Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
https://pentestmag.com/threats-to-digital-identity-from-within/
Tomi Engdahl says:
https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
Tomi Engdahl says:
https://cybernews.com/editorial/the-worlds-most-dangerous-state-sponsored-hacker-groups/
Cozy Bear (APT29)
Lazarus Group (APT38)
Double Dragon (APT41)
Fancy Bear (APT28)
Helix Kitten (APT34)
Tomi Engdahl says:
https://buywapsite.com/index.php/2021/02/21/network-security/
Hardware hacking tool kit 2021
https://buywapsite.com/index.php/category/hardware-hacking-tool-kit-2021/
Tomi Engdahl says:
Here’s What the Big Tech Companies Know About You
https://www.visualcapitalist.com/heres-what-the-big-tech-companies-know-about-you/
The novelty of the internet platform boom has mostly worn off.
Now that companies like Facebook, Amazon, and Alphabet are among the world’s most valued companies, people are starting to hold them more accountable for the impact of their actions on the real world.
From the Cambridge Analytica scandal to the transparency of Apple’s supply chain, it’s clear that big tech companies are under higher scrutiny. Unsurprisingly, much of this concern stems around one key currency that tech companies leverage for their own profitability: personal data.
Tomi Engdahl says:
8 Google Drive Settings You Should Change Right Now
BY JOE KEELEY
UPDATED SEP 17, 2020
https://www.makeuseof.com/tag/google-drive-settings-change/
You might not be getting the most out of Google Drive. Change these defaults and become a more efficient user. These Google Drive settings could save you hours of your time.
Tomi Engdahl says:
Think you’ve spotted a deepfake? This tool allows you to know for sure
https://cybernews.com/news/think-youve-spotted-a-deepfake-this-tool-allows-you-to-know-for-sure/
Tomi Engdahl says:
https://reclaimyourface.eu/
Tomi Engdahl says:
watching the watchers
https://coveillance.org/
Tomi Engdahl says:
World’s Greatest Hacker on Taking Over a Cellphone | Airplane etc
https://www.youtube.com/watch?v=Y-tu0rxpZNM&feature=youtu.be
Tomi Engdahl says:
Running a fake power plant on the internet for a month
https://grimminck.medium.com/running-a-fake-power-plant-on-the-internet-for-a-month-4a624f685aaa
People think of the internet as a host for services like banking websites, blogs and social networks. However, this is only a small part of everything connected. The internet is home to a big range of IoT systems and machines as well. These vary from simple “smart” light switches, to machinery used in industrial plants.
Tomi Engdahl says:
https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt
Tomi Engdahl says:
The Ultimate OSCP Preparation Guide, 2021
https://johnjhacking.com/blog/the-oscp-preperation-guide-2020/
Tomi Engdahl says:
How to Clean Your Windows Computer: The Ultimate Checklist
BY DAN PRICE
UPDATED OCT 08, 2020
https://www.makeuseof.com/tag/clean-windows-ultimate-checklist/
Spending some time cleaning up Windows can yield vast performance improvements. Here’s the ultimate checklist for cleaning your Windows computer.
Tomi Engdahl says:
12 Unnecessary Windows Programs and Apps You Should Uninstall
BY BEN STEGNER
PUBLISHED DEC 09, 2019
https://www.makeuseof.com/tag/10-windows-programs-uninstall/
Wondering which Windows 10 apps to uninstall? Here are several unnecessary Windows 10 apps and programs you should remove.
Tomi Engdahl says:
https://pentestmag.com/a-social-media-enumeration-correlation-tool-by-jacob-wilkin-greenwolf/
Tomi Engdahl says:
6 Ways to Find All Accounts Linked to Your Email Address or Phone Number
BY SHUBHAM AGARWAL
PUBLISHED DEC 10, 2019
https://www.makeuseof.com/tag/find-all-accounts-linked-to-email-address/
Find all accounts linked to the email address or your phone with these methods and ensure your data does not get misused online.
