Weekly News Roundup December 20-23, 2021


Posted on by Kacy Zurkus

Hello, readers! Thanks for taking the time to read what will be the final news roundup of 2021! Perhaps the biggest news for the RSA Conference team this week was the announcement that we have elected to move our event from February 7–10 to June 6–9, 2022. The physical event will remain in San Francisco at the Moscone Center. The vicissitudes of this year have certainly kept us all at the ready, and I, for one, am hoping that the RSAC 2022 theme, Transform, will take on new meaning in the new year.

This is the time of year when many would prefer to be sipping hot cocoa and stringing up lights. Instead, it was lights out for a building automation engineering firm in Germany, “after a rare cyberattack locked the company out of the BAS it had constructed for an office building client.” And while many security teams are continuing to navigate the continued fallout from the Log4j vulnerability, Threatpost reported that the Conti ransomware gang, the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain.”

As I reflected on 2021 and read through predictions for the year ahead, I found the commentary published in War on the Rocks, “Accidents and Escalation in a Cyber Age,” a thought-provoking read. It’s a reminder that we must be both diplomatic and intentional in risk mitigation, particularly when it comes to matters of National Security.

One affirming read this week was “Europol’s Highlights of 2021: A Year in Review.” Sometimes we all need an uplifting reminder of the good that has happened, and law enforcement agencies around the globe certainly have much to celebrate. So, I am sending good cheer and hope that all of you get to celebrate the end of 2021. I wish you all a very happy new year!

Now, let’s look at what else made cybersecurity headlines this week.

Dec. 23: A study by IBM suggested that robots and automation will likely play an important role in the workforce of the future.

Dec. 23: Infosecurity Magazine reported, “The US government’s top security agency has published a new scanning tool to help organizations find unpatched Log4j instances in their IT environment.”

Dec. 22: According to Reuters, regulators in China have halted a cybersecurity deal with Alibaba Cloud.

Dec. 22: “Soldiers from the 915th Cyber Warfare Battalion tested their skills in a fictitious scenario during a recent exercise, part of validating themselves as a ready unit,” according to news from C4ISRNet.

Dec. 21: The transportation sector has reportedly been the target of an ongoing campaign by Tropic Trooper, a cyberespionage group also known as Pirate Panda.

Dec. 20: The New York Times reported, ‘Now the United States and Britain have quietly dispatched cyberwarfare experts to Ukraine in hopes of better preparing the country to confront what they think may be the next move by President Vladimir V. Putin of Russia.”

Dec. 20: Avast reportedly discovered a months-long cyberattack on the United States Commission on International Religious Freedom (USCIRF).

Dec. 20: A cyberattack on Ultimate Kronos Group, resulting from the Log4j vulnerability, has left the City of Denver a victim of a cyberattack and the city of Santa Fe using “manual timekeeping methods for employees.”


Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights

risk management cyber warfare & cyber weapons hackers & threats software integrity cyberattacks patch vulnerability & configuration management artificial intelligence & machine learning critical infrastructure

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community