As this Friday falls on New Year’s Eve, rather than taking our usual look back at the week’s Good, Bad and Ugly stories, we thought we’d take this opportunity to cast our retrospective gaze over the whole of 2021 and bring you the best, the worst, and the ugliest moments of the year.
The Best
There’s been some great moments during 2021 both for SentinelOne in particular and cybersecurity in general. SentinelOne’s IPO in June not only took the company to its next stage of evolution but was the largest cybersecurity IPO in history.
Just prior to that, our innovative, best-of-breed Singularity platform had aced MITRE Engenuity’s annual evaluations. No other vendor’s offering was able to match SentinelOne’s performance, with MITRE finding that SentinelOne was the only vendor with 100% visibility, zero missed detections and no configuration changes throughout the entire evaluation period.
Among other innovations during 2021, SentinelOne expanded its offerings to include Mobile Threat Defense, offering customers the ability to manage mobile device security alongside their user workstations, cloud workloads, and IoT devices.
The year also saw the U.S. government begin a long-overdue crackdown on cybercrime, with initiatives to beef-up Federal defenses and pursue criminals attacking the U.S. while hiding abroad. Alongside Biden’s Executive Order and pledges of financial support from private enterprise, the government announced new export controls on the sale of hardware or software that could be used in cyberattacks against the U.S., as well as sanctions against a number of spyware companies.
Among a number of arrests and seizures during the year, law enforcement broke a new record for the number of cybercriminals nabbed in a single operation when Interpol announced the arrest of over 1000 cyber criminals in operation HAECHI-II.
The Worst
If there’s one thing you won’t find much disagreement about in infosec, it’s that this year has had more than its fair share of bad moments. Our weekly news roundup was dominated throughout 2021 by two main themes: severe vulnerabilities and ransomware attacks.
In June, details emerged of a remotely exploitable vulnerability in the Microsoft Windows Print Spooler service affecting all versions of Windows, appropriately dubbed PrintNightmare. Related CVEs (CVE-2021-34527 and CVE-2021-1675) that allow remote code execution were quickly folded into popular attack tools like Mimikatz and Metasploit and caused untold headaches for IT and SOC teams around the world.
That crisis-for-admins was followed by local privilege escalation HiveNightmare (CVE-2021-36934) in August. An attacker with a foothold on a system could use the flaw to extract registry hive data, including hashed passwords, which in turn could be used to further elevate privileges.
Even more lost weekends were on the cards in December when things went from bad to worse with the Log4j2 vulnerability. We will be seeing the effects of this for some time to come, as organizations struggle to understand their exposure to a vulnerability in the widely-used Java logging utility.
The Ugliest
Which brings us to ransomware. While there’s no doubt about the severe threat that unpatched vulnerabilities can pose to businesses, ransomware attacks can and do have life-threatening and business-ending consequences for those affected by them.
In 2021, threat actors made quick and regular work of public sector organizations that failed to protect their networks, with schools and hospitals both at home and abroad being frequent victims.
But arguably the ugliest of the year in terms of collateral damage felt beyond the domain of the immediate victim was the Colonial Pipeline attack by DarkSide ransomware. The attack in May led the states of North Carolina, Virginia, Georgia, and Florida to declare a state of emergency and to fuel prices rising to an average of $3 a gallon, with some outlets charging double that in the face of panic buying.
Even the bad guys felt the shockwaves, as underground crimeware forums began to ban discussions of ransomware for fear of retribution by the authorities.
That, alas, did little to stem the real-world threat of further ransomware attacks, and the year carried on pretty much as it started, with new threat actors, new ransomware families and, of course, new attacks.
Will 2022 see defenders get the upper hand over attackers, or will organizations yet again be up against the ropes? Our predictions for this coming year can be found here.
Our regular weekly roundup will be back next week as usual, and in the meantime, from all of us at SentinelOne, we wish you a happy and secure New Year 2022!