In many ways, 2021 was the year of the hacker. The year began with information technology professionals still scrambling to access the scope of the wide-ranging SolarWinds attack and ended with more attacks and ransom payouts than any other year in history.
The constant proliferation of new ransomware and state-sponsored hacking organizations, including Advanced Persistent Threat Groups (APTs), is sure to make 2022 an even more profitable year for criminals operating on the so-called “Dark Web,” while cybersecurity issues in general will continue to take a more prominent presence in matters related to national security and diplomacy.
Government agencies like the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) worked around the clock to suppress the constant cyber threats facing America with varying results, and here are some of the more notable attacks they saw in 2021:
- January: Former CISA Director Christopher Krebs, who was fired by President Trump after his endorsement of a November 17 Joint Statement from the Elections Infrastructure Government Coordinating Council and the Election Infrastructure Sector Coordinating Executive Committees claiming that “The November 3rd election was the most secure in American history,” is hired as a consultant by SolarWinds, victim of perhaps the most wide-ranging hack in history. The controversial statement fails to acknowledge the Hall County, GA, ransomware attack against Georgia’s election systems less than a month before the election that disabled the county’s voter signature database.
- February: DHS announces several new programs focused on the improvement of American cybersecurity. Among these initiatives is an increase in cybersecurity funding for state and local governments via Federal Emergency Management Agency (FEMA) grants and “The Reduce the Risk of Ransomware Campaign.”
- March: The cyberattack against Microsoft Exchange Server software targets several key flaws in the program and offers hackers unfettered access to the email accounts of more than 30,000 U.S. organizations. The attack was the work of Chinese Advanced Persistent Threat Group Hafnium. Although the U.S. and our European allies would threaten new economic sanctions against the Chinese government for the attack, none have come down as of December 2021.
- April: Russia’s DarkSide Ransomware Gang begins executing perhaps the most damaging attack in U.S. history when they target Colonial Pipeline. Although reports of the attack didn’t surface until May, the attack was actually initiated in late April of 2021 and shut down a 5,500-mile pipeline responsible for delivering 45 percent of the east coast’s fuel supply. Shortly after the Colonial attack, DarkSide would target Brenntag, a chemical distribution company, in an attack that netted the cybercriminals 150 GB of data and a ransom payment of over $4 million.
- May: As part of the various supply chain woes that the United States experienced in 2021, a major attack against meat manufacturer JBS Foods by a Russian-based outfit known as the REvil Ransomware Gang slowed beef distribution in America this past spring. The hack would produce one of the largest ransom payouts in history, with REvil receiving $11 million from JBS.
- June: June saw Colonial Pipeline CEO Joseph Blount appear before Congress to answer questions regarding the DarkSide hacking attack. Many observers and experts in the field of cybersecurity questioned whether Colonial violated the 2020 Office of Foreign Assets Control (OFAC) advisory outlining penalties for businesses that are found to have issued ransom payments to groups or individuals under U.S. sanctions.
- July: REvil carries out an attack against IT infrastructure vendor Kaseya by leveraging a fake software update that targets Kaseya’s clients. According to the hackers, up to one million entities had their computers encrypted and the group demanded a ransom of $70 million in bitcoin.
- August: CISA’s Jen Easterly announces the formation of the Joint Cyber Defense Collaborative at the Black Hat cybersecurity conference on August 5. The program taps “Big-Tech” companies Google, Amazon, and Microsoft, to assist the federal government defending critical infrastructure against future attacks.
- September: A Labor Day weekend attack targets historically black Howard University with ransomware and disrupts online classes for several days amid the still-ongoing COVID-19 pandemic.
- October: Sinclair Broadcast Group is targeted by a Russian-based hack that shuts down email, data, and phone networks. Microsoft reports that Russian APT group Nobelium, who are thought to be responsible for the SolarWinds attack, spent several months attacking entities responsible for reselling Microsoft cloud services. Prior to Halloween, candy manufacturer Ferrara is the victim of a ransomware attack.
- November: According to reports, foreign hackers breach nine entities in the education, defense, healthcare, energy, and technology sectors.
- December: Israel and the United Arab Emirates agree to share defense and cyber intelligence. CISA warns that a new vulnerability potentially threatens the security of hundreds of millions of devices. The vulnerability, known as Log4j, is associated with a utility that runs as part of many common software applications.
2022 will only bring more attacks as the stakes rise in the ongoing global cyber war. We are sure to see countless new ransomware strains and state-sponsored Advanced Persistent Threats (APTs) rise as the Biden Administration scrambles to respond, and the question of whether they are competent enough to deal with emerging threats is sure to play a role in the outcome of this November’s critical midterm elections.