The year 2021 saw new threats emerge in the cybersphere as malicious code was weaponized with devastating effects that reverberated throughout the American economy. It is becoming clear that cyberattacks are quickly becoming a great equalizer for militarily inferior countries seeking to attack America.
This year the federal government also created several new initiatives that have so far shown inconclusive results, but the American cybersecurity posture was largely defensive, and as a result, millions of dollars in ransoms were paid to cybercriminals in 2021.
So, with that said, here are some of the more notable cybersecurity events of 2021.
January: Krebs vs. Trump – The bitterly disputed 2020 presidential election saw a feud develop between outgoing President Donald Trump and former CISA Director Christopher Krebs over the legitimacy and security of the election. After Krebs would take the position that the election was the most secure in history, specifically supporting a November 17th statement from the Elections Infrastructure Government Coordinating Council and the Election Infrastructure Sector Coordinating Executive Committees that claimed the “The November 3rd election was the most secure in American history,” Krebs would be fired by President Trump. January of 2021 would see Krebs hired as a consultant by SolarWinds, which was the victim of what many experts have called the most wide-ranging hack in history.
February: In February of 2021, Alejandro Mayorkas, Director of DHS, rolled out several initiatives related to the improvement of American cybersecurity. Among the initiatives was a plan to increase security spending through Federal Emergency Management Agency (FEMA) grants and “The Reduce the Risk of Ransomware Campaign,” a program that falls under the jurisdiction of CISA.
Recommended
March: Another historic attack credited to China rocks the cybersphere, the Microsoft Exchange Server software hack. The attack exploited several flaws in the software and provided hackers with access to the organizational email accounts of more than 30,000 entities in the United States. The group responsible for the attack was Chinese Advanced Persistent Threat Group Hafnium. Although the aftermath of the attack saw threats of economic sanctions against China from the US and European allies, no sanctions have come down as of yet.
April: The attack against Colonial Pipeline by Russia’s DarkSide Ransomware Gang, which was reported in May, begins in late April of 2021. The attack shut down the 5,500-mile pipeline responsible for distributing 45 percent of the east coast’s fuel supply. DarkSide would then pierce Brenntag, a chemical distribution company. This latter attack netted the group 150 GB of data and a ransom payout of $4.4 million.
May: More supply chain disruptions would occur a month later, as May saw a major attack against meat manufacturer JBS Foods. This Russian-based outfit known as the REvil Ransomware Gang was responsible, and the group scored one of the largest ransom payments in history, with the criminals netting 11 million dollars from JBS Foods.
June: June would see a congressional hearing featuring the CEO of Colonial Pipeline, Joseph Blount, who was summoned to answer questions in regard to the company’s handling of the DarkSide attack. Many in Congress questioned whether Colonial had violated the 2020 Office of Foreign Assets Control (OFAC) advisory that outlined penalties for US companies that pay out ransoms to individuals or groups under US sanctions.
July: REvil strikes again. This time the outfit that had targeted JBS Foods attacked IT infrastructure provider Kaseya. This attack carried devastating potential across the American economy based on Kaseya’s wide-ranging customer base. A fake software update issued by REvil pierced Kaseya’s clients as well as their client’s customer base. According to REvil, as many as 1 million systems would be encrypted in the attack, and the group demanded $70 million in bitcoin to decrypt victims’ systems.
August: Newly minted Director of CISA, Jen Easterly, announces the creation of the Joint Cyber Defense Collaborative at the Black Hat cybersecurity conference in August of 2021. This groundbreaking new initiative leans on the security expertise of some of the largest “Big-Tech” companies in the world in assisting the federal government’s efforts to defend against future cyber-attacks on valuable infrastructure targets.
September: Major attacks around the globe hit the South African Department of Justice and New Zealand’s postal service. Labor Day weekend in the United States sees Howard University fall victim to a ransomware attack that would interrupt online classes for almost a week.
October: Sinclair Broadcast Group, owner and operator of 185 local TV stations in the US, was attacked by Russian-based hackers. The breach shutdown email, phone systems, and data networks. Microsoft reports via an October 24 blog post that Russian hackers Nobelium, who were responsible for the SolarWinds attack, spent months attacking companies that resell Microsoft cloud services. Candy maker Ferrara was victimized by a ransomware attack prior to the busy Halloween candy season.
November: November saw a report from security firm Palo Alto that indicated that hackers had breached nine entities in the technology, defense, energy, health care, and education sectors.
December: The United Arab Emirates and Israel establish agreements on defense and cyber intelligence. CISA warns that the Log4j vulnerability, which is linked to a common utility running in the background of many software applications, could impact hundreds of millions of devices.
While 2021 saw numerous attacks that had devastating results, 2022 will likely bring even more new ransomware attacks and espionage attempts from state-sponsored Advanced Persistent Threats (APTs). It really is only a matter of time before America suffers another major attack.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by numerous websites and he is regularly seen on National and International news programming.
Join the conversation as a VIP Member