2021 Was Another Big Year for Hackers and Cyberthreats

Posted on by Robert Ackerman

Despite ever-growing organizational cybersecurity budgets, it’s worthwhile now and then to remind the cybersecurity community that hackers and threats never stop climbing and, therefore, must be addressed aggressively.

The latest numbers yet again reinforce the story line.

In aggregate, all types of global cyberattacks soared 125 percent in the second half of last year, according to Deep Instinct, an Israeli-based deep learning cybersecurity company and the author of its biannual Threat Landscape Report. Ransomware attacks, widely considered the most vicious type of major assault because it makes computer systems unusable until a ransom is paid, soared 105 percent in 2021 as a whole, according to the SonicWall 2022 Cyber Threat Report.

The biggest increase in ransomware victims were governments, which saw a whopping 1,885 percent increase, and the healthcare industry, which suffered a 755 percent increase. (Ransomware attacks overall grew 104 percent in North America, almost identical to the SonicWall worldwide average.)

On a non-sector industry basis, among the hardest-hit victims were supply chains, sparking widespread system downtime, economic loss, and reputational damage. Also increasingly hit hard with ransomware last year were critical infrastructure entities. The FBI says 649 of them were attacked last year, prompting the creation of a new federal law requiring such attacks to be reported within 24 hours.

Although corporations, the government, and other organizations attract the lion’s share of attention, ordinary citizens are also bombarded with a host of cybercrimes. According to the FBI’s annual Internet Crime Report, Americans lost more than $6.9 billion in internet crimes in 2021, up more than $2 billion from 2020. The top three cybercrimes reported last year were phishing scams, non-payment/non-delivery, and personal data breaches.

Cybercrime has often been described as the greatest threat to every company in the world. While cybersecurity technology continues to improve on multiple fronts, so, too, does hacker prowess. The latest example is the adoption of artificial intelligence and machine learning techniques, which are highly promising but simultaneously hamstrung in part because sophisticated hackers are also embracing these technologies.

Also problematic has been the explosion of workers worldwide who work from home instead of—or in addition to—the company office.

The trend has cooled a bit but is largely expected to stay in place as hybrid workplaces grow in popularity. Home offices aren’t nearly as cyber secure as corporate offices. Unfortunately, the global pandemic has given cybercriminals multiple opportunities to exploit human vulnerabilities, ranging from disguised phishing emails to vulnerable back doors in hastily developed COVID-19 vaccination applications.

The volume of cyberattacks last year set a fresh record, raising the question of whether they will do so again in 2022. Unfortunately, the answer is likely yes for a number of reasons, including an FBI warning of potential cyberattacks by Russia on the U.S. energy sector and the increasing number of companies turning to cyberattacks, as well as the fact that many companies don’t know what to look for regarding nation-state-backed hacking attacks.

Here are details on each of these three threats:

+ In March, the FBI warned the U.S. energy sector about “network scanning activity” stemming from multiple Russia-based IP addresses. These were believed to be associated with cyber actors previously involved in attacking foreign critical infrastructure. As part of this warning, the FBI said it identified 140 overlapping IP addresses linked to “abnormal scanning” activity of at least five U.S. energy companies.

“Most cyberattacks don’t just happen in an instant,” FBI Director Christopher Wray told CBS News. “There is a whole range of preparatory work, which is what we’ve been seeing.”

+ Russia, China, and perhaps North Korea are not the only nation-state hacking threats. Helped by growing cloud services, other countries have also begun pursuing cyberattacks and data theft. This is happening, in part, because COVID-19-related lockdowns and stringent travel checks make it harder for traditional espionage techniques to be effective.

According to a 2022 global cyberthreat report by CrowdStrike, new such players include Turkey and Colombia. The CrowdStrike report says that Cosmic Wolf, a Turkish-based hacking group, targeted the data of an unspecified victim stored in an Amazon Web Services cloud environment last year.

+ While many cyber pros believe their employers are a target for nation-state hackers, only a small number think their organization can identify a nation-state attack. So reports an analysis by Trellix, a Silicon Valley-based cybersecurity company. A survey of companies showed that only a quarter of them could differentiate a nation-state attack from an attack carried out by a routine cybercriminal.

Detecting a nation-state attack requires a deeper understanding of an adversary’s methods. This lack of awareness can lead to issues down the line because nation-state-backed hacks could generate back doors and other remnants of the attack being missed—and eventually exploited.

At least for now, cyber-smart companies can mitigate some cyberattacks and breaches by adopting some relatively basic steps, such as educating employees to focus on cybersecurity awareness and regularly running security audits. But they can and should do more, such as incorporating end-to-end encryption on all important files. In cybersecurity, more is better than less.

Robert Ackerman

Founder/Managing Director, AllegisCyber, AllegisCyber Capital

Hackers & Threats

ransomware cyberattacks cyber espionage phishing social engineering security awareness

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs