2021, measured in cybersecurity devastation
The world saw an explosion in hacking and ransomware attacks in 2021. Controversial changes at the Department of Homeland Security (DHS) subdivision, the Cybersecurity and Infrastructure Security Agency (CISA), ushered in new leadership that scattered to respond to the constantly increasing threat posed by countries that include China, Russia, Iran, and North Korea.
Over the months, new initiatives would be undertaken with inconclusive results, but one theme that proved consistent was a defensive cybersecurity posture that resulted in billions of dollars in ransoms being paid this year.
Against that backdrop, here are the most notable cybersecurity events for the year 2021.
- January: The aftermath of the disputed 2020 presidential election saw the emergence of a bitter feud between outgoing president Donald Trump and CISA director Christopher Krebs over the legitimacy of election results. Ultimately, a November 17 joint statement from the Elections Infrastructure Government Coordinating Council and the Election Infrastructure Sector Coordinating Executive Committees that was endorsed by Krebs and claimed that "the November 3rd election was the most secure in American history" led to Krebs's firing. Despite the unceremonious dismissal, in January of 2021, Krebs would be hired as a consultant by SolarWinds, the victim of perhaps the most wide-ranging cyberattack in history.
- February: Late in February of 2021, DHS director Alejandro Mayorkas announced several new initiatives intended to improve American cybersecurity. These included a plan to increase cybersecurity spending through Federal Emergency Management Agency (FEMA) grants and "The Reduce the Risk of Ransomware Campaign," which would be handled by CISA.
- March: One of the most widely reported breaches of 2021, the attack targeting Microsoft Exchange Server software, exploited several key flaws in the software and gave hackers access to email accounts belonging to more than 30,000 organizations across the United States. The attack was carried out by the Chinese Advanced Persistent Threat Group Hafnium. The attack prompted threats of economic sanctions against China from the U.S. and European allies that are yet to be established.
- April: Although reports of a hacking attack against Colonial Pipeline by Russia's DarkSide Ransomware Gang didn't surface until May, the attack was initiated in late April of 2021. The attack would see a shutdown in the 5,500-mile pipeline responsible for providing 45% of the east coast's fuel supply. DarkSide struck again shortly after the Colonial Pipeline attack, this time targeting Brenntag, a chemical distribution company. This hack netted the group 150 GB's worth of data and a huge ransom payment of $4.4 million.
- May: Adding to the hacking-related supply chain woes of the U.S. in spring of this year was the May attack against meat manufacturer JBS Foods. This attack was also carried out by a Russian-based outfit. This time it was the REvil Ransomware Gang. The attack netted one of the largest ransoms in history, with the hackers receiving 11 million dollars from JBS Foods.
- June: In early June, the CEO of Colonial Pipeline was summoned to appear before Congress to answer questions regarding the company's handling of the DarkSide hack. Among the more serious issues related to the attack was the question of whether Colonial had violated a 2020 Office of Foreign Assets Control (OFAC) advisory that outlined penalties for American businesses that issued ransom payouts to individuals or groups under U.S. sanctions.
- July: REvil, the outfit that targeted JBS Foods, struck again with an attack against I.T. infrastructure provider Kaseya. Due to nature of Kaseya's client base, the attack had devastating potential across many key areas of the American economy. REvil penetrated the company via a fake software update that infiltrated both Kaseya's clients and its client's customers. REvil claimed that up to one million systems were encrypted as a result of the attack that saw the group demand $70 million in bitcoin.
- August: In her first high-profile public statements since being confirmed as director of CISA, Jen Easterly announced the formation of a Joint Cyber Defense Collaborative at the Black Hat cybersecurity conference on August 5. The initiative combines the expertise of the public sector, namely Big Tech companies Google, Amazon, and Microsoft, and the federal government to defend against future cyber-attacks against critical infrastructure and other valuable targets.
- September: Governments around the world suffered key breaches as the South African Department of Justice was struck with a ransomware attack that took the country's DOJ and Constitutional Development website and services offline, while New Zealand's postal service website along with online services for several of the country's largest banks was taken offline in a DDoS attack on September 7. In the U.S., Labor Day weekend saw Howard University fall victim to a ransomware attack that disrupted online classes for several days.
- October: Sinclair Broadcast Group, which operates 185 local TV stations across America, was victimized by a Russian-based hack that shut down email, phone systems, and data networks, while an October 24 blog post from Microsoft reported that Russian Nobelium, who were behind the SolarWinds attack, spent three months attacking companies that resell Microsoft cloud services. Additionally, just in time for Halloween, Chicago-based candy-maker Ferrara was victimized by a ransomware attack.
- November: A November report that cited findings from security firm Palo Alto Networks indicated that suspected foreign hackers had breached nine entities in the defense, energy, health care, technology, and education sectors.
- December: As part of the Abraham Accords brokered by the Trump administration, the United Arab Emirates and Israel agreed to exchange ambassadors and established agreements on defense and cyber intelligence. In addition, CISA warned that the Log4j vulnerability, which is linked to a utility that runs in the background of many common software applications, could potentially impact hundreds of millions of devices.
The issue of cybersecurity will continue to be a driving force behind everything from diplomatic relations to day-to-day global commerce while cybercriminals and the governments that support them will continue to discover new ways to exploit vulnerabilities in the never-ending effort to gain a competitive geo-political and militaristic edge. Next year should bring a plethora of new ransomware strains and state-sponsored Advanced Persistent Threats (APTs) that are sure to keep I.T. professionals in the public and private sectors awake at night.
Julio Rivera is a business and political strategist, the editorial director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by numerous websites, and he is regularly seen on national and international news programming.
Image via Pixnio.
To comment, you can find the MeWe post for this article here.