2021 marks the end of another eventful year, filled with more pandemic-related pandemonium, bigger cyberattacks, massive digital transformation, and other incidents. However, this is the time for joy and that’s why we have brought to you some of the best things that happened this year in the cybersecurity space.

Ransomware Breakthrough

Ransomware is a massive, expensive threat plaguing the cybersecurity landscape. We have observed hospitals, schools, critical infrastructure, and governments fall victim to ransomware attacks. In that scenario, law enforcement agencies doubled down on the threat, which led to the disruption of several massive ransomware actors.
  • The FBI, French National Gendarmerie, and Ukrainian National Police, in coordination with INTERPOL and Europol, nabbed two ransomware operators responsible for exorbitant ransom demands between $5 million and $80 million. 
  • French authorities arrested a suspect for reportedly laundering more than $21 million in ransom payments. 
  • Ukrainian police caught a group of hackers who allegedly extorted money from foreign businesses, especially in South Korea and the U.S. The authorities claimed that the hackers were affiliated with the Cl0p ransomware group
  • We are aware of the debilitating attack on Colonial Pipeline by DarkSide. However, the FBI was able to seize approximately $2.3 million in ransom paid to the threat actor. Moreover, the threat actor has been offline since this attack. 
  • The Romanian and South Korean police arrested five hackers, allegedly belonging to the REvil group. In addition to that, U.S. officials apprehended two Ukrainian and Russian nationals for their involvement in REvil attacks.

Governments and Federal Agencies Take Steps

As bad actors are increasing the intensity of their attacks against various sectors, cyberattacks have become a matter of public safety and national security. The aim of the following actions taken by federal authorities and the U.S. government is to deal with cybercriminals who attempt to compromise networks, put critical infrastructure and lives of people at risk, and steal intellectual and financial property. 
  • The year started with the White House revealing a National Maritime Cybersecurity Plan that contains guidelines for threat information sharing, building a cybersecurity workforce, and setting up a risk framework for OT in ports. 
  • The U.S. Senate passed the National Defense Authorization Act (NDAA), which is a $768 billion annual defense spending bill loaded with provisions for cybersecurity. 
  • The CISA released the Binding Operational Directive (BOD) that necessitates federal agencies to patch known vulnerabilities. 
  • In addition to that, the CISA released playbooks comprising standardized response approaches to deal with cyber incidents and vulnerabilities.
  • Following the attack on Colonial Pipeline, President Biden had approved an executive order, imposing stringent standards on the cybersecurity of all software sold to the federal government. The executive order focuses on information sharing and collective defense to deal with potential attack vectors and adversaries. 
  • The Biden administration brought together 30 nations and implored the private sector—managing most of the critical infrastructure—to upgrade its cybersecurity defenses to tackle ransomware threats
  • Along the same lines, the U.S. Department of Treasury announced a series of actions to be taken to dismantle criminal networks and crypto exchanges offering ransom laundering services, drive resilient cybersecurity across the private sector, and encourage ransomware payments and incident reporting to law enforcement and government agencies.

AI/ML Technologies Come Forth

AI/ML has gained the status of crucial technology in cybersecurity due to its ability to rapidly analyze hundreds of thousands of events and detect potential threats. Not only can it identify phishing attacks, but it can also provide an extra layer of security - as some researchers showcased below.
  • Researchers from the University of Plymouth and the University of Portsmouth published a paper stating that machine learning models combined with neural networks and binary visualization can help improve the accuracy and speed of detecting phishing websites
  • Penn State researchers designed a way to make encrypted keys harder to crack through AI and ML models. The device is called a Physically Unclonable Function (PUF) and uses graphene for a low-power, scalable, and reconfigurable device model with crucial resistance to AI-based attacks. 
  • U.S. Army researchers developed a deepfake detection approach that will enable the creation of top-notch soldier technology. The method has been named DefakeHop and is based on ML, computer vision, and signal analysis. 

