Massive breaches in government agencies, large companies, and even supply chains for essential commodities such as gasoline and meat – it’s all about 2021. The year has not yet come to an end, but cyberattacks were in the headlines all year long.
2021 began with some unpleasant cybersecurity news. In January, the Federal Bureau of Investigation, the National Security Agency, and the U.S. Cybersecurity and Infrastructure Security Agency jointly suggested that Russia was responsible for the attack on SolarWinds. SolarWinds is a Texas company whose software was used by everyone from the federal government to railroads, hospitals, and major technology companies.
Hackers introduced malware into an update of SolarWinds‘ popular Orion IT product. Thousands of customers installed the Malware Update, after which the cybercriminals gained access to their systems. Of course, the Russian government denied any connection to the attack.
In May, Colonial Pipeline, a major pipeline operator, and JBS USA Holdings, a meat processor, suffered similar attacks. The companies paid millions of dollars and shut down their operations long enough to raise gasoline and meat prices. Once again, Russia was blamed for the attack.
The tech giants have not been left unnoticed by cybercriminals either. Apple and Facebook had to deal with cyber threats that compromised the security and privacy of their users.
Top cybersecurity news in 2021
The past year has made it painfully obvious that the days of primitive ransomware that make script-kiddies (note – inexperienced hackers who use other people’s code for cyberattacks without understanding their mechanism of action) are over.
Ransomware, which encrypts a computer until victims pay for tools to unlock the data, has become big business for hackers. Cybercriminals have targeted large companies that can pay decent sums to avoid a shutdown or a prolonged business interruption.
That’s what happened in the notorious Colonial Pipeline and JBS USA cases. Both companies paid millions of dollars in bitcoin as ransom after discovering that their systems were attacked.
These two attacks were far not the only ransomware incident in 2021.
According to an October report from the U.S. Treasury Department, in the first six months of this year, the total ransomware reported by banks and other financial institutions was $590 million, a number that exceeded the entire 2020 estimate of $416 million.
That seems to prompt the White House to hold an international cyber ransomware event that included representatives from more than 30 countries. Group members pledged to share information and work together to hunt down and prosecute cyber criminals behind ransomware attacks.
Interestingly, Russia, which the U.S. and other countries accuse of harboring and possibly encouraging the cyber groups behind the attacks, was not invited.
The U.S. government has also said it will sanction cryptocurrency exchanges, insurance companies, and financial institutions that facilitate ransomware payments.
Battles over data privacy
Apple also found itself in a precarious position in 2021. Apple was forced to confront an outside hacker threat that jeopardized the security and privacy of its users. In doing so, they struggled to find a balance in their data privacy practices.
In September, Apple released an emergency update to its iPhone, iPad, and Apple Watches operating systems to close holes that made the devices vulnerable to Pegasus spyware, developed by the Israeli NSO Group.
Though the spyware was mainly a threat only to high-ranking users who could be targeted by nation-state hackers, the vulnerability became a black mark for Apple.
Apple also sparked a flurry of condemnation by offering a feature to scan its devices for images of child sexual exploitation. Privacy and security experts and other critics accused Apple of taking this approach to combating forbidden material as a backdoor for governments seeking to restrict free speech. Under public pressure, Apple, which had previously earned credit for refusing to hack a terrorist’s iPhone, has postponed implementation for the feature.
Data breaches continue
More data breaches were reported in the first nine months of 2021 than in twelve months of 2020, according to the Identity Theft Resource Center.
Department store chain Neiman Marcus, stock exchange platform Robinhood, web hosting company GoDaddy, and wireless carrier T-Mobile were among the companies that reported data breaches that resulted in stolen customer data. California Pizza Kitchen and McDonald’s reported data breaches that compromised their operations and employee data. Cybercriminals stole data from video game company Electronic Arts, including the source code for the soccer game FIFA 21.
More recently, Planned Parenthood Los Angeles confirmed that data breaches in October exposed patient records, including names, dates of birth, addresses, insurance identification numbers, and clinical data such as diagnosis, treatment, and prescription information.
As we can see, this year has brought us disappointing news – the number of cyberattacks is skyrocketing, and hackers are more often targeting large organizations that can satisfy the financial appetites of cybercriminals.