The Scratchpad Cybersecurity Year In Review for 2021

If people thought 2020 was a batshit crazy year, 2021 basically told everyone to hold their beer, especially when it came down to cybersecurity and information security. Axios makes no bones in stating 2021 was the year cybersecurity became everyone’s problem. Even The Wall Street Journal is taking notice.

With that, here’s a look back at the year that was as well as where we’re going.

What more can be said about the log4j situation that hasn’t already been said?

It’s been called the worst cyberthreat in a decade by practically everyone there is. Even with Blue Teams working around the clock to fix this, the exploit is still there in environments and the full effect may yet to be realized.

Oh, APTs are already hard at work to make sure the fun hangs around for a while…​ 😬

On 7 May 2021, Colonial Pipeline Company fell victim to a ransomware attack from threat actor DarkSide. DarkSide was able to infiltrate Colonial’s network environment through a compromised VPN account that was never deactivated and deploy their ransomware once connected to the network.

The attack caused the US Government to issue a regional emergency for 17 states and the Washington D.C. region. It ended up becoming the largest cyberattack on US oil infrastructure in history.

Colonial ended up paying a 75 Bitcoin (approx. $4.4 million USD) ransom.

DOJ announced in June that it had recovered 63.7 of the bitcoins (approx. $2.3 million US dollars) ransom payment and the US State Department has issued a $10 million dollar reward for information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group.

DarkSide’s success has inspired others to explore new ways to raise revenue I’m told…​

2021 has been a rough year for Peloton and not just having to issue a recall of their Tread+ product^[1]. In January, secrurity researcher Jan Masters documented how he could make unauthenticated requests to Peloton’s API for user data to include:

Then in June, McAfee Labs demonstrated how attackers can also add carefully crafted malware apps disguised as Netflix and Spotify to encourage users to input login credentials that would enable remote exploitation.

Oof 😬

NSO Group, creators fo the infamous spyware application Pegasus and FORCEDENTRY, has demonstrated that they, in the words of Google:

6 October 2021 will not be looked back fondly by those at Twitch as it’s entire platform - 128 GB worth of Git repo sources including code for it’s clients, APIs, plans for a Steam competitor, and details of the payouts made to almost 2.4 million streamers since August 2019. - was dumped on the Internet.

So where do we go from here?

Well, based on what I’ve read, here is sort how I see things going at the start of the year.

My "Recommended Cybersecurity Reading" list to prepare you for 2022:

Cybersecurity and Information Security will continue to face an ever rapidly changing space in 2022 with no slow down in sight. Threat actors will keep refining their tactics, techniques, and procedures (TTPs) to exploit weaknesses in target systems and networks while Security Operations Centers (SOCs) and Blue Teams fight a constant struggle to just to keep pace.

Yep, I totally don’t need my liver…​ 😬 🤦

In all seriousness, may your 2022 be a great year for you and your loved ones. Remember to take care of yourself as the year goes on, especially on the mental health side. Talkspace and Better Help are excellent choices if you feel like you need to reach out to someone to listen to you. Remember, there’s no shame in needing help at all.

And with that, Happy 2022 to everyone!