This report reflects on three important topics – ransomware, software supply chain security and spyware – that help to see the larger picture and allow us to prepare better for the future regarding cybersecurity. 2021 was an exciting year from a cybersecurity and cyber defence perspective. After dealing with the Solarwinds breach at the beginning of the year, the world experienced a series of serious ransomware incidents, in some cases causing disturbances to essential services. We also saw governments expressing their commitment to protecting critical services and to responding forcefully to nations carrying out malicious cyber operations or allowing criminals to do so.
Malicious cyber activity has grown substantially over the past two years while the world has been learning how to keep turning with the omnipresent pandemic. One particular malware category, ransomware, made headlines frequently in 2021, partly because the operations were increasingly targeting high-value targets.
The concerns and confusion over the security of the software supply chain triggered by the Solarwinds incident in December 2020 expanded in 2021. A number of investigations, analyses and follow-up measures related to the incident have been made but the effects were still being felt in May, six months after it first became public, when the US CISA released detailed guidance on how to evict Solarwinds-related malicious code, recommending blocking internet access for three to five days.
Over the last year, off-the-shelf spyware has made its way onto the communication devices of journalists, political leaders activists and it has also been a topic in the news. Even though the pace at which it has evolved on the desks of regulators has been slower, both the EU and US are tightening export controls to kerb the misuse and propagation of spyware. The revelations and developments of 2021 once again show that spyware is a concern for cybersecurity as much as it is for privacy.
This recurring report is the collaborative view of NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) researchers highlighting the potential effects of current events and developments in cyberspace on armed forces, national security and critical infrastructure, based on publicly available information. It does not set out to be exhaustive.
While the authors have made every effort to describe events from a perspective relevant to NATO and partner nations, there may be national and regional differences which this paper does not address. The authors of this paper are independent researchers at the NATO CCDCOE; they do not represent NATO, nor does this paper reflect NATO’s position. The aim of the paper is not to replace information about vulnerabilities and incidents provided by CSIRTs and providers of CIS products and services.