A Look Back at 2021
One might think after a year like 2020, anything that may follow would be a breeze, but 2021 hasn’t been the easiest year for cybersecurity professionals, thanks to widespread attacks and ever-changing threats from advanced actors. Our community has responded to these threats seeking out ways to navigate them, with help from the experts. From SolarWinds to Log4j, and everything in between, this is a look back at everything we saw in cybersecurity for 2021.
January: Fallout from SolarWinds
The reality of the SolarWinds Orion Software supply chain compromise began to really take form. Data Connectors kicked off 2021’s Virtual Summit series in the Denver and Salt Lake City region, featuring a keynote from Dave Sonheim, Cybersecurity Advisor for Region VIII.
In his talk, he offered some of the earliest official insights on what came to be called Emergency Directive 21-01 to the local audience, including the best ways to ensure that organizations can determine whether or not they’re affected by the breach.
“The key now is to build on our public and private partnerships by sharing information to assist the community in understanding their risk exposure while taking steps to identify and mitigate any further compromise,” Sonheim said at the time.
March: Microsoft Exchange Breach Affects Thousands
The cybersecurity world was barely coming back from SolarWinds when Microsoft announced on March 2 that it’d discovered a series of zero-day exploits for on-premises Microsoft Exchange servers. More than 250,000 organizations worldwide were impacted.
Following this announcement, DHS-CISA Cybersecurity Advisor Klint Walker joined the Southern California Virtual Cybersecurity Summit on March 11 to offer an emergency briefing on Directive 21-02.
“Within 24 hours though, we (CISA) started noticing that there were already exploitations of those vulnerabilities,” Walker said at the time. “Look at how fast that gap closed; the vulnerabilities were announced and immediately people were exploiting them, or maybe they were even exploiting them before the vulnerabilities were announced. Every moment that you are not patched and you are not taking mitigation efforts is putting you at risk.”
The attack, Operation Exchange Marauder, was likely carried out by Chinese state-sponsored hacker group Hafnium.
“This isn’t (HAFNIUM’s) first rodeo; there’s been activity seen from HAFNIUM in the past. Usually, they compromise victims by exploiting vulnerabilities, especially anything that’s internet-facing,” Walker told the Data Connectors audience. “Once they’ve gained access to your network, they’re going to exfiltrate as much data as they possibly can.”
May: Ransomware Attack on Colonial Pipeline Grinds Southeast to a Halt
The earliest days of summer started with a ransomware attack that impacted millions of Americans at the fuel pump, when hacker group DarkSide breached the Colonial Pipeline’s network, likely via a phishing scam. Out of abundance of caution, the pipeline was then shut down – limiting access to fuel across the southeastern United States.
This news caught the attention of many cybersecurity professionals across the country, as well as from former assistant CISA director John Felker, who addressed the breach in a LinkedIn Live session for the Data Connectors community. He also further discussed the concept of Ransomware-as-a-Service – as DarkSide had presented itself following the attack.
“They want to make it sound like they’re good guys, when actually, they’re criminals,” Felker said during the May 18 LinkedIn Live.
“There was noise in the media that made it sound like Colonial wasn’t as forthcoming as they could have or should have been. I think it goes back to the dramatic impact that the breach cost,” he said. “Because of the political impact and the impact overall of this particular breach, I suspect we’ll see a change in regulation that requires more timely reporting.”
As cyber experts began considering what can be learned from this attack, the current administration issued an 8,000-word executive order regarding cybersecurity requirements for government contractors.
Event Highlight: June: Looking for Love in All the Wrong Places
The US Secret Service teamed up with Data Connectors to present the Romance Scam Symposium on June 24, seeking to share the risks and threats involved with unwittingly getting involved with an internet scammer. Featuring sessions from AARP, Agari and Lincoln Financial, the event sought to inform the public of the risks involved.
