Cyber security is one of the top agendas for IT leaders in 2021 and consists of news, the latest updates, and analysis. Amongst thousands of cyber security stories, there are top 10 updates that require great attention. The news ranges from Solar Wind’s experience, Russian spooks, US president standing up for cybercriminals, vulnerability disclosures, privacy, and NSO spyware.
- US cyber security agencies receive $9bn in Biden plan
In January 2021, Joe Biden prepared for his inauguration after the Solar Wind’s attack and earned $9bn to raise the US cyber defense capabilities. Biden took the early initiative on security issues, and cyber became the focus for the incoming administration after the Donald Trump years. This, as a result, set an agenda for more to come. - Hackers Stole 70GB of personal information from Right Wing Social Platform Gab
In February 2021, a group of hackers called DDoSecrets accessed different information and leaked 70GB of data from Gab Users. Gab identifies itself as a platform for individual liberty, free speech, and the flow of online information. After such a data leak, Gab has been criticized for conspiracy theorists and harboring far-right extremists illegally. The data included personal information like passwords, posts, and other details which hackers accessed through SQL injection vulnerability. This was done to manipulate the SQL database. Gab stated that this leak was less harmful as data like social security numbers and phone numbers were not leaked and stolen. - Internet of Thieves Targets Internet of Things
In March 2021, Sierra Wireless, the vendor of Internet of Things (IoT), paused operations after a ransomware attack on 20th March. A company based in Vancouver is a seller of cellular-based machines which machines communication products and maintain cyber security. This breach was so robust that it forced Sierra to shut down production, take the website offline and disrupt the functions of the internal system. The kind of ransomware was not suspected, and what are the attackers’ demands. - Scammers accidentally revealed Amazon fake review data
In April 2021, an illiterate scammer exposed over 13 million data records through the ElasticSearch database. This was related to a fake review scam involving different Amazon users and vendors in unethical and illegal behavior. According to Investigation, it was found that this unsecured server was located physically in China, but data of the individuals were from Europe and U.S. The owner of the ElasticSearch Server was not identified and hence not notified to the company. - Air India: A Massive Data Breach
In May 2021, there was a massive data breach of Air India where the personal information of 4.5 million passengers was affected, including their credit card details. This was notified by Air India’s data processor SITA PSS. All the details like DOB, name, password information, ticket information, and contact details of the passengers were stolen. Air India took corrective measures and spoke with all regulatory bodies. SITA is situated in Geneva, Switzerland, and has informed the following organisations of their duties. The airlines secured the hacked servers, enlisted the help of several outside experts, and changed the passwords of regular passengers. - Privacy experts are concerned over the NHS data collection plans
In May 2021, the public was warned of the NHS digital plans by the security and data privacy experts to scrap medical data on 55 million patients in England to a new database. GRDRP database contained sensitive information like medications, test results, symptoms, allergies, immunizations, and appointments. This also included information like physical and mental health, ethnicity, sexual orientation, and other data. It had some pending changes, but it highlighted data collection and transparency in service development for the IT team. - How did the UK Cyber Security Council plan to professionalize security
In June, the UK cyber security council was officially launched in 2021 for cyber security professionals to make a vast representation for the sector and accelerate awareness. This helps in promoting excellence through leadership, education, lobbying government, and career tools to promote the UK’s cyber sector. Claudia Natanson, a cyber veteran, also stated her plans as well. - Pegasus mobile RAT has been abused to monitor journalists and activists
In July 2021, over 50,000 phone numbers of journalists, activists, and others were exposed to the world’s most expressive regimes, which illegally used Pegasus remote access trojan (RAT). As a result, different questions were raised for the work of the Israel-based cyber-surveillance specialist NSO group in July. The NSO Group has hemorrhaged investment and support and became the central subject of US governed sanctions. - Half of MS Exchange servers are at risk in ProxyShell debacle
In August 2021, the users failed to patch the servers of Microsoft Exchange properly, and as a result, it led to distinct vulnerabilities. Following this episode, Microsoft came under fire after such miscommunications. Redmond patched two bugs that formed a chain to achieve remote code execution on a target system in April 2021. The IT teams did not assign them any CVE number - Travel-themed phishing lures spiked this summer
In September 2021, the Palo Alto Unit 42 research team Anna Chung and Swetha Balla showed how cyber criminals exploited people’s desires with the return of the summer holidays in September. A warning was given to CISOs to pay attention to their end-users and what they are clicking on. The team stated how these phishing lures were stealing data and account credentials. - Cyber experts: How to nobble a Nobelium attack
In October 2021, a Russian APT Nobelium attacked Solar Winds and has been a subject of research and analysis. This is a renewed surge that targeted organizations in the IT channel and issued fresh warnings from the community. The security experts and advice shared insights were given to the NSOs to thwart a Nobelium supply chain attack. - TSMC and Sony greenlight of USD 7 billion chip factory in Japan
In November 2021, Taiwanese chipmaker Taiwan Semiconductor Manufacturing Company stated that it would collaborate with Japanese electronics Sony to build a chip factory in Japan. The first $7 billion investment would be made. Sony has agreed to give $500 million. Mass manufacturing is expected to begin by the end of 2024. A cooperative venture solved a global semiconductor shortage that impacted producers from several industries. - Ubisoft has confirmed a “Just Dance video” game data breach
Ubisoft has a popular video game franchise known as “Just Dance.” In December 2021, a few days back, different unknown actors targeted this video game and announced a data breach. The attackers accessed the customer information after taking advantage of a misconfiguration to steal data. No Ubisoft account has been hampered. The data breach included Gamertags, profile ids and device ids, and dance video recordings which were shared publicly on social media profiles.
To get the latest updates on various cyber-related events & other things, you can join our Whatsapp group (https://chat.whatsapp.com/K7m7CdXZtFz1zDuxj6MRFp) /Telegram Channel (https://t.me/wcsforum)
Sharanya Chakraborty
Content Writer, WCSF