Cyber world rocked by attacks

It was a tumultuous year in cybersecurity, which saw both the private sector and government increasingly pummeled by attacks that forced both the Biden administration and Congress to take steps to strengthen the nation’s cybersecurity against both nation states and cybercriminals.

Microsoft breach: The impact of the SolarWinds hack, discovered late in 2020 to have allowed Russian government-backed hackers to compromise nine U.S. government agencies, was dying down when Chinese hackers began exploiting vulnerabilities in Microsoft’s Exchange Server. Microsoft acknowledged the breach in March.

The vulnerabilities left thousands of organizations exposed and led to the United States and other allied nations formally blaming China for exploiting the vulnerabilities.

This was the second time that the Biden administration stepped in during 2021 to formally pin the blame on another nation for a cyberattack, with President Biden levying sanctions on Russia in April in retaliation for both the SolarWinds hack and election interference.

More hacks, more action: Beyond nation state interference, ransomware attacks rose to the forefront of concerns in 2021. An attack in May on Colonial Pipeline, which provides 45 percent of the East Coast’s fuel, preceded temporary gas shortages. Later, ransomware attacks on meat producer JBS USA and IT company Kaseya also served to endanger critical organizations and supply chains.

Biden signed an executive order to strengthen the federal government’s cybersecurity in the week after the discovery of the Colonial Pipeline hack, and Congress took up legislation to require companies to report cyber incidents. This bipartisan legislation is still awaiting passage.