Observability is one of the biggest trends in technology today. The ability to know everything, understand your system, and analyze the performance of disparate components in…
2021 was quite a year. Some things changed, and some things very much stayed the same. The world of cyber security was not immune to this zeitgeist, with some aspects of the threat landscape persisting and some rapidly changing and evolving.
This piece will examine the key trends in the cybersecurity threat landscape that we saw over the last year. Covering topics from trojans to the pandemic, and everything in-between, by the end of this article, you should have a strong understanding of what happened in 2021. You might even feel better equipped to deal with 2022.
Unfortunately, COVID-19 is something that didn’t leave our shores for good in 2021. While the world continued to recover from the worst pandemic in a century, COVID-19 brought its own challenges for the cyber security industry and its practitioners.
The pandemic and shift to working from home presented challenges for organizations’ infosec teams. With phishing scams and their success on the rise, employers had to deliver more advanced training on social engineering scams. The lack of a traditional office environment was compounded by the lack of a traditional office. People who previously would have “sense-checked” an email with a colleague before opening it.
A further challenge that COVID-19 presented in 2021 was that many organizations, particularly small and medium-sized businesses, didn’t have the resources to kit out their employees with secure and vetted laptops for home working. Consequently, companies worldwide introduced ‘bring your own device’ policies for home working.
This, in conjunction with the rise in the efficacy of phishing scams, necessitated a heightened approach to endpoint monitoring, something that many companies are still on the road to adopting. In 2021, the average cost of an end-point security breach was close to $9.5million, so organizations with effective observability strategies and endpoint monitoring were well-positioned for COVID-19 from a security perspective.
While a Deloitte study indicated that the working from home conditions caused by the pandemic increased the risk of malicious insider threats, risks presented by other types of insider threats were also on the rise in 2021.
Misconfigured systems are a vital risk element of insider threats, and they aren’t always there maliciously. Human error is a far greater cause of security incidents and data breaches than those perpetrated by hackers.
In early 2021, the Brazilian branch of Experian, Serasa, experienced the leak of 220 million individuals’ personal data. While the investigation is still ongoing, early signs indicate that this resulted from an insider threat. Sadly for Experian, it isn’t the first time they have been the victims of a significant data breach.
Even companies like Peloton, who saw massive success owing to the pandemic, were not immune from insider threats. While it doesn’t appear to have been malicious, a misconfigured API gave anyone the ability to access users’ data. While Peloton protests that no one maliciously accessed this API, it’s another example of how insider threat, malicious or not, has the potential to open up a raft of problems for an organization.
Practices like GitOps and embedding observability practices in your development pipeline are great ways of ensuring that you don’t overlook the obvious when configuring new features or setting security policies. This will help stop you from falling victim to the “unintentional” or engineered insider threat.
Before the beginning of 2021, it seemed like trojan attacks had become somewhat passé, lost to the days of the early to mid-noughties and replaced by the much more fashionable ransomware. Unfortunately, the Solarwinds attack changed that, at least temporarily.
While the actual Solarwinds attack happened in 2020, most of the impact was felt in 2021. Essentially, hackers could inject malicious code into Solarwinds applications that shipped to customers, who were vulnerable due to the compromised software. This particular attack gained a large amount of publicity because of the caliber of Solarwinds’ customers, ranging from the US government to Microsoft.
While it’s common in security companies’ marketing to see rhetoric around how long a hacker resides in your system, the Solarwinds attack was living proof of that. Investigations indicate that Solarwinds pushed patches and updates with compromised code to their customers as early as March 2020. The nature of the malware was so sophisticated that not only did it go undetected for such an extended period, but it also gave the hackers the ability to access users’ systems and install even more malware and exfiltrate data.
A year on from the Solarwinds announcement, we have yet to hear the full extent of who and what was affected. It has raised the profile of these “supply chain attacks,” which target a trusted vendor and use their relationship with their customer network to distribute malware and exfiltrate data. It’s also made organizations challenge their traditional vendor relationships and look in-house or to systems integrators to build out tools.
