The threats posed by for-profit and state-sponsored cybercrime exploded in 2021 as ransomware attacks and cyber-espionage incidents reached record levels. New leadership within the Department of Homeland Security (DHS) subdivision, the Cybersecurity and Infrastructure Security Agency (CISA), struggled to answer the call against threats posed by countries including China, Russia, Iran and North Korea.
One theme that defined 2021 was a defensive posture that resulted in American businesses and governmental agencies consistently playing catch-up in the cybersphere.
There were too many major incidents this year to list them all, but here some of the most notable cybersecurity events of 2021.
- January: There were many questions raised regarding the security of the 2020 presidential election, particularly on the GOP side. As a result of former CISA Director Christopher Krebs’ endorsement of a November 17th Joint statement from the Elections Infrastructure Government Coordinating Council and the Election Infrastructure Sector Coordinating Executive Committees that claimed, “The November 3rd election was the most secure in American history,” Krebs would be fired by former President Donald Trump. Despite the very public and embarrassing dismissal, in January of this year, Krebs was hired as a consultant by SolarWinds, which was the victim of what many experts refer to as most wide-ranging cyberattack in history.
- February: In February, DHS Director Alejandro Mayorkas announces a number of new initiatives related to American cybersecurity. Among these are a plan to increase funding for cybersecurity through Federal Emergency Management Agency (FEMA) grants and “The Reduce the Risk of Ransomware Campaign.”
- March: The Microsoft Exchange Server attack, a breach that affected more than 30,000 organizations across the United States, is carried out by the Chinese Advanced Persistent Threat Group Hafnium. The US and our European allies would offer China threats of sanctions as a result.
- April: While most people heard the news of the hacking attack against Colonial Pipeline by Russia’s DarkSide Ransomware Gang in May, the attack was actually initiated in late April of 2021. As a result of this heinous crime, the 5,500-mile pipeline responsible for providing 45% of the east coast’s fuel supply was shut down. DarkSide also struck Brenntag, a chemical distribution company. This attack netted DarkSide 150 GB of data and a ransom payout of $4.4 million.
- May: JBS Foods, a major US beef supplier, is targeted by the Russian-based REvil Ransomware Gang. This hack resulted in one of the largest ransom payments in history, with the hackers receiving $11 million from their victim.
- June: In early June, the CEO of Colonial Pipeline, Joseph Blount, was called before Congress to testify regarding the DarkSide hack. Many observers wanted to figure out whether Colonial had violated the 2020 Office of Foreign Assets Control (OFAC) advisory outlining severe penalties for American entities found to have issued ransom payouts to individuals or groups under U.S. sanctions.
- July: REvil hacks IT infrastructure provider Kaseya. The hackers gained access to both Kaseya’s clients as well as their client’s customers via a fake software update. REvil took credit for the encryption of up to one million systems and demanded $70 million in bitcoin.
- August: The Joint Cyber Defense Collaborative is unveiled by new CISA Director Jen Easterly at the Black Hat cybersecurity conference on August 5th. The initiative will see “Big-Tech” companies like Google, Amazon and Microsoft, join the federal government’s efforts to protect critical infrastructure and other valuable targets.
- September: Government agencies in South Africa and New Zealand are hit with attacks as the South African Department of Justice and Constitutional Development website are knocked offline by ransomware, while New Zealand’s postal service website and largest banks suffer a DDoS attack on September 7. Labor Day in America sees Howard University victimized in an attack that disrupts online classes for almost a week.
- October: An October 24 blog post from Microsoft claims that Nobelium, the group behind the SolarWinds attack, spent three months hacking companies that resell Microsoft cloud services. Just in time for Halloween season, candy maker Ferrara is victimized by a ransomware attack that forces a temporary shutdown in operations.
- November: Foreign hackers breach nine entities in the defense, energy, health care, technology and education sectors according to security firm Palo Alto Networks.
- December: Thanks to the historic Abraham Accords which were brokered by the Trump administration, the United Arab Emirates and Israel establish agreements on defense and cyber intelligence. The Log4j vulnerability, which is linked to a utility running on many commonly used software applications is discovered. The vulnerability may potentially impact hundreds of millions of devices.
DHS and CISA under Biden has its work cut out for it in 2022 as America’s enemies attempt to level the playing field militaristically via cyberattacks. With state-sponsored groups penetrating deeper into all sectors of industry and the American economy, it’s only a matter of time before news of the next major cyberattack breaks.
Julio Rivera is a small business consultant, political activist, writer, and Editorial Director for Reactionary Times. He has been a regular contributor to Newsmax since 2016. His commentary has also appeared in The Hill, The Washington Times, LifeZette, The Washington Examiner, American Thinker, The Toronto Sun, PJ Media and more. Read Julio Rivera's Reports — More Here.
© 2025 Newsmax. All rights reserved.