6 Cybersecurity Revelations from Last Year

A Year of Escalating Cybersecurity Challenges

The last twelve months have presented significant difficulties within the cybersecurity landscape. Identifying vulnerabilities is a constant process in cybersecurity, and this year witnessed a seemingly simultaneous emergence of numerous critical issues, particularly towards its conclusion. Despite these challenges, our understanding of these threats has demonstrably increased.

This article provides a retrospective overview of the past year, highlighting key lessons learned.

1. The True Cost of Ransomware Lies in Disruption

The proliferation of file-encrypting malware remains a major concern. This year alone, ransomware attacks disrupted municipal operations, impeded financial transactions, and even caused fuel supply shortages, with entire corporate networks held hostage for substantial cryptocurrency payments.

The U.S. Treasury Department projects that ransomware operators will likely generate more revenue from ransom payments in 2021 than they have in the previous ten years combined. However, studies indicate that businesses incur the greatest financial losses due to lost productivity and the complex process of recovery – encompassing incident response and legal expenses.

2. The FTC Gains Authority to Mandate Victim Notification by Spyware Developers

SpyFone has become the first spyware manufacturer to be prohibited in the United States, following a September order issued by the Federal Trade Commission. The FTC accused the “stalkerware” application developer of creating covert malware that granted stalkers and abusers unauthorized real-time access to victims’ data, including messages and location information.

Furthermore, the FTC directed SpyFone to delete all illegally obtained data and, for the first time, to inform individuals whose phones had been compromised by its software.

3. Venture Capital Funding for Cybersecurity Doubles

2021 marked a record year for venture capital investment in cybersecurity. By August, investors had allocated a total of $11.5 billion in venture funding during the first half of the year.

This represents more than double the $4.7 billion invested during the same period in the prior year. Notable funding rounds included a $543 million Series A for Transmit Security and a $525 million Series D for Lacework. Investors attributed this surge to the growth of cloud computing, security consulting, and risk and compliance services.

4. Secrecy Orders are Common in Government Data Requests to Microsoft

Technology companies are significant repositories of user data and, consequently, frequent targets of government requests for information related to criminal investigations. Microsoft this year highlighted a growing trend of the government attaching secrecy orders to search warrants, preventing the company from notifying users when their data is under investigation.

According to Microsoft’s consumer security chief, Tom Burt, one-third of all legal orders include secrecy provisions, many of which lack sufficient legal or factual justification. Microsoft emphasized that these secrecy orders are widespread throughout the technology sector.

5. The FBI Receives Authorization to Remotely Patch Compromised Networks

In April, the FBI initiated an unprecedented operation to eliminate backdoors in hundreds of U.S. corporate email servers that had been left by hackers. China was identified as the source of the widespread exploitation of vulnerabilities in Microsoft’s Exchange email software, used to compromise thousands of company email servers and steal contact lists and mailboxes.

These attacks left numerous servers vulnerable, prompting companies to implement fixes. However, these patches did not remove the backdoors, allowing hackers to regain access easily. A federal court in Texas authorized the FBI to exploit the same vulnerabilities to remove the backdoors, fearing further exploitation by malicious actors. While other nations have conducted similar “hack and patch” operations against botnets, this marks the first instance of the FBI actively remediating private networks following a cyberattack.

6. Unemployment Benefit Fraud Targets Car Insurance Websites

Several car insurance companies were targeted this year by an unusual, yet increasingly prevalent, scam. Metromile reported that a flaw in its website, used for storing insurance quotes, was exploited to obtain driver license numbers.

Subsequently, Geico confirmed that it too was targeted, and driver license numbers were scraped from its systems. Geico’s data breach notification revealed that scammers were using the stolen license numbers to fraudulently apply for unemployment benefits. Many U.S. states require a driver’s license to process unemployment claims, making car insurance companies attractive targets.

Further Information:

• The financial repercussions of ransomware recovery extend beyond ransom payments.
• Microsoft reports that one-third of government data requests include secrecy orders.
• The FBI launched an operation to remove backdoors from hacked Microsoft Exchange servers.
• Cybersecurity venture capital funding reached a record $11.5 billion in 2021.
• The FTC banned SpyFone and mandated notification of affected users.
• Metromile disclosed a website vulnerability that allowed unauthorized access to driver license numbers.
• Geico acknowledged a data breach involving the theft of customer driver’s license numbers for fraudulent unemployment claims.