware and the State of the Industry

Over the past year, we've seen development for the SolarWinds attack, the Microsoft Exchange Server exploits and the Colonial Pipeline ransomware strike. The threats are more imminent than ever. But Philip Reitinger of the Global Cyber Alliance believes strongly: We created this mess, and we can fix it.

Art Coviello: 'It's a Roaring '20s for Technology'

From identity and access management to cloud migration and connected devices, retired RSA CEO Art Coviello looks beyond the pandemic and says, "It's going to be a Roaring '20s for technology." But he also foresees a potentially calamitous decade for security.

CISO Spotlight: Marene Allison, Johnson & Johnson

As CISO of Johnson & Johnson, Marene Allison was used to gauging her security posture by the top threat activity: nation-state, cybercrime, insider or hacktivist. But in 2020, they all struck at once. Here is one CISO's take on the state of the industry.

China's Cyberattacks: Sizing Up International Response

The U.S and its allies formally accusing China of cyberattacks on Microsoft Exchange servers comes as no surprise because it's "indicative of the behavior of the administration in China for many years now," says Cybereason CSO Sam Curry.

ISACA 2021 Report: Top Trends, Improving Cyber Maturity

Key challenges from the recent State of Cybersecurity 2021 include "integrating risk with maturity and keeping up with industry trends," says Jenai Marinkovic, member of the ISACA Emerging Trends Working Group.

Using Psychology to Increase Organizational Resiliency

Including psychology in cybersecurity educational awareness programs allows employees to recognize and trust their own instincts when dealing with a potential security incident, says Denise Beardon, head of information security engagement Ransomware continues to be a top threat with experts predicting how threat actors' techniques and cyber insurance policies will evolve.

2022 Predictions in Cybersecurity: Trends and Analysis

John Kindervag, the mind behind the zero trust security model, discusses his predictions for 2022.

As we wrap up 2021, many are likely thinking: What topics and trends will be the most critical for security teams in 2022? Check out the latest videos and articles - featuring leading security experts and professionals - for discussions about what is on the horizon.

Cyber Attacks: The 2022 Predictions

On the heels of supply chain attacks, critical infrastructure hits and ransomware gone wild, what more can we expect from cyber attackers in 2022? Plenty, says Derek Manky of Fortinet's FortiGuard Labs. He details his New Year predictions.

COVID-19: How Does Omicron Change the Discussion?

As of Dec. 13, 2021, the UK is facing a "tidal wave" of infections from the COVID-19 Omicron variant, and case numbers are rising in North America as well. What do health experts know so far about the spread and severity of Omicron infections? Pandemic expert Regina Phelps shares insights.

Zero Trust: John Kindervag's 2022 Outlook and Predictions

On the cusp of 2022, John Kindervag - the father of the zero trust security model - reflects on how the zero trust dialogue has evolved in 2021 and makes his New Year's predictions. Will the president's executive order be an accelerator or an anchor? Which myths are ripe to be busted?

Forrester Predictions: Rethinking Supply Chain Management

Principal analysts at Forrester, Sandy Carielli and Jeff Pollard, discuss their latest research, "Predictions 2022: Cybersecurity, Risk and Privacy," which highlights the need for gaps in third-party relationships, collaboration and trust to be addressed.

Synthetic ID Fraud: What to Look Forward to in 2022

Automation, a good criminal network and the ability to use accounts as an alias are some of the factors contributing to synthetic ID fraud, says a panel of three experts - Karen Boyer, vice president, fraud at People's United Bank; John Buzzard, lead fraud and security analyst at Javelin Strategy and Research; and Greg Woolf, CEO of FiVerity.

The Need to Think Differently About Cybersecurity in 2022

As ransomware attacks continue to pose a significant threat to enterprises and individuals, "We will keep banging the message that basic cyber hygiene makes a big difference to lots of people," says Andy Bates of the Global Cyber Alliance.

Ransomware and the C-Suite: What Do Executives Want to Know?

What does the C-suite want to know about its organization's ransomware preparedness and response strategies? Clar Rosso of (ISC)² shares findings from the company's new report that provides insights into the minds of C-suite executives and how they perceive their organizations' readiness for ransomware attacks.

NATO's NCI Academy: Training Tomorrow's Cyber Leaders

Garry Hargreaves, director of the NATO Communications and Information - or NCI - Academy, says the academy aims to prepare "the leaders of tomorrow" for a "volatile world."

Cryptocurrency Compliance Cooperative: The Road Map for 2022

The cryptocurrency industry has come together and formed a group called the Cryptocurrency Compliance Cooperative. What is the aim of this group, and how will it help the industry? Three experts - Ari Redbord, head of legal and government affairs, TRM Labs; Seth Sattler, Bank Secrecy Act officer, Digital Mint; and Michael Fasanello, director of training and regulatory affairs at the Blockchain Intelligence Group - share their insights.

Why Healthcare Will Remain a Top Cyberattack Target in 2022

Two years into the pandemic, pharmaceutical firms remain a top target for cybercriminals, and that trend will undoubtedly persist, says former Department of Defense threat analyst Paul Prudhomme.


About the Author

Devon Warren-Kachelein

Devon Warren-Kachelein

Staff Writer, ISMG

Warren-Kachelein began her information security journey as a multimedia journalist for SecureWorld, a Portland, Oregon-based cybersecurity events and media group. There she covered topics ranging from government policy to nation-states, as well as topics related to diversity and security awareness. She began her career reporting news for a Southern California-based paper called The Log and also contributed to tech media company Digital Trends.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.