AXEL.org

coronavirus

2021 Cybersecurity Year in Review

Throughout 2021, cybersecurity incidents have grabbed headlines across the world. Although the topic may not have been at the forefront of most people’s minds in 2021, cybersecurity has greatly affected everyone’s life in some way. From vicious cyberattacks to genuine progress on user privacy, cybersecurity has undoubtedly had a long, eventful year. And although exciting progress has been made in some areas of cybersecurity, cybercrime and other online attacks will, unfortunately, continue into 2022 and beyond.

2021 has been a long year for many, particularly for cybersecurity experts. Here are all the ways cybersecurity has changed for the better (and worse) throughout the past year.

COVID Phishing

Near the beginning of 2021, COVID-19 vaccinations became readily available to people in the United States. While this helped minimize the negative effects of the pandemic, it also offered a new opportunity for scammers. As businesses and governments began to mandate COVID vaccinations, cybercriminals responded by creating phishing emails that disguised themselves as genuine business emails [1]. From fake vaccine-record upload sites to emails from phony public health organizations, scammers used the uncertainty and anxiety of COVID to make a quick buck off of unsuspecting people.

Unfortunately, phishing emails aren’t the trick cybercriminals are using. COVID scams are coming from all angles, including texts, social media posts, and robocalls. In fact, the Federal Trade Commission (FTC) has logged over 600,000 complaints in 2021 regarding COVID-related scams. In all, these scams have cost consumers over USD $600 million [2]. And with COVID remaining in the public spotlight into 2022, these scams are likely to continue. With this in mind, it’s important to brush up on cybersecurity tips. Check out AXEL’s blog, The History of Internet Spam, to learn how to protect yourself from phishing emails, social media spam, and more.

Colonial Pipeline Attack

In May, the Colonial Pipeline, an oil pipeline that supplies much of the gasoline to the Southeastern United States, was struck by a ransomware attack. Interestingly, the cybercriminals attacked the pipeline’s billing system, rather than its operational systems [3]. Because of this, Colonial itself shut down its own pipeline, as the company would have been unable to bill customers with the ransomware. Soon after the sheer scale of the attack was realized, Colonial Pipeline paid the nearly USD $5 million ransom.

While Colonial Pipeline quickly paid the ransom, the negative consequences of the attack were felt by consumers for weeks. States from New Jersey to Texas faced severe gas shortages, causing price jumps and panic buying [4]. In all, the Colonial Pipeline attack affected millions of consumers, and caused a severe breach of trust in Colonial Pipeline. Undoubtedly, 2021’s most memorable cyberattack was a doozy.

Ransomware is Evolving

When thinking of ransomware, many people picture a single offender, causing digital chaos while hunkered in a dark basement. However, this stereotype of modern cybercriminals is far from the truth. In 2021, ransomware groups are practically businesses, regularly recruiting new hackers to join criminal enterprises. Nowadays, just a handful of organizations are the perpetrators of most ransomware attacks [5]. And these shady organizations have ransomware down to a science.

Some ransomware organizations even offer customer service help desks to help victims pay the ransom and receive the decryption key. This is possible because of skyrocketing ransom demands. In fact, the average ransom payment was over USD $310,000 last year [5]. But because there’s little action that can be taken after being struck with ransomware, businesses and firms are usually forced to pay the extraordinary cost. In 2021, cyberattacks aren’t just individuals wreaking havoc; they’re carried out by well-funded, well-organized criminal syndicates. That’s why it’s vital to stay up to date on the latest strategies to protect yourself, your business, or your firm.

Crackdowns on Russian Cybercrime

One of the most notorious ransomware organizations is REvil, a Russian-based cybercrime syndicate responsible for many of the most expensive ransomware attacks. REvil had a successful first half of 2021, attacking JBS Foods and extracting USD $11 million from the meat-processing giant [6]. However, following this attack, REvil finally began to face crackdowns from law enforcement.

In September, the FBI hacked into REvil’s servers, obtaining a universal decryption key. Even worse for the group, the FBI remained hidden even after gaining access to REvil’s information, giving law enforcement more time to prowl around the servers of the shadowy criminal enterprise [7]. With this information, the United States Department of Justice coordinated arrests against two alleged REvil members, along with retrieving USD $6 million in cryptocurrency from the group [8]. This action greatly impaired REvil’s work, highlighting the strategies law enforcement can take in the future to shut down similar criminal organizations.

The Rise of Multi-Factor Authentication

Whenever you log in to Google, Facebook, or nearly any other secure website, a password simply isn’t enough anymore. Multi-Factor Authentication (MFA) has become the norm among most sites, requiring anything from text authentication to security questions to successfully log in. While this can be a headache for some users, it undoubtedly prevents countless cyberattacks each year. After all, passwords just aren’t the same as they used to be.

In fact, Microsoft is even allowing users to simply not have passwords. Instead, the company offers a mixture of authenticators including security keys, SMS verification, and email verification [9]. While the traditional password is unlikely to go away soon, the pivot to MFA highlights the extra security measures that companies are taking to protect users (and themselves). MFA is one of the cheapest, easiest, and quickest ways to protect user privacy, and its widespread adoption is a positive step toward a more secure digital future.