How can you stop yourself from falling victim to another Solarwinds-type attack? Well, one option is to build everything in-house. However, if Microsoft isn’t doing that, it might be a little unrealistic. You can use cross-system observability to detect supply chain attacks earlier and minimize the subsequent damage. Are you using machine learning to baseline standard network traffic across your load-balancers to identify anomalous behavior better? Maybe you should.
From a technologist’s perspective, it certainly feels like 2021 was the year of the hybrid cloud. COVID-19 certainly had a role in that, but several other factors drove businesses towards a hybrid cloud in 2021. Chief among them is companies are increasingly adopting open standards to avoid vendor lock-in.
However, with hybrid cloud adoption comes a new range of threats and a new attack vector for many organizations. Previously on-premise companies will have to grapple with cloud security principles, which will bring their challenges and risks. Businesses will have to adopt containerization technology to effectively use hybrid cloud, which again carries its own security considerations.
It’s not just threats, though. Hybrid cloud presents real opportunities for innovation in cyber security. Public cloud can be used as a vault for ransomware protection (see the section below for more) or simply as a DR datacenter. These new architectures mean even smaller businesses can take advantage of the scalability and elasticity of the cloud for cyber security use cases.
Hybrid cloud security is an area where observability is vital. The ability to homogenize metrics, alerts, and triggers across your entire estate (on-prem and in the cloud) is invaluable in maintaining a healthy and protected infrastructure.
It wouldn’t be a cyber security blog without talking about ransomware, would it? It’s estimated that ransomware has cost companies and individuals $6 trillion in 2021, which is a staggering figure. Ransomware dominated the news in 2021, and that’s because its victims were mainly government institutions or household brands.
Surprisingly, financial services businesses received fewer successful cyber attacks than any other major industry. That’s not to say that they weren’t targeted, but it likely speaks to the enhanced security procedures banks and insurance companies have in place specifically to deal with ransomware.
As ransomware dominated the news, our inboxes, webinars, and LinkedIn targeted adverts followed suit with a range of recommendations, promises, and statistics about how to prevent it. But what do we know about preventing ransomware attacks?
You need an effective malware detection system and firewall, you need zero-trust networking, you need backups and fast recovery capabilities, and you need immutability. Stringing these together in a clever way, using automation, or making the best of hybrid cloud will undoubtedly help, but one key component will make a real difference.
The ability to visualize and monitor all of the components mentioned above on a single pane of glass is vital. Think of it as your ransomware dashboard. Having an observability platform that shows you if you’re protected, what your most recent valid backup is, and what your RPO will be.
A pervasive known vulnerability spanning every industry and touching most companies certainly wasn’t an ideal end to 2021.
The log4j vulnerability was made public in December 2021, and it had everyone refactoring their code, releasing urgent patches, and questioning their use of libraries in production code. We still don’t know the worldwide effect of the log4j vulnerability, and it may take some time for that to become clear. Some early victims, such as the Belgian Defense Ministry, have already emerged. More will undoubtedly follow.
What we do know is this – organizations’ use of libraries in production code will be reviewed. Also, SRE teams need to think about their ability to push fixes rapidly and roll back releases. We mentioned combining GitOps and observability above, but if there was ever a compelling reason to act, log4j was it.
This article may seem like the cyber security world was largely on fire in 2021. Not true. There were victims of all of the key trends mentioned above, and trillions of dollars will have been spent, paid, or fined as a result. But not every company was a victim to these threats, and those that aren’t are either lucky or doing things differently. It’s difficult to prescribe luck, but at Coralogix, we can offer a different approach.
By taking a holistic view of security underpinned by a leading observability platform, you can monitor and observe what’s going right and what might be going wrong at all times in your infrastructure. Sometimes you need to zoom out to deal with the problem effectively, and Coralogix gives you the ability to do just that.