Throughout 2021, ransomware attacks, security breaches, and malware intrusions wreaked havoc on government agencies, private companies, paychecks, and vital infrastructure. Cybersecurity used to be considered an issue for the tech industry. However, CEOs, world leaders, average Americans, and low-level employees now are susceptible.
In Case You Missed It
Cyberattacks in 2021 made headline news repeatedly. The year didn’t kick off on the most positive note following the 2020 SolarWinds debacle. A collective effort by the National Security Agency, the FBI, and the Cybersecurity and Infrastructure Security Agency determined that Russia was behind the incursion on the Texas-based company whose software is used by hospitals, government agencies, and major tech companies.
Arguably the top story was Colonial Pipeline, an invasion that forced 17 states into a state of emergency when its operations were forced to shut down. Darkside, a Russia-based criminal group, was responsible. Fuel shortages across the East Coast caused long lines at gas stations reminiscent of the 1970s. As Liberty Nation previously reported, “Having to shut down the country’s largest gasoline pipeline shows just how vulnerable the U.S. cyberinfrastructure is.”
In the third quarter of 2021, 68 attacks were launched on healthcare facilities. In one incident, Iranian government-sponsored hackers infiltrated a children’s hospital network. A ransomware group from Cuba penetrated 49 critical infrastructure organizations in 2021 and extorted $43.9 million.
Phishing attacks were one of the most common scams on the web, targeting low-level employees and ordinary citizens. Methods employed included emails, social media channels, and fake websites. User credentials were the goal for 85% of phishing. With those, hackers can gain access to personally identifiable information and private customer data.
Ending the Year on a Bad Note
Just a year after SolarWinds crisis, December 2021 has brought another catastrophe. A vulnerability in the Log4j Java logging library used in Apache Web servers is causing massive panic in the tech world; some experts are calling this security breach the worst of our time.
The Log4j vulnerability is a software flaw that could be exploited by hackers for access to thousands of companies in the United States. Cybersecurity experts have been racing the clock to patch it up. The first publicized issue came to light when Minecraft, the best-selling video game of all time, shared that the game provided hackers a loophole to take over a player’s computer.
The crisis level is considered high, because Log4j is in 93% of cloud environments, in addition to Amazon, Microsoft, IBM, Google, Cisco, Twitter, and federal agency applications. Essentially, the flaw is an open back door for cyber extortionists and criminals to access millions of computers and data across the world. Cybersecurity experts have identified state-backed groups from Iran, China, and Turkey as actively trying to take advantage.
The Log4j issue is the cause of a ransomware attack on one of the largest human resources companies, Ultimate Kronos Group. Timekeeping and payroll software has a huge impact on American lives, made plain when this attack took Kronos services offline. The company is expecting the resolution to take weeks, and in response, clients have implemented alternative ways to pay their employees the right amounts and on time.
What’s in Store for 2022?
Cyber experts are predicting an increase in ransomware attacks orchestrated by hackers on behalf of bad-acting governments and criminal organizations. After the recent rash of large-scale onslaughts, and hackers continuously outsmarting security measures, next year may prove to be just as disastrous.
Through artificial intelligence and machine learning, images and videos can be altered to appear as something they are not. Called deepfakes, they defy efforts to determine if they are fraudulent or real. Deepfakes can bypass multi-factor authentication protocols and ID verification, facilitating email fraud.
North Korea, Iran, Russia, and China are all expected to ramp up cyber operations against adversaries in 2022. These nations are advancing their interests and targeting their enemies in more discreet but crippling ways. The United States has accused both China and Russia of harboring and protecting cybercriminals who have attacked NATO, European Union, and other countries.
This is not only a governmental and corporate challenge; it is a problem on an individual level that everyday Americans need to take seriously. Just by clicking a link in a seemingly innocuous email, you can put your personal and financial information at risk. The Colonial Pipeline and Log4j issues are perfect examples of how millions of Americans can be affected by just one cyber incident. The ongoing battle between cybersecurity professionals and cybercriminals is sure to heat up in 2022.
~ Read more from Keelin Ferris.