Cyberattacks in 2021: Lessons Learned

Back to Blog
Cyberattacks in 2021: Lessons Learned

2021 cyberattacks

With 2021 coming to a close, let’s look back at some of the cyberattacks we’ve seen this year, and discuss what we can expect for 2022. 

The unfortunate reality is that cybercrime is only getting worse with every year that passes. By the end of September 2021, instances of data breaches surpassed all of 2020 by 17%. The financial impact of cyberattacks is following the same trajectory. The total cost of cybercrime is predicted to exceed $6 trillion

That doesn’t even begin to account for what our healthcare systems have had to deal with. As hospitals continued to battle the COVID-19 pandemic, they were also forced to combat ransomware attacks. In fact, in a recent survey, 42% of healthcare providers reported suffering from two or more ransomware attacks in the last couple of years. Another report found that cyberattacks even increased patient death rates and delayed patient care.

As the saying goes, those who don’t learn from history are doomed to repeat it. This is also true for cybersecurity. To prevent cyberattacks, we must understand how and why they are successful in the first place.

Let’s take a look at some of the most newsworthy cyberattacks and software vulnerability exposures from 2021.

BARON SAMEDIT IMPACTS VIRTUALLY EVERY SUPERCOMPUTER

In January, a severe buffer overflow vulnerability, Baron Samedit, was discovered in the sudo application by Qualys, a security auditing firm. More specifically, it was an out-of-bounds write vulnerability that would allow data to be written past the end, or the beginning, of the intended buffer. 

Part of the reason this particular vulnerability was so damaging is because of the application it lived in. Sudo gives administrators the ability to delegate limited root access to other users, requiring users to authenticate themselves before enabling sudo command capabilities. The Baron Samedit bug allowed a potential cyberattacker to bypass this authentication process and enable a low-privilege account to gain “superuser” access and execute sudo commands.

This vulnerability impacted most Unix-like operating systems (a.k.a. Linux). While Linux only runs on 2% of desktop computers, 498 out of the 500 supercomputers in the world run Linux. This means all but two contained this potentially devastating software flaw. While a patch was released rather quickly, we all know security patching is not a reliable cybersecurity defense strategy.

Dover’s CoreGuard® Heap micropolicy stops all buffer overflows in heap memory. So, on a CoreGuard-protected system, a cyberattacker attempting to exploit the Baron Samedit bug would have been stopped in real-time before any damage could be done.

Read more about Baron Samedit and how CoreGuard would have stopped it in our deep-dive, here.

TELECO COMPANIES CONTINUE TO BE A PRIME TARGET

In August, cybersecurity firm Cybereason discovered an attack that compromised five major telecommunications companies in Southeast Asia. First revealed in Cybereason’s “Deadringer” report, this attack was carried out by a Chinese-backed hacking group. They exploited software vulnerabilities in Microsoft Exchange servers to ultimately gain access to the telco’s internal systems.

While the researchers didn’t name the specific companies or countries targeted, they did warn that the attack represented the “holy grail” of cyber espionage. They also said the group behind the attack was highly sophisticated and capable of evading security measures.

Telcos have always been a prime target since they deal with massive amounts of private data. In 2018, Operation Soft Cell set the precedent for cyberattacks of this nature and was eerily similar to the one revealed in the Deadringer report. Both attacks were espionage-motivated and believed to have been orchestrated by the Chinese government. They were also both successfully executed for years before ever being discovered.

CRITICAL INFRASTRUCTURE ATTACKS WILL CONTINUE TO BE AN ISSUE IN 2022

Looking forward, one of the biggest areas of concern is cyberattacks on critical infrastructure. Similar to telcos, critical infrastructure is another major target for bad actors. We saw this play out multiple times in the news in 2021, and we can absolutely expect to see more in 2022. 

Headline-grabbing attacks, like the one on the Colonial Pipeline which temporarily affected the gasoline and jet fuel supply in the United States, and the failed attack on a Florida water treatment facility, are just a couple of examples from 2021. The threat to critical infrastructure is only expected to increase over time. In fact, in the first half of 2021 alone, vulnerabilities found in Industrial Control Systems increased by 41%. The same report described these vulnerabilities as “low hanging fruit” for cyberattackers because they are plentiful and easy to exploit.

Simply put: leaving critical infrastructure insufficiently secured against cyberattacks is creating a ticking time bomb. While some efforts are underway, including the federally-driven Industrial Control System (ICS) Cybersecurity Initiative from the Biden Administration which includes support for security measures like real-time attack detection, there are still massive gaps that must be filled to ensure the security and safety of our critical infrastructure. 

TRUE CYBERSECURITY REQUIRES DEFENSE-IN-DEPTH

To truly provide a sufficient level of protection to our embedded systems, a defense-in-depth approach is necessary. Every system needs a good security foundation with a root of trust, as well as encryption. However, because every system runs lots of complex software which is inherently flawed, this foundation is not enough. As we’ve already highlighted, most of these attacks begin with the exploitation of a software vulnerability to take control of a system.

The CoreGuard oversight system is the first and only technology to address this issue. It acts as a bodyguard to the host processor and explicitly prevents the exploitation of vulnerabilities on every layer of the software stack. As a result, it can immunize embedded systems against 93% of software vulnerabilities, including those discussed above and zero-day attacks.

To learn more about CoreGuard and how its micropolicy suite provides defense-in-depth to embedded systems, download our white paper The Cybersecurity Stack: How to Secure Embedded Systems with Defense-in-Depth.

Share This Post

More from Dover

PublishedOctober 19, 2021

You may have noticed that cyberattacks on critical infrastructure have been on the uptick in recent months. Targets have ranged from a water treatment facility in Florida, which ultimately failed, to the Colonial Pipeline, which succeeded in...

Security