The most significant event in 2021 in terms of cyber security was the discovery of a vulnerability of open-source utility software library log4j. The weak spot in the programme resembles the one exploited in the cyber attacks against SolarWinds. Hackers used the programme to install malicious updates, allowing them to potentially access information systems by companies such as Intel and Nvidia as well as the US government Homeland Security department.
"The pattern associated with this type of threat is often similar. Malicious actors exploit the work of an IT security researcher who has uncovered a vulnerability," explains Olivier Antoine, head of information security management at POST Luxembourg.
Reacting as quickly as possible to cyber attacks was outlined as the main tool to improve cyber security, says Post’s annual report for 2021. Phishing attempts are becoming more and more elaborate with the aim of deceiving the user and retrieving information, said the company. It also highlighted that more cyber attacks exploiting new vulnerabilities had been carried out in 2021, estimating an increase of 200%.
Educating employees and raising awareness are increasingly important, said Post’s report. It pointed to increased remote work in 2021 creating more vulnerabilities.
“Teleworking is a favourable context for carrying out phishing attacks," comments Régis Jeandin, head of CyberDefense at Post. “At home, where the boundaries between the professional and the private sphere are blurred, vigilance against threats tends to fade.”
Telecommunications networks have also been increasingly targeted. Post implemented advanced detection tools to identify non-compliant uses of SIM cards, for example, SIM cards used to launch a phishing attack on other users.