Best of Cybersecurity in 2021

Ransomware Breakthrough

• The FBI, French National Gendarmerie, and Ukrainian National Police, in coordination with INTERPOL and Europol, nabbed two ransomware operators responsible for exorbitant ransom demands between $5 million and $80 million. 
• French authorities arrested a suspect for reportedly laundering more than $21 million in ransom payments. 
• Ukrainian police caught a group of hackers who allegedly extorted money from foreign businesses, especially in South Korea and the U.S. The authorities claimed that the hackers were affiliated with the Cl0p ransomware group. 
• We are aware of the debilitating attack on Colonial Pipeline by DarkSide. However, the FBI was able to seize approximately $2.3 million in ransom paid to the threat actor. Moreover, the threat actor has been offline since this attack. 
• The Romanian and South Korean police arrested five hackers, allegedly belonging to the REvil group. In addition to that, U.S. officials apprehended two Ukrainian and Russian nationals for their involvement in REvil attacks.

Governments and Federal Agencies Take Steps

• The year started with the White House revealing a National Maritime Cybersecurity Plan that contains guidelines for threat information sharing, building a cybersecurity workforce, and setting up a risk framework for OT in ports. 
• The U.S. Senate passed the National Defense Authorization Act (NDAA), which is a $768 billion annual defense spending bill loaded with provisions for cybersecurity. 
• The CISA released the Binding Operational Directive (BOD) that necessitates federal agencies to patch known vulnerabilities. 
• In addition to that, the CISA released playbooks comprising standardized response approaches to deal with cyber incidents and vulnerabilities.
• Following the attack on Colonial Pipeline, President Biden had approved an executive order, imposing stringent standards on the cybersecurity of all software sold to the federal government. The executive order focuses on information sharing and collective defense to deal with potential attack vectors and adversaries. 
• The Biden administration brought together 30 nations and implored the private sector—managing most of the critical infrastructure—to upgrade its cybersecurity defenses to tackle ransomware threats. 
• Along the same lines, the U.S. Department of Treasury announced a series of actions to be taken to dismantle criminal networks and crypto exchanges offering ransom laundering services, drive resilient cybersecurity across the private sector, and encourage ransomware payments and incident reporting to law enforcement and government agencies.

AI/ML Technologies Come Forth

• Researchers from the University of Plymouth and the University of Portsmouth published a paper stating that machine learning models combined with neural networks and binary visualization can help improve the accuracy and speed of detecting phishing websites. 
• Penn State researchers designed a way to make encrypted keys harder to crack through AI and ML models. The device is called a Physically Unclonable Function (PUF) and uses graphene for a low-power, scalable, and reconfigurable device model with crucial resistance to AI-based attacks. 
• U.S. Army researchers developed a deepfake detection approach that will enable the creation of top-notch soldier technology. The method has been named DefakeHop and is based on ML, computer vision, and signal analysis. 

Open-Source Software Security 

• Google and the Open Source Security Foundation developed a new open-source software program dubbed Scorecards. Scorecards is an automated security tool that can display a risk score for open-source software.
• In February, the tech giant launched Open Source Vulnerabilities (OSV), which serves as a vulnerability database and triage infrastructure for open-source software. 
• Building on the same OSV platform, in combination with the OSS-Fuzz vulnerability dataset, Google rolled out a vulnerability interchange schema that would define vulnerabilities in open-source ecosystems. 
• Facebook unveiled an open-source tool, dubbed Mariana Trench, to detect bugs in Android and Java apps.   
• Cyware developed Cyware Threat Response Docker to enhance the security orchestration process for analysts. It is a lightweight Docker image containing state-of-the-art tools that assist analysts in effectively analyzing data by concatenating several tools in one place and can be installed within 100 seconds.    
• The MITRE Cyber Analytics Repository (CAR) is another open-source project that supports both blue and purple teams. It is a knowledge repository for analytics based on the MITRE ATT&CK model. MITRE CAR provides detection mechanisms for multiple techniques, tactics, and procedures used by bad actors.

Malware Infrastructure Dismantled

• Recently, Google dismantled the Glupteba botnet that was active since at least 2011. 
• Microsoft seized 42 malicious domains used by the Chinese threat actor Nickel. 
• Facebook disrupted SideCopy, a Pakistani hacking group, which used the social media platform to target Afghan government officials and other Afghan users. 
• Although Emotet was recently revived, one of the best news of the year was when Emotet’s infrastructure was taken down by Europol and Eurojust. It took the malware 10 months to make a comeback. 

Dark Web Marketplaces Taken Down

• The U.S., in collaboration with the Netherlands, Germany, and Romania, took down the infrastructure of the online marketplace Slilpp. The marketplace used to sell stolen online account login credentials. 
• In the same vein, French authorities took apart another dark web marketplace, named Le Monde Parallèle. 
• In another international operation, the U.S., Germany, Denmark, Australia, Ukraine, Moldova, and the U.K tore down DarkMarket, the world’s largest illegal dark web marketplace. Following this action, a ten-month investigation was conducted, which led to the arrest of 150 drug buyers and vendors. 
• The operators of another dark web marketplace, White House Market, closed shops after two years of operation. While the site mainly advertised illegal products, it was mainly infamous for its narcotics section, where most vendors belonged from Europe.

Other Notable Mentions

• CSIRO’s Data61, the digital specialist arm of Australia’s national science agency, the NSW Government, and the Australian Computer Society (ACS), among other groups developed a privacy tool—Personal Information Factor (PIF)—that assesses the risks to an individual’s data within any dataset, allowing targeted and effective protection mechanisms to be put in place.
• Purdue researchers designed a self-aware algorithm that can protect electric grids, nuclear power facilities, and manufacturing plants against hacking attempts. This model sends one-time signals to each component and converts them into active monitoring systems.
• A team of researchers at U.K's Liverpool Hope University designed an external scanning device that acts as a gateway or barrier between a USB drive and a computer to scan for malicious software, reducing the risks of malicious drives infecting a system.
• A new kind of optical fiber filled with thin air was discovered to be effective for performing Quantum Key Distribution (QKD) - a security protocol that, in theory, cannot be hacked and, hence, can play a major role in protecting sensitive data against advanced cyberattacks. 
• Computer scientists from Columbia Engineering created a system, namely Easy Secure Photos, which encrypts photos in the cloud so that attackers cannot decipher them.

In Conclusion