The 10 Biggest News Stories Of 2021

3. Software Vulnerabilities Trigger Cybersecurity Alarms

As 2021 drew to a close, the IT industry was roiled by the discovery of critical vulnerabilities in the Java logging utility Apache Log4j, a cybersecurity threat that one IT executive described as a “Fukushima Moment” – a reference to the 2011 meltdown of the Japanese nuclear plant – and predicted that businesses around the world will spend years dealing with the repercussions.

The Log4j news wrapped up 2021, a turbulent year of cybersecurity vulnerabilities, threats and attacks, which began with the rapidly escalating damage caused by what became known as the SolarWinds attack.

Solution providers, managed service providers and the developers of tools used by MSPs sometimes found themselves in the middle of cybersecurity incidents, especially ransomware attacks. Among the biggest was the mid-year ransomware attack against Kaseya by the REvil gang that exploited a vulnerability in Kaseya’s VSA remote monitoring and management tool, putting dozens of MSPs and hundreds of their customers in jeopardy.

The year’s cybersecurity news was bookended by the SolarWinds and Log4j incidents.

The very extensive and very sophisticated SolarWinds cyberattack, first discovered by cybersecurity company FireEye in late 2020, is believed to have been the work of the Russian intelligence service APT29. Exploiting a vulnerability in SolarWinds’ widely used Orion network monitoring software.

Over the next few weeks investigators would discover that the attackers’ long list of targets included government agencies – including the Department of Defense, the Department of Homeland Security, the Department of State and the Department of Justice – as well as some 100 private sector companies including Microsoft and other leading IT vendors. A number of cybersecurity vendors disclosed that sophisticated hackers had attacked their internal systems, attempting to compromise their certificates or access their email – with many of the attacks linked to the SolarWinds attack. A Mimecast breach in January was also linked to the SolarWinds incident.

The repercussions of the Log4j vulnerability were still unfolding as 2021 came to an end. The software is used by many companies and organizations, from Apache and Apple to Minecraft and Twitter, giving threat actors an enormous attack surface to cause widespread global disruption. Using the remote code execution exploit vulnerability hackers can launch attacks with a single line of text.

By Dec. 15 Microsoft and other IT vendors began reporting evidence that the vulnerability was being leveraged by a variety of government-backed threat actors (from China, Iran and North Korea, among others) and ransomware groups. Companies reported to be taking steps to protect themselves from the Log4j vulnerability included Amazon Web Services, Cisco Systems, ConnectWise, IBM and VMware. Cybersecurity companies said to be taking action included Fortinet, Rapid7, RSA, SonicWall and Sophos.

Ransomware attacks have been increasing over the last several years with attacks against IT systems operated by hospitals and county and local governments. That has continued into 2021: IDC reported in August that in the previous 12 months more than one-third of all organizations globally had faced some kind of ransomware incident.

Perhaps the most visible incident came in May when a ransomware attack against Colonial Pipeline resulted in gas shortages in the Southeast.

Perhaps because of its widely used software products, Microsoft often found itself entangled in cybersecurity incidents. In August the company scrambled to release updates to Windows Print Spooler to fix vulnerabilities dubbed “PrintNightmare.” In September the hackers behind the SolarWinds attack stole data from Microsoft Active Directory Federation Services servers. And in November Iranian hackers were reported to be exploiting vulnerabilities in Microsoft Exchange ProxyShell and in Fortinet software to gain access to IT systems in advance of possible ransomware attacks.