“The Secret Service and our many partners across both the private and governmental sectors, work diligently to protect our citizens from criminals who would seek to enrich themselves by extorting the most vulnerable in our society,” said Stephen Dougherty, Forensic Financial Analyst for the Secret Service at the time.
“These scammers should know that their actions carry real consequences, both for their victims and for themselves, and that there are dedicated agents, analysts and prosecutors who will go above and beyond to find them, identify them and hold them accountable for their crimes,” he said.
September Event Highlight: The Return of the Conference Series
The Data Connectors team moved to a virtual format for the first time in March 2020 – the first in the industry to do so in light of the global pandemic – after a nearly 20-year history of in-person conferences. And as pandemic restrictions began to lift throughout the country in summer 2021, the team made the important decision to get back on the road once more.
On Sept. 22, 2021, the Data Connectors team hosted the Los Angeles Cybersecurity Conference at the Pacific Palms Resort in LA, inviting security professionals from the region to meet for the first time in over 18 months.
“As the first organization to bring our immersive virtual cybersecurity summits amid the pandemic, we felt it was fitting we are the first to move back,” Dawn Morrissey, CEO and founder of Data Connectors said in July. “Our Virtual Summits are best-in-class, and we have found new ways to connect with our membership, so we’re excited to continue offering them, while at the same time responding to our community’s desire to start connecting again in-person,” she added.
Since then, the Data Connectors community has gathered hundreds of security professionals in Miami, Dallas, Atlanta and St. Louis, and will continue holding in-person events and hybrid live virtual summits tailored to the surrounding regions.
December: Log4j Vulnerability Rocks Security Industry
Just a year after the SolarWinds zero-day vulnerability hit the headlines, the security industry is feeling the impact of the log4j vulnerability. Log4j, which was officially uncovered on December 9, 2021, is a vulnerability in the Apache Log4j Java logging library, according to a security advisory from Cisco. CVE-2021-44228, a remote code execution (RCE) vulnerability in Apache Log4j 2 referred to as “Log4Shell.”
The Data Connectors community quickly responded to this major threat, which is far-reaching as any organization that uses Java is impacted. CISO and community member Naomi Buckwalter shared a list of ten things that defenders need to know in order to combat this.
“This exploit is not only publicly known, the barrier to entry is LOW. Anyone, including your 5yo playing Minecraft, can use this exploit. It’s as simple as typing in a few characters into a chat box,” she wrote in the post.
December Event Highlight: State of Cyber 2021
In partnership with the St. Louis InfraGard Members Alliance, Data Connectors hosted the State of Cyber 2021 Conference in its hometown of St. Louis on Dec. 1-2, followed by a Virtual Summit on Dec. 14-15. The Conference featured sessions from the FBI, the US Secret Service, and CISA, and highlighted the value of collaboration in cybersecurity.
The two-day conference (and its complementary virtual summit) featured an inter-agency panel where some of St. Louis’s top federal cyber cops discussed what happened in 2021, and what the industry can expect in the coming year.
“The State of Cyber 2021 is a great opportunity for the Secret Service to meet with corporations and security directors to talk about the trends and tactics we’re seeing imposed on the civilian population and also corporations themselves,” US Secret Service Special Agent in Charge Thomas Landry told Fox2Now. Landry is based in the St. Louis field office, and was featured as a key speaker during the conference.
Looking Ahead: What to Expect in 2022
The Cybersecurity Conference Series as well as the Virtual Cybersecurity Summit Series will continue through 2022, with both in-person and virtual visits across North America, in order to reach the more than 650,000 members of the Data Connectors Cybersecurity Community.
Preview the 2022 schedule and mark your calendar for an upcoming event in your city.
Recent news posts
Can the Texas Power Grid Stand Up Against Cyber Attacks?
The End User: Tales from the Cyber-Adjacent
Uber Breached as Former Security Chief Goes to Trial
Recent Attacks Highlight a Growing Threat Landscape for Latin America
Security, Marketing Experts Connect Through Email Authentication Tools in Upcoming Webinar
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.