As we might all remember, there were plenty of crises keeping us on our toes last year. For those concerned with business continuity and the safety of their organizations’ data, not only did the COVID-19 pandemic continue to complicate these matters in 2021, but there was also a barrage of massive cyberattacks, along with economic issues around the United States and the world.
Work-from-home arrangements continued for many organizations, and so did the need to maintain a fortified security posture to accommodate those distributed teams. Ransomware, supply chain attacks, major vulnerabilities—and a combination of all three—led to a difficult year for cyber defenders. All in all, 2021 really highlighted the urgency and necessity of sound cybersecurity preparedness.
Last week, Relativity’s Calder7 cybersecurity team released our 2021 Threat Landscape Review. The report reexamines significant cyberattacks that occurred during 2021, highlights lessons learned from the attacks, and provides guidance and recommendations for securing an organization’s IT environment. Additionally, the report highlights trends seen throughout the year and shares Calder7’s insights into the trends. Finally, the report offers our predictions on the ever evolving, and potentially equally tumultuous, cybersecurity threat landscape for 2022 and beyond.
The 2021 Threat Landscape Review, which can be downloaded via the Relativity Community site, focuses on three major cybersecurity threats the world faced last year: ransomware, vulnerabilities, and supply chain attacks. During the year, attacks involving these three topics were prevalent and had significant impacts across the globe.
Read on for a quick summary of how each of these categories played a role in last year’s cybersecurity world, and what to expect in the months ahead.
2021 started and ended with two potentially devastating vulnerabilities: ProxyLogon and Log4j, respectively. The impact of these vulnerabilities was widespread, as the vulnerabilities allowed for remote code execution, and affected commonly used applications and software.
In each case, a significant factor that further enhanced the potential damage of the vulnerabilities was the fact that exploit code was so quickly developed and utilized, seemingly right after the public announcements of the vulnerabilities. This meant that vulnerable organizations had to move quickly to avoid being exploited.
In the report, you’ll learn more about these vulnerabilities, and get some guidance and recommendations regarding how to best mitigate the threat posed by similar vulnerabilities moving forward. Additionally, in case you missed them, check out Calder7’s white paper and a blog post surrounding ProxyLogon, and two previous Threat Landscape Updates regarding Log4J (which can be found in the Security Resources folder of the file library in the Community site). These resources provide useful information to help customers understand the dangers and complexity of these vulnerabilities and provide guidance on mitigation.
Supply Chain Attacks
A supply chain attack occurs when a cyber threat actor infiltrates a vendor’s network and employs malicious code to compromise the product before the vendor sends it to their customers. The compromised product then compromises the customer’s data or system.
Our report highlights significant supply chain attacks that occurred during 2021, including a ransomware attack targeting IT management software company Kesaya, and various supply chain attacks targeting open-source code libraries and repositories such as NPM and PyPI.
The point of a supply chain attack is to insert malicious code via a trusted channel—a channel which potentially gets less scrutiny from security appliances and software—in hopes it goes undetected. However, EDR or anti-malware software can potentially detect the malicious code or related actor activity. Additionally, implementing custom detection rules, based on the Mitre ATT&CK framework, could also detect advanced attack techniques, such as living off the land.
As expected, ransomware was a leading attack vector for cybercriminals during 2021. Ransomware attack techniques continued to evolve in an effort to bypass security measures, and the ongoing cat and mouse game between cybercriminals and defenders endured.
Trends examined in our 2021 report include ransomware targeting critical infrastructure and operational technology (OT), Ransomware as a Service (RaaS), data exfiltration as a part of double extortion, law enforcement actions, insider recruitment, and destructive ransomware.
Common topics of conversation around ransomware attacks include whether bad actors should be paid, how to close vulnerability gaps, and the increasing sophistication of professional ransomware attackers. You can learn more in the report, as well as our previous coverage of ransomware trends here on The Relativity Blog.
In the last section of the Threat Landscape Review for 2021, Calder7 shared our future outlook. In addition to vulnerabilities and ransomware, we explored topics and trends such as security for cloud environments, the Internet of Things, and zero trust, and predicted how these topics might affect the threat landscape of 2022 and beyond.
Finally, we provided readers with insights into our own cybersecurity strategy, which involves the implementation of artificial intelligence (AI) and cyber threat intelligence (CTI).
Whether you’re a security professional seeking to firm up your organization’s defenses with thoughtful, up-to-date practices and precautions in 2022, or a team member just trying to do your part to protect your company’s and clients’ data, the report should be a good, informative read to help get you started.
Remember to stay vigilant and lean on your people to shore up your defenses this year.
Editor's Note: Darian Lewis, Michelle Hayes, and Kyle Kurdziolek, all from Calder7, also contributed to this article.