Cybersecurity Year in Review: Big Breaches, Ransomware & Zero Trust

2021 was a record year for cyber attacks, dominating headlines with high-profile breaches like Colonial Pipeline and Kaseya 

In recent years there has been a significant increase in the number of cyber attacks, and 2021 was no different. According to the Identity Theft Resource Center (ITRC), as of September 30 there had already been 1,291 reported breaches , an increase of 17% from 2020.

When looking at these attacks on an industry level, manufacturing and utilities were the hardest hit, with around 48 security incidents  that impacted more than 48 million people. The healthcare industry was also a major target, with with 78 security incidents  that compromised the data of more than 7 million people. Financial services, government entities, and professional services also topped the list.

By the end of 2021, it is estimated that there will be more than 714 million ransomware attacks.

Of the various types of cyber attacks, ransomware posed the biggest threat to organizations, notably being the method of attack used against Colonial Pipeline earlier this year. By the end of 2021, it is estimated that there will be more than 714 million ransomware attacks. 

Coinciding with the increased number of attacks, spending on cybersecurity is at an all-time high, with estimates that organizations will spend $170.4 billion by 2022.  But will this be enough to combat the growing cyber threat?

Let’s look back at some of the most notable attacks this year and what they mean for the cybersecurity landscape.

Colonial Pipeline attack causes panic buying, supply chain disruptions

The Colonial Pipeline breach was one of the most widely publicized cybersecurity incidents in 2021. On April 29, attackers entered the networks  of the company via a deactivated employee VPN account. While the account had been deactivated, multifactor authentication wasn’t in place  for the account, and the attackers were able to enter and deploy ransomware within the company’s network. Following the discovery of the ransom notice on corporate devices, the company had to shut down the pipeline  for the first time in its 57 years of operation, causing panic and fuel shortages up the East Coast. The CEO of Colonial Pipeline made the decision to pay a $4.4 million ransom  to known cybercrime group DarkSide, later remediating issues and getting the pipeline back into operation.

This breach underscores the importance for organizations to implement multi-factor authentication (MFA) wherever possible and underscores the growing trend of cybercrime groups attacking utilities and infrastructure to demand massive payouts.

Social media networks, content platforms under siege

Several social media sites and content platforms were impacted by cyber attacks this year, most notably Facebook, LinkedIn, and Twitch.

In April, the personal data of over 533 million Facebook users, including phone numbers, full names, and locations, was published in a hacking forum.  The data was pulled from users in over 106 countries, and was scraped by attackers exploiting a vulnerability  that the company remediated in 2019.

Professional networking site LinkedIn had two incidents this year where personal user data was exposed. In June, it was announced that data from 700 million LinkedIn users, including full names, addresses, email addresses, and geolocation records was listed for sale online.  The company denied that the data was the result of a breach, but the threat actor that claimed responsibility  said they used the same vulnerability to collect the data that was used in a prior breach in April, where personal information from LinkedIn users was also being sold.

In October, content streaming platform Twitch, known for its gaming content, was breached and a significant amount of sensitive data was released on an online forum, including the platform’s source code and payout information for some of the site’s content creators.

With the continued prevalence of social media and content services, users are vulnerable to the impacts of an attack, especially those that have provided sensitive data  as part of interacting with these platforms. For both personal and corporate accounts, implementing MFA and using unique passwords is an important way to mitigate risk.

Vulnerabilities in code, databases pose risk

Vulnerabilities in code and programs create an environment that attackers can exploit to detonate ransomware payloads, exfiltrate data, or control systems. The recently discovered bug in log4j code  has created widespread panic, as companies attempt to patch the issue to protect their systems. The Java-based code is widely used in software applications  from companies like Oracle and Salesforce and is found in cloud storage platforms run by Google, Apple, and Microsoft. According to the Washington Post,  attackers could leverage the bug to control servers running the log4j code, posing a significant risk of data exfiltration, ransomware, and related attacks.

News of log4j has been splashed across headlines for the past few weeks, but throughout 2021 cyber attackers have been able to exploit vulnerabilities in databases and systems to exfiltrate sensitive data. In June, it was discovered that a database operated by Cognyte was left unsecured,  leading to a breach that exposed over 5 billion records. Anyone, including threat actors, could access the database,  which included the sensitive data of individuals that were already impacted by other high-profile breaches.

In instances where credentials are stolen for reuse later, it is critical to have continuous authentication solutions and a zero trust architecture (ZTA) in place to prevent attacks and mitigate risk. Should an attacker attempt to access systems using stolen data, continuous authentication solutions can flag that the individual using a device or application is not valid and prevent them from moving laterally within the network.

A shift to zero trust

With the continued growth of attacks on enterprises in 2021 and beyond, zero trust has become a cornerstone of the larger cybersecurity conversation. This mindset shift on security, and the accompanying technology ecosystem to support it, will be critical for organizations across industries. According to Okta, though only 9% of technology companies currently have zero trust infrastructure in place, 79% of companies are planning to implement zero trust in the next year.

Learn more about zero trust and what the elements of a ZTA are.

Plurilock’s innovative cybersecurity solutions address critical elements of a ZTA. By incorporating Plurilock’s continuous authentication solutions into your enterprises’ ZTA, your organization can establish the “just right” level of trust.

Sources

See Plurilock in action