What to Expect in 2022

While there have been both positive and negative developments for cybersecurity in 2021, the problems that have plagued individuals and businesses are likely to continue into 2022. Ransomware isn’t going away any time soon, even with the crackdown on REvil. Phishing emails will remain, and will simply take advantage of other current events to harm individuals. Finally, MFA will remain widespread, and will hopefully lead businesses to take even more precautions against cybercrime. In 2022, cybersecurity will remain a vital issue for businesses and individuals alike. However, if appropriate precautions are taken by all, we can make 2022 a disastrous year for cybercriminals.

About AXEL

In today’s chaotic Digital Age, hacks, data breaches and ransomware attacks are an everyday occurrence. That’s why data security and user privacy remain as important as ever. At AXEL we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses 256-bit encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] Hunter, Tatum. “That Email Asking for Proof of Vaccination Might Be a Phishing Scam.” The Washington Post. WP Company, September 24, 2021. https://www.washingtonpost.com/technology/2021/08/24/covid-vaccine-proof-scam-email/

[2] Waggoner, John, and Andy Markowitz. “Coronavirus Scams – Beware Fake Claims, Phony Websites.” AARP, December 6, 2021. https://www.aarp.org/money/scams-fraud/info-2020/coronavirus.html

[3] Bertrand, Natasha, Evan Perez, Zachary Cohen, Geneva Sands, and Josh Campbell. “Colonial Pipeline Did Pay Ransom to Hackers, Sources Now Say.” CNN. Cable News Network, May 13, 2021. https://edition.cnn.com/2021/05/12/politics/colonial-pipeline-ransomware-payment/index.html

[4] Bair, Jeffrey, and Javier Blas. “Petrol Shortages Sweep Us as Colonial Pipeline Remains Down.” Oil and Gas News | Al Jazeera. Al Jazeera, May 11, 2021. https://www.aljazeera.com/economy/2021/5/11/petrol-shortages-sweep-us-as-colonial-pipeline-remains-down

[5] Bajak, Frank. “Ransomware, Explained: How the Gangs That Shut down Colonial Pipeline, JBS USA Operate.” USA Today. Gannett Satellite Information Network, June 3, 2021. https://www.usatoday.com/story/tech/2021/06/03/how-does-ransomware-work-colonial-pipeline-jbs-usa-attacks-explainer/7520704002/

[6] Montalbano, Elizabeth. “JBS Paid $11m to Revil Gang Even after Restoring Operations.” Threatpost English, June 10, 2021. https://threatpost.com/jbs-paid-11m/166767/

[7] De Chant, Tim. “FBI, Others Crush Revil Using Ransomware Gang’s Favorite Tactic against It.” Ars Technica, October 22, 2021. https://arstechnica.com/tech-policy/2021/10/fbi-others-crush-revil-using-ransomware-gangs-favorite-tactic-against-it/

[8] “Revil: Day of Reckoning for Notorious Cyber Gang.” BBC News. BBC, November 8, 2021. https://www.bbc.com/news/technology-59215167

[9] Warren, Tom. “Microsoft Accounts Can Now Go Fully Passwordless.” The Verge. The Verge, September 15, 2021. https://www.theverge.com/2021/9/15/22675175/microsoft-account-passwordless-no-password-security-feature

INTERVIEW: How COVID Changed the Courtroom (and the Future of Law)

When COVID-19 struck the United States in January of 2020, every industry in the United States (and, really, the world) was shaken. It forced everything from mom-and-pop restaurants to the largest law firms to send employees home, left to their own devices to figure out how to run a business from miles away. This problem was particularly evident for those in the legal industry. As the pandemic continued into April, firms began to take drastic measures in response to decreased demand for legal services. Many law firms opted for pay cuts, in an attempt to save as many jobs as possible. However, some firms were still forced to lay off paralegals, attorneys, and other legal professionals[1].

While the demand for legal services subsided at the beginning of the pandemic, there was no decrease in the need for legal services[1]. After all, the pandemic provided a bevy of new legal questions that attorneys and clients alike had to ponder. So, while people weren’t speaking with lawyers during the height of the COVID-19 pandemic, a backlog of people needing legal help was growing quickly. Although business was down during the height of the pandemic, two attorneys, Nancy Rapoport and Joe Tiano Jr. predicted that the pandemic would only cause temporary struggles for the legal industry, while also forcing old-school firms to innovate.

Nancy is the Garman Turner Gordon Professor of Law at the William S. Boyd School of Law, University of Nevada, Las Vegas (UNLV), and Joe is a former lawyer turned businessman who founded Legal Decoder, a legal tech software that optimizes efficiency and pricing uncertainty. Together, they authored The Legal Industry’s Second Chance to Get it Right, which foresaw the legal industry’s comeback in February 2021, and they offered their insight on the future of law in an exclusive interview with AXEL. 

