Throughout 2021, Cyberattacks/ Ransomware dominated the headlines. They cause massive disruptions to government institutions, large enterprises, and even supply chains for critical products like fuel and meat.
The year began on a poor note in terms of security. In January, the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency all suspected that Russia was behind an attack on SolarWinds, a Texas-based firm whose software was used by everyone from the federal government to railways, hospitals, and large tech firms.
The attackers placed malicious code inside an upgrade of SolarWinds’ popular Orion IT software packages, which businesses integrate into their systems. Thousands of clients installed the infected update, allowing fraudsters to get access to their systems. The Russian administration has categorically denied any participation in the attack.
In May, ransomware assaults targeted Colonial Pipeline, a significant pipeline operator, as well as JBS USA Holdings, a large meat processor. The firms paid millions of dollars and shut down their operations for long enough to raise fuel and meat costs. Russia was once again implicated in the strike.
Companies in the technology sector were not immune either. Apple and Facebook had to cope with cyber threats that jeopardized their consumers’ security and privacy. Meanwhile, the same firms wrangled about how much customer data should be gathered, which may be exposed in a cyberattack.
Ransomware: When the big people fail, everyone suffers.
The year made it brutally clear that the days of script kiddies using rubbish ransomware are long gone.
Ransomware is a huge business. It encrypts a computer until victims pay for tools to release their data. Cybercriminals have targeted significant corporations that are willing to pay large sums of money to avoid being shut down.
That’s exactly what happened in the high-profile situations of Colonial Pipeline and JBS USA. After their systems were locked, both corporations paid millions of dollars in ransom payments through bitcoin, a popular cryptocurrency.
The two high-profile ransomware assaults were far from the only ones in 2021.
According to an October report from the Department of the Treasury, suspected ransomware payments recorded by banks and other financial institutions reached $590 million in the first six months of this year. The total far topped the $416 million in questionable payments recorded for the entire year of 2020.
The US government has promised to speed up its efforts to combat cybercrime. The White House hosted an international counter-ransomware gathering in October, with representatives from more than 30 nations in attendance. Members of the group agreed to exchange information and collaborate to track down and prosecute the hackers responsible for ransomware attacks.
Russia, which the US and other countries accuse of harboring and perhaps helping terrorists, is conspicuously missing.
The Treasury Department said a month ago that it will pursue cryptocurrency exchanges, insurance companies, and financial institutions that assist ransomware payments to make it at least a little bit more difficult to ransom US firms.
Disagreements regarding data privacy
Apple, too, will confront a privacy fork in the road in 2021. While striving to strike a balance in its data privacy policies, Apple was forced to contend with an external cyber threat that compromised the security and privacy of its customers, some of whom were celebrities.
Apple provided an emergency patch for the operating systems that power its iPhones, iPads, and Apple Watches in September to plug flaws that left the devices vulnerable to the Pegasus spyware created by Israel’s NSO Group.
The spyware was primarily a threat to high-profile customers who may be targeted by nation-state hackers. The vulnerability was a blot on Apple’s image for being generally safe from viruses and internet attackers.
Apple has sparked debate by proposing a function that would scan its devices for photographs of child abuse. According to privacy and security experts, as well as other opponents, the technique for dealing with unlawful content amounted to the establishment of a backdoor through which governments may restrict free expression. Apple has delayed the usage of the feature, which was previously praised for refusing to destroy a terrorist’s iPhone.
Data breaches continue to occur.
According to the Identity Theft Resource Center, the number of publicly disclosed data breaches within first nine months of 2021 exceeds the total for the entire year of 2020.
Among the firms that have revealed data breaches that resulted in the theft of customer information include department store chain Neiman Marcus, stock trading platform Robinhood, web server GoDaddy, and cellular provider T-Mobile. Both California Pizza Kitchen and McDonald’s admitted to data breaches that disclosed information about their operations and personnel. Electronic Arts data, including the source code for the soccer game FIFA 21, was stolen.
Planned Parenthood Los Angeles has revealed that a data breach in October compromised patient details. It includes names, dates of birth, residences, insurance identification numbers, and clinical data such as diagnosis, treatment, and medication information.