Skip to main content
search
BlogCybersecurityIT Services

SWK Cybersecurity News Recap December 2021

By December 14, 2021January 17th, 2022No Comments

december-2021-cybersecurity-news-recap-SWK-technologies-logj4-java

As if October and November were not already filled with stories of cyber incidents, December has shaped up to be possibly the biggest month for cybersecurity news for all of 2021. This is because besides the general and perhaps too common reporting on ransomware attacks, one of the most severe and potentially widespread exploits was discovered affecting the popular Java programming language. This means that millions upon millions of computer applications are susceptible to this vulnerability, making this a priority threat.

Log4j Puts Java Apps at Risk in Possibly Biggest Vulnerability Ever

Log4j is a Java logging tool supported by the Apache Software Foundation, a nonprofit devoted to open-source projects. In early December 2021, Alibaba Cloud’s security team informed Apache that they had discovered a remote code execution (RCE) vulnerability in Log4j version 2 (CVE-2021-44228 AKA Log4Shell), prompting the organization to quickly send out a public security advisory. RCE exploits essentially allow hackers to leverage a bug to bypass permission controls and access the system externally using built-in remote protocols, eventually taking over the entire machine.

Several big-name services and software brands have already been confirmed to be impacted by the Log4j exploit, including Amazon Web Services (AWS), IBM, Cisco, Microsoft and Google Cloud. Security researchers have already found evidence of the vulnerability being utilized “in the wild,” and some observers have noticed activities around it spiking once the news became public. Apache has released a fix with version 2.15.0, and is still continuing to update the application, but experts predict that this bug will affect cloud apps for some time.

Here are some resources a few of the enterprise vendors affected have posted:

Windows 8 and Windows 7 Will Lose Compatibility with OneDrive

Users still on Windows 7, Windows 8 and Windows 8.1 machines will cease receiving updates to OneDrive January 1, 2022, and will lose the ability to synchronize with the greater Office 365 cloud by March 1, 2022. Some readers will no doubt recognize this latter date right away – it is the same deadline for switching to the increased pricing for several Microsoft 365 for Business licenses, as well as for month-to-month M365 plans. This seems to be part of Microsoft’s general push towards migrating customers from legacy systems – both software and hardware – to newer generations, with more up to date security controls.

Despite many warnings and even a few proof-of-concept examples in the wild of the vulnerability of these legacy operating systems to cyber attack, there are still many users remaining on these outdated OSes, putting connected networks in danger. The risk of a wormable attack only grows with the extension of endpoints within the cloud, as OneDrive and SharePoint integrate every workstation on the organizational license to a shared database. Microsoft is essentially forcing migration and ultimately a better standard of cybersecurity, albeit at the expense of users who cannot move to Windows 11 without performing a costly hardware upgrade.

cyber-security-news-logj4-onedrive-windows-7-8-hacking-ransomware

Ransomware Increases Over Holidays & Weekends

Though it is technically old news, a warning from the FBI and the DHS’s Cybersecurity and Infrastructure Agency (CISA) on cyber attacks increasing during holidays – and weekends – is only proving even more true as incidents ramp up in the time between Thanksgiving, Chanukah (Hanukkah), Christmas and New Year’s Eve (see list below). Similar spikes were seen during past celebrations and office closings, especially during extended holiday weekends such as Mother’s Day, Memorial Day and the Fourth of July. This parallels the growing commercialization of the malware ecosystem, with ransomware-as-a-service (RaaS) affiliates increasingly behind most attacks, and reflects the move from big sophisticated campaigns back to easier “drive-by” hits against a greater volume of unsuspecting targets.

US & Allies Still Pursuing Ransomware Gangs

In the aftermath of the attacks on Colonial Pipeline, JBS, Kaseya and others – and the subsequent takedown of REvil and many affiliates as direct consequences of these incidents – the momentum has continued in the hunt for ransomware gangs. More arrests have been made by the seemingly ad hoc multinational coalition, however, even some of the unmasked perpetrators are still beyond these nations’ collective reach and many of the others remain hidden. Here are several updates on the latest related stories:

List of Recent Cyber Incidents & Related Events

There have been many, many confirmed breaches throughout recent months and likely many more that went unreported. Here is a quick list of some of the top cyber incidents along with additional insights put together by researchers, as well as a few actions taken to combat the attackers:

Using the Lessons of 2021 to Improve Cybersecurity in 2022

Though 2020 and 2021 have presented daunting challenges to cybersecurity, the knowledge gained can help your organization better prepare yourselves for the obstacles of the new year. There are still several initiatives you can take to secure your data and systems at the ground level, and improve your cybersecurity stance for 2022 – watch our webinar to learn more.

Sign up to watch our webinar here, and discover how to gain a better understanding of and ultimately improve your cybersecurity going into 2022.

SIGN UP TO WATCH
Close Menu
SWK Technologies