There was much to discuss in 2021, from Apple iOS vulnerabilities to security risks at work-from-home. This monthly summary of cybersecurity, ransomware and data breaches, as well as cybercriminal news, was compiled by CompTIA. Cyberattacks in 2021 had a profound impact on the entire technology industry. They reached every nook and corner of modern life with their digital tentacles.
According to the Identity Theft Resource Center (ITRC), the number of data breaches this past year exceeded the total 2020 breaches in the first three quarters 2021. What happened? What happened? And how can we fix it. Here’s a summary of the most significant cybersecurity news stories for the year. A month-by-month breakdown of the most recent hacks, attacks and other activity in the last 12 months.
January: Federal Data Breach Sets the Tone For 2021
The U.S. Federal Government data breach was reported to the public in January 2021. Although the severity of the attack was initially minimized, the public began to see the full extent of the breach by January 2021. In spring 2020, hackers added malicious code to the software of SolarWinds and Microsoft. The hacked code was introduced into the software of SolarWinds, Microsoft and VMWare to allow for customers’ private data and information to be accessed from a backdoor. Even worse, the breach went unnoticed over many months, potentially exposing sensitive information from 300,000. SolarWinds customers include Fortune 500 companies and U.S. government departments.
February: Investigations Show Poor Communication and Lack of Standards
The government and watchdog agencies realized how dangerous and far-reaching a simple update to software could be and worked together to find a solution before another cyberattack could occur. The House Oversight and Homeland Securities committees held hearings in February to find out the details of the massive SolarWinds hack and who is responsible. Experts in cybersecurity point to Russia’s Foreign Intelligence Service, but experts also said that the cybersecurity gaps were caused by a lack of cybersecurity personnel, poor communication between government agencies and companies, and a lack of smart practices and global standards. The potential for a breach was essentially a pie on the windowsill that was just waiting to be eaten.
March: $40M Paid In Insurance Ransomware Incident
The ransomware attacks appeared to be operating quietly at first. The hackers locked down the entire network and would only release the encryption key if the target paid. CNA Financial, a major insurer, paid $40 million in ransom in March to recover their large amount of data. Although ransom payments are not usually disclosed, the ransom payment was larger than any previously disclosed payments made to hackers, according people who have been involved in ransomware negotiations. It is also possible that other cybercriminals will be inspired by the fact that it has been made public.
April: Facebook and Police Departments Targeted
April started like a lion, and it stayed that way until May. Social media Goliath Facebook was hit with one of the largest data breaches in its history. A user uploaded the data of more than 533 million Facebook users online free of charge, including full names, addresses, phone numbers, and biographical information. Profiles from more then 106 countries were exposed, with more than 30 million accounts in America. Experts point out that although the data was technically “old”, i.e., it was only from 2019, the data contained identifiers that don’t change often, if any, such as full names, birthdates, phone numbers, and email addresses.
Facebook was not the only victim. One company that finds software vulnerabilities is vulnerable. This proves that no company can be completely safe. Codecov, a software auditor used by over 29,000 companies, discovered in April that it had suffered a security breach several months ago and was forced to play catch-up to reduce the risk.
April was not done. The hacker group Babuk threatened to release 250 gigabytes of data, including lists of persons of interest and police informant information. Babuk, a hacker group, threatened to release 250 gigabytes data, including arrest records and information about police informants.
In the last month, two police departments in small cities in Maine and Azusa, California were targeted.