The industry lacks a rubric of clear and standardized definitions of what constitutes cyber war, cyber terrorism, cyber espionage and cyber vandalism. Because of this, it’s becoming increasingly difficult for those of us in the profession to cut through the noise and truly understand risk. For example, on one hand, we have politicians and pundits declaring that the US is at cyber war with North Korea, and on the other hand President Obama declared the unprecedented Sony hack was vandalism. Who’s right?
The issue is exacerbated by the fact that such terms are often used interchangeably and without much regard to their real-world equivalents.
WORST CYBERATTACKS OF 2021.
Cybersecurity practitioners rang in 2021 while fighting fires in the aftermath of the massive SolarWinds hack. And now, with many predicting we won’t know the full scope of the Log4j vulnerability and subsequent cyberattacks for months or even years, it looks like we’ll be in for a similar 2022.
But before we start speculating on how bad the bugs are going to get next year, let’s take a look back at some of the worst cyberattacks of 2021. While it’s been a doozy of a past 12 months, and there were plenty of attacks and vulnerabilities that we could have included on this list, here’s our highly subjective review of 2021’s worst.
Yes, we’re cheating a little bit with the timeline on this one because Mandiant first discovered the breach in December 2020. The SolarWinds CEO would later say that an internal investigation revealed that Russian state-sponsored attackers hacked the software provider’s network as early as January 2019. But we didn’t know that in January 2021. At the time security analysts and policy makers were just beginning to realize that the breach was “much worse” than many originally feared.
After the attackers broke into SolarWinds, they inserted malware into the vendor’s Orion software update that was pushed to about 18,000 customers beginning in March 2019. This allowed them to remain in organizations’ environments for months without being detected. Threat researchers now believe the Russian attackers compromised about 100 private corporations in the United States and nine federal agencies’ networks.
With U.S. companies and government agencies still reeling from the SolarWinds attacks, Chinese hacking group Hafnium found vulnerabilities in Microsoft Exchange that gave them access to the email accounts of at least 30,000 organizations in the U.S. and 250,000 globally.
“Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs,” Microsoft’s Tom Burt, corporate VP for customer security and trust, wrote in a March blog post.
Cybersecurity and Infrastructure Security Agency sounded the alarm that attackers were already exploiting the security flaw, which received a perfect 10 out of 10 severity score.
As of Dec. 20, Check Point reported that its threat researchers had seen an attempted exploit of more than 48% of corporate networks globally.
Wiz, the cloud security startup that discovered the Microsoft Cosmos DB vulnerability earlier this year, said more than 89% of all IT environments have vulnerable Log4j libraries.
Initially Microsoft warned that attackers were mass scanning the internet for vulnerable systems and using Log4j to install coin miners, Cobalt Strike to enable credential theft and lateral movement, and steal data. But ransomware gangs soon followed, and security practitioners warn it will be months before we know the full extent of the damage.
“Every organization out there is going to have some exposure to this most likely,” Matt Olney, director of Talos threat intelligence said during a Cisco livestream event. “Very few Will Escape.”