Open-Source Software Security 

Over the past few years, the adoption of open-source software has witnessed a significant rise. However, the presence of software in the public domain also entails that threat actors will try and take advantage of it. Below are some technological advancements made in the domain of open-source software to keep users safe from risks of potential exploitation.
  • Google and the Open Source Security Foundation developed a new open-source software program dubbed Scorecards. Scorecards is an automated security tool that can display a risk score for open-source software.
  • In February, the tech giant launched Open Source Vulnerabilities (OSV), which serves as a vulnerability database and triage infrastructure for open-source software. 
  • Building on the same OSV platform, in combination with the OSS-Fuzz vulnerability dataset, Google rolled out a vulnerability interchange schema that would define vulnerabilities in open-source ecosystems. 
  • Facebook unveiled an open-source tool, dubbed Mariana Trench, to detect bugs in Android and Java apps.   
  • Cyware developed Cyware Threat Response Docker to enhance the security orchestration process for analysts. It is a lightweight Docker image containing state-of-the-art tools that assist analysts in effectively analyzing data by concatenating several tools in one place and can be installed within 100 seconds.    
  • The MITRE Cyber Analytics Repository (CAR) is another open-source project that supports both blue and purple teams. It is a knowledge repository for analytics based on the MITRE ATT&CK model. MITRE CAR provides detection mechanisms for multiple techniques, tactics, and procedures used by bad actors.

Malware Infrastructure Dismantled

While the year was incessantly plagued by different kinds of malware, law enforcement agencies and tech giants across the world were able to bring a lot of notorious actors to justice. 
  • Recently, Google dismantled the Glupteba botnet that was active since at least 2011. 
  • Microsoft seized 42 malicious domains used by the Chinese threat actor Nickel
  • Facebook disrupted SideCopy, a Pakistani hacking group, which used the social media platform to target Afghan government officials and other Afghan users. 
  • Although Emotet was recently revived, one of the best news of the year was when Emotet’s infrastructure was taken down by Europol and Eurojust. It took the malware 10 months to make a comeback. 

Dark Web Marketplaces Taken Down

Dark web marketplaces are the breeding grounds for all kinds of illegal activities and products. The anonymity provided by dark websites may make cybercriminals feel invincible. Nevertheless, the year observed international law enforcement operations against some of these marketplaces, which were promptly shut down.
  • The U.S., in collaboration with the Netherlands, Germany, and Romania, took down the infrastructure of the online marketplace Slilpp. The marketplace used to sell stolen online account login credentials. 
  • In the same vein, French authorities took apart another dark web marketplace, named Le Monde Parallèle
  • In another international operation, the U.S., Germany, Denmark, Australia, Ukraine, Moldova, and the U.K tore down DarkMarket, the world’s largest illegal dark web marketplace. Following this action, a ten-month investigation was conducted, which led to the arrest of 150 drug buyers and vendors. 
  • The operators of another dark web marketplace, White House Market, closed shops after two years of operation. While the site mainly advertised illegal products, it was mainly infamous for its narcotics section, where most vendors belonged from Europe.

Other Notable Mentions

When we talk about security, it encompasses securing every facade of physical security, including but not limited to data, servers, and communications. Proper encryption ensures that the entire system is protected from cyber threats. While cyber adversaries are always on the lookout for sensitive data, stronger encryption methods have become necessary.
  • CSIRO’s Data61, the digital specialist arm of Australia’s national science agency, the NSW Government, and the Australian Computer Society (ACS), among other groups developed a privacy tool—Personal Information Factor (PIF)—that assesses the risks to an individual’s data within any dataset, allowing targeted and effective protection mechanisms to be put in place.
  • Purdue researchers designed a self-aware algorithm that can protect electric grids, nuclear power facilities, and manufacturing plants against hacking attempts. This model sends one-time signals to each component and converts them into active monitoring systems.
  • A team of researchers at U.K's Liverpool Hope University designed an external scanning device that acts as a gateway or barrier between a USB drive and a computer to scan for malicious software, reducing the risks of malicious drives infecting a system.
  • A new kind of optical fiber filled with thin air was discovered to be effective for performing Quantum Key Distribution (QKD) - a security protocol that, in theory, cannot be hacked and, hence, can play a major role in protecting sensitive data against advanced cyberattacks. 
  • Computer scientists from Columbia Engineering created a system, namely Easy Secure Photos, which encrypts photos in the cloud so that attackers cannot decipher them.

In Conclusion

Cyber incidents have become a regular occurrence, especially since the COVID-19 pandemic created a hullabaloo across the entire world. However, there are also good things to look forward to. We hope that the next year brings more advancements in cybersecurity defenses and threat actors are reprimanded for their actions. Let us equip ourselves with the necessary protections and organizations continue to improve their cybersecurity posture to stay safe from such threats.
Cyware Publisher

Publisher

Cyware