2021 was an interesting year for all of us working in IT security. It wasn’t just the spike in supply chain attacks, most notably SolarWinds and Kasaya. It wasn’t just the waves of vulnerabilities leading to privileged access and remote code execution (RCE) in Microsoft Exchange, in printer drivers, externally exposed remote desktop protocol (RDP), and, of course, in OSS projects like Log4J.

On Tuesday, February 8, 2022, SAP patched a critical memory corruption vulnerability (CVE-2022-22536) in the SAP Internet Communication Manager (ICM) component that could lead to full system takeover without authentication or user interaction. The ICM component is present in most SAP products and is an important component in SAP NetWeaver application servers.

On February 9, the U.S. Securities and Exchange Commission (SEC) issued proposed rules regarding cybersecurity risk management for investment advisers, registered investment companies, and business development companies. It's no surprise that the SEC is taking a more active role in this, given their continued interest in cybersecurity issues and high-profile ransomware attacks.

-On February 23, 2022, multiple security vendors with a business presence in Ukraine identified a new wiper malware primarily impacting Ukrainian organizations in at least the aviation, defense, financial, and IT services industries. In at least one intrusion, Symantec observed the wiper malware impact devices in Lithuania. -Researchers identified HermeticWiper shortly after a DDoS attack targeted Ukrainian websites earlier that day.

There is already a well-documented history of cyber attacks targeting organizations in Ukraine - including the attack attributed to members of the Russian military intelligence group GRU - NotPetya. This threat actor has previously conducted attacks known as NotPetya, BlackEnergy, and has targeted high-profile events such as the Olympics, as well as perpetrated destructive attacks against Georgia.

By now it’s become clear—hybrid and remote work are here to stay. This goes for employees in the government sector as much as it does for those in other industries. Along with increased flexibility, however, comes increased attack surfaces for security professionals to defend.

Late last year, The Canadian Center for Cyber Security published an in-depth threat bulletin declaring it had knowledge of 235 ransomware incidents against Canadian victims from in 2021, with more than half of these victims being critical infrastructure providers. The report also explains that most ransomware events remain unreported to the Center, and—based on past findings—once targeted, ransomware victims are often attacked multiple times.

2021 broke new ground in terms of cybersecurity, and much was ground just as well left unbroken. With no indication that ransomware, data breaches, and assorted malware will go away soon, the new year is a time for organizations to get a fresh start and really fortify themselves against a widening field of threats. One month in, we've already seen a disturbing array of attacks, from those on political targets to distressing new malware to a breach of exceptional sensitive information.

2021 was another record-breaking year for cyber attacks, with reports of massive breaches and huge ransomware demands dominating headlines. It’s a trend that does not seem to be slowing any time soon, either. Currently, there are thousands of vendors in the market, with over $130 billion spent annually on defense and yet, the number of breaches continues to rise. Arctic Wolf's 2021 Data Breaches in Review counts down the most noteworthy, high-profile, and damaging data cybercrimes of the year.

When our customers begin their security journey with Arctic Wolf, our Concierge Delivery Model benchmarks their security programs against the NIST Cybersecurity Framework. The NIST framework spans five functions (Identify, Protect, Detect, Respond, Recover), and offers guidelines and best practices for organizations to better manage, reduce, and ultimately end cyber risk.