Our most-read cyber stories of 2021

It's no surprise that cybersecurity was a major topic in 2021. Ransomware attacks brought down a key pipeline in the US, crippled one of the world's largest meat processors, overwhelmed hospitals as they struggled to deal with COVID-19 outbreaks, and were even blamed for a cream cheese shortage. Vulnerabilities led to the compromise of Microsoft Exchange servers earlier in the year, which was linked to a Chinese state-sponsored group, as well as IT services provider Kaseya in July and, more recently, a wide swath of products that use the Log4j library. And companies continue to struggle with data breaches, which some estimates say reached record levels in 2021. Here are some of our most-read stories during a news-filled year:

FBI document shows what data can be obtained from encrypted messaging apps

An FBI training document obtained in November by by Property of the People, a US nonprofit dedicated to government transparency, showed that US law enforcement can gain limited access to the content of encrypted messages from secure messaging services like iMessage, Line, and WhatsApp, but not to messages sent via Signal, Telegram, Threema, Viber, WeChat, or Wickr.

Log4j zero-day gets security fix just as scans for vulnerable systems ramp up

The recent discovery of the Log4Shell vulnerability put cybersecurity teams on high alert, partly due to the severity of the bug and because Log4j is widely used in almost all major Java-based enterprise apps and servers. Earlier this month the Apache Software Foundation released an emergency security update to patch the vulnerability.

‘I scrounged through the trash heaps… now I’m a millionaire:’ An interview with REvil’s Unknown

In March, Recorded Future threat intelligence analyst Dmitry Smilyanets talked to “Unknown,” a representative of the highly active ransomware group REvil. The group had already attracted some attention for stunts including trying to extort then-President Donald Trump, but their notoriety would soar later in 2021 when they were tied to attacks on the meat processing giant JBS and the software firm Kaseya. Shortly afterward, the group’s websites and infrastructure vanished from the internet.

Twitch source code and business data leaked on 4chan

In October, an unknown individual leaked the source code and business data of video streaming platform Twitch on the 4chan discussion board. The leaker said they shared the data as a response to recent “hate raids”—coordinated bot attacks posting hateful and abusive content in Twitch chats—that plagued the platform’s top streamers over the summer.

NSA review finds that Tucker Carlson’s communications were not targeted

In June, Fox News host Tucker Carlson accused the NSA of spying on his electronic communications and planning to leak them in an attempt to take his show off the air. The claims sent a ripple of fear among convservative groups, despite the agency’s denial. In a July scoop, The Record reported that an NSA internal examination found no evidence to support the accusations. Instead, Carlson was mentioned in communications between third parties and his name was subsequently revealed through “unmasking,” a process in which relevant government officials can request the identities of American citizens in intelligence reports to be divulged provided there is an official reason.