How COVID Changed the Courtroom

“All of the stuff that we thought we knew about the practice of law has been wrong,” Rapoport says. Regarding the pandemic, she says, “it gave us a chance to rethink what a law practice should be.” While nearly every industry had to learn new things like Zoom meetings at the beginning of the pandemic, legal professionals faced unique challenges.

“The inability to read a witness’s or deponent’s body language … Doing it over Zoom is a challenge,” Tiano said. “You can’t read body language. It’s kind of hard to see inflections … It had to be an enormous hurdle for any lawyers who’ve been practicing the same way for decades.”

In addition to these remote depositions, the COVID-19 pandemic introduced new ethical dilemmas for legal professionals as well.

“There are now cases saying ‘Lawyers, stop texting your clients’ answers.'” says Rapoport. She describes a case where attorneys would communicate with witnesses during testimony through email, an impossible task to pull off in a physical courtroom. “No one does that because it’s unethical, but now we have to come up with all of these new ways of dealing with court and mediations, bringing people into separate rooms, dealing with witnesses.”

The Legal Industry’s New Challenges

Even before COVID-19, some observers predicted a radical change in how firms charge their clients[2]. For years, law firms big and small have used the “Billable Hour” model, a simple formula where a firm charges the client a certain cost per hour. Put simply, “[the billable hour] is the economic model upon which a law firm operates,” Tiano says.

After the pandemic hit and the demand for legal services dropped, many predicted that this radical change would finally occur. However, the industry-wide shift to alternative pricing agreements never came, even with the massively decreased demand for legal services at the beginning of the pandemic. But why didn’t alternative pricing become the norm, especially in a time as volatile and tumultuous as the pandemic? As Rapoport humorously puts it, “the billable hour is easy for lawyers because we’re not good at math.”

But just because it’s the most common pricing agreement doesn’t mean it’s the most efficient. “If we used data and we figured out other ways to value delivery of services, we’d all be better off,” Rapoport says. “[The billable hour model] encourages piling on of work, and it encourages slow work, neither of which a good lawyer should want to do. But if that’s the reward system, it’s very hard to break away from that. I would love to see people use data better, to rethink how they adjust the value to clients.” As Tiano succinctly puts it, “there’s a fallacy that every hour is equal in value.”

In addition to the continued use of the billable hour, law firms also face new challenges related to the rise of at-home work. “One of our biggest worries is how the newest professionals are going to get trained and socialized,” Rapoport says. A common problem among many offices since the pandemic, the lack of socialization for new employees can affect everything from office camaraderie to firm loyalty. And with at-home work becoming more and more normalized, these anxieties that firms and businesses face are unlikely to go away any time soon.

Finally, as the pandemic wanes and legal demand increases, law firms face a unique problem: “One of the biggest challenges that firms are having today is keeping their personnel, because they have too much work,” Tiano says. Although the legal industry started to bounce back when COVID vaccines became readily available, the industry soon came across new problems. The sheer amount of work has caused firms to lose personnel, risking the continuation of the legal industry’s comeback after COVID-19.

Legal Tech: Tool or Replacement?

Rapoport and Tiano see the benefits of legal software as complementary, but are skeptical about the technology replacing skilled lawyers regarding the ever-growing legal tech industry. As Rapoport says, “there are some things that computers are better at than lawyers … They can do things all day long in nanoseconds.” There is no shame in using the tools available to lawyers, especially if it helps increase efficiency. However, Rapoport warns that “if we’re not careful about how we use technology, we’re going to create a generation of untrained professionals who will become senior without knowing how to do things.”

“We’ve got to make sure technology augments what lawyers do, rather than replacing the skills that lawyers uniquely bring to the table,” Tiano says. “It’s very difficult to counsel a client from a legal, psychological perspective if you’re a piece of software.”

However, just because Rapoport and Tiano see legal tech as a complementary tool for quality attorneys does not mean that technology won’t replace second-rate lawyers. Rapoport warns: “For lawyers who are good counselors, there’s no software in the world that replaces that. For lawyers that fill in the blanks, their days are numbered.”

The Future of Law

Legal tech is unlikely to replace every lawyer any time soon. As Tiano says, “I don’t see technology replacing lawyers. I see it amplifying what lawyers can do and supplementing their processes.” But just because your next traffic court lawyer is unlikely to be a software program doesn’t mean legal tech can’t help lawyers increase efficiency. Legal tech saves firms and clients both time and money. It’s a valuable tool that, when used correctly, can help clients and firms in a myriad of ways.

[1] Wittenberg, Daniel. “The Pandemic’s Dramatic Effect on the Business of Law.” Americanbar.org. American Bar Association, October 28, 2020. https://www.americanbar.org/groups/litigation/publications/litigation-news/business-litigation/the-pandemics-dramatic-effect-the-business-law/

[2] Ambrogi, Bob. “Guest Post: Beating the Alternative – Why the Billable Hour Is the Truest Representation of Cost.” LawSites, August 25, 2021. https://www.lawsitesblog.com/2021/08/guest-post-beating-the-alternative-why-the-billable-hour-is-the-truest-representation-of-cost.html