Tomi Engdahl says:
What’s CNAME of your game? This DNS-based tracking defies your browser privacy defenses
Study sees increasing adoption of cloaking to bypass cookie barriers
https://www.theregister.com/2021/02/24/dns_cname_tracking/
Tomi Engdahl says:
https://bigtechdetective.net/
Tomi Engdahl says:
These four new hacking groups are targeting critical infrastructure, warns security company
https://www.zdnet.com/article/these-four-new-hacking-groups-are-targeting-critical-infrastructure-warns-security-company/
Researchers identify four more cyberattack operations targeting industrial networks, utilities and other critical infrastructure, as malicious hacking operations receive a boost in resources – but simple attacks still work.
Tomi Engdahl says:
There was a time when Google was a small, quirky company with a single product so awesome that it blew away the competition. That time is long gone.
These days Google is a gigantic multinational mega-corp. But that’s understating it a little. Think of Google as a kind of Godzilla that slurps up data about its users at one end and craps out gold ingots at the other. It does both of these at huge scale.
Google Analytics: Stop feeding the beast
February 25, 2021
https://casparwre.de/blog/stop-using-google-analytics/
Tomi Engdahl says:
A new technique can detect newer 4G ‘stingray’ cell phone snooping
https://techcrunch.com/2020/08/05/crocodile-hunter-4g-stingray-cell/
Security researchers say they have developed a new technique to detect modern cell-site simulators.
Cell site simulators, known as “stingrays,” impersonate cell towers and can capture information about any phone in its range — including in some cases calls, messages and data. Police secretly deploy stingrays hundreds of times a year across the United States, often capturing the data on innocent bystanders in the process.
Little is known about stingrays, because they are deliberately shrouded in secrecy.
Tomi Engdahl says:
In a perfect world, no one would be able to use anything…
https://www.dilbert.com/strip/2007-11-16
Tomi Engdahl says:
Security researcher recommends against LastPass after detailing 7 trackers
1Password has zero trackers, and Bitwarden two
https://www.theverge.com/2021/2/26/22302709/lastpass-android-app-trackers-security-research-privacy
Tomi Engdahl says:
Take security to the Zero Trust Edge
https://www.zdnet.com/article/take-security-to-the-zero-trust-edge/
The Zero Trust Edge (ZTE) model is a safer on-ramp to the internet for
organizations’ physical locations and remote workers.
Tomi Engdahl says:
Zero Trust is not a security solution. It’s a strategy
https://www.zdnet.com/article/zero-trust-is-not-a-security-solution-its-a-strategy
One of the top challenges and misunderstandings that I continue to see
is what the definition of Zero Trust actually is. Zero Trust is not
one product or platform; it’s a security framework built around the
concept of “never trust, always verify” and “assuming breach.”
Tomi Engdahl says:
Malformed URL Prefix Phishing Attacks Spike 6, 000%
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Researchers from GreatHorn report they have observed a nearly 6,
000-percent jump in attacks using “malformed URL prefixes” to evade
protections and deliver phishing emails that look legit. They look
legit, that is, unless you look closely at the symbols used in the
prefix before the URL.
Tomi Engdahl says:
The bitcoin blockchain is helping keep a botnet from being taken down
https://arstechnica.com/information-technology/2021/02/crooks-use-the-bitcoin-blockchain-to-protect-their-botnets-from-takedown/
Wallet transactions camouflage the IP address of the botnet’s control
server. When hackers corral infected computers into a botnet, they
take special care to ensure they don’t lose control of the server that
sends commands and updates to the compromised devices. The precautions
are designed to thwart security defenders who routinely dismantle
botnets by taking over the command-and-control server that administers
them in a process known as sinkholing.
Tomi Engdahl says:
Google funds Linux maintainers to boost Linux kernel security
https://www.bleepingcomputer.com/news/security/google-funds-linux-maintainers-to-boost-linux-kernel-security/
Together with the Linux Foundation, Google announced today that they
would fund two Linux kernel developers’ efforts as full-time
maintainers exclusively focused on improving Linux security.
Tomi Engdahl says:
LazyScripter: From Empire to double RAT
https://blog.malwarebytes.com/malwarebytes-news/2021/02/lazyscripter-from-empire-to-double-rat/
Malwarebytes’ Threat Intelligence analysts are continually researching
and monitoring active malware campaigns and actor groups as the
prevalence and sophistication of targeted attacks rapidly evolