As if October and November were not already filled with stories of cyber incidents, December has shaped up to be possibly the biggest month for cybersecurity news for all of 2021. This is because besides the general and perhaps too common reporting on ransomware attacks, one of the most severe and potentially widespread exploits was discovered affecting the popular Java programming language. This means that millions upon millions of computer applications are susceptible to this vulnerability, making this a priority threat.
Log4j Puts Java Apps at Risk in Possibly Biggest Vulnerability Ever
Log4j is a Java logging tool supported by the Apache Software Foundation, a nonprofit devoted to open-source projects. In early December 2021, Alibaba Cloud’s security team informed Apache that they had discovered a remote code execution (RCE) vulnerability in Log4j version 2 (CVE-2021-44228 AKA Log4Shell), prompting the organization to quickly send out a public security advisory. RCE exploits essentially allow hackers to leverage a bug to bypass permission controls and access the system externally using built-in remote protocols, eventually taking over the entire machine.
Several big-name services and software brands have already been confirmed to be impacted by the Log4j exploit, including Amazon Web Services (AWS), IBM, Cisco, Microsoft and Google Cloud. Security researchers have already found evidence of the vulnerability being utilized “in the wild,” and some observers have noticed activities around it spiking once the news became public. Apache has released a fix with version 2.15.0, and is still continuing to update the application, but experts predict that this bug will affect cloud apps for some time.
Here are some resources a few of the enterprise vendors affected have posted:
Windows 8 and Windows 7 Will Lose Compatibility with OneDrive
Users still on Windows 7, Windows 8 and Windows 8.1 machines will cease receiving updates to OneDrive January 1, 2022, and will lose the ability to synchronize with the greater Office 365 cloud by March 1, 2022. Some readers will no doubt recognize this latter date right away – it is the same deadline for switching to the increased pricing for several Microsoft 365 for Business licenses, as well as for month-to-month M365 plans. This seems to be part of Microsoft’s general push towards migrating customers from legacy systems – both software and hardware – to newer generations, with more up to date security controls.
Despite many warnings and even a few proof-of-concept examples in the wild of the vulnerability of these legacy operating systems to cyber attack, there are still many users remaining on these outdated OSes, putting connected networks in danger. The risk of a wormable attack only grows with the extension of endpoints within the cloud, as OneDrive and SharePoint integrate every workstation on the organizational license to a shared database. Microsoft is essentially forcing migration and ultimately a better standard of cybersecurity, albeit at the expense of users who cannot move to Windows 11 without performing a costly hardware upgrade.
Ransomware Increases Over Holidays & Weekends
Though it is technically old news, a warning from the FBI and the DHS’s Cybersecurity and Infrastructure Agency (CISA) on cyber attacks increasing during holidays – and weekends – is only proving even more true as incidents ramp up in the time between Thanksgiving, Chanukah (Hanukkah), Christmas and New Year’s Eve (see list below). Similar spikes were seen during past celebrations and office closings, especially during extended holiday weekends such as Mother’s Day, Memorial Day and the Fourth of July. This parallels the growing commercialization of the malware ecosystem, with ransomware-as-a-service (RaaS) affiliates increasingly behind most attacks, and reflects the move from big sophisticated campaigns back to easier “drive-by” hits against a greater volume of unsuspecting targets.
US & Allies Still Pursuing Ransomware Gangs
In the aftermath of the attacks on Colonial Pipeline, JBS, Kaseya and others – and the subsequent takedown of REvil and many affiliates as direct consequences of these incidents – the momentum has continued in the hunt for ransomware gangs. More arrests have been made by the seemingly ad hoc multinational coalition, however, even some of the unmasked perpetrators are still beyond these nations’ collective reach and many of the others remain hidden. Here are several updates on the latest related stories:
- The US State Department offered an up to $10 million reward for information on DarkSide group leaders, and up to $5 million for affiliates
- The Daily Mail tracked one of the Russian affiliates of REvil indicted by the US Department of Justice to a mansion in Siberia, where he is apparently living with impunity from local law enforcement
- NSA Directory and head of US Cyber Command, General Nakasone, confirms that the US military is actively pursuing, gathering intelligence on, and taking action against ransomware gangs
- Canada, Ireland and other countries confirm operations against local ransomware affiliates in their jurisdiction
- Romanian authorities made another arrest of a local ransomware affiliate, suspected of hitting several targets worldwide
- US and Canadian law enforcement arrest a Canadian ransomware affiliate on multiple charges from both sides of the border
List of Recent Cyber Incidents & Related Events
There have been many, many confirmed breaches throughout recent months and likely many more that went unreported. Here is a quick list of some of the top cyber incidents along with additional insights put together by researchers, as well as a few actions taken to combat the attackers:
- The owners of the Robinhood trading app reported that their database was breached, exposing the data of 7 million users
- Several Virginia legislative agencies were forced to shut down their computer systems after a ransomware attack was confirmed
- Car manufacturer Volvo gave public notice of a data breach, but would not confirm if the incident was related to ransomware
- New York City’s MTA shut down after its timekeeping software provider suffered a ransomware breach
- A ransomware gang claimed it successfully hacked the NRA
- NJ-based food importer Atalanta reveals it was victim of a breach in July 2021
- A report revealed that over 92% of all computer vulnerabilities can be used for ransomware
- Microsoft seizes 29 domains linked to nation-state cyber attacks
Using the Lessons of 2021 to Improve Cybersecurity in 2022
Though 2020 and 2021 have presented daunting challenges to cybersecurity, the knowledge gained can help your organization better prepare yourselves for the obstacles of the new year. There are still several initiatives you can take to secure your data and systems at the ground level, and improve your cybersecurity stance for 2022 – watch our webinar to learn more.
Sign up to watch our webinar here, and discover how to gain a better understanding of and ultimately improve your cybersecurity going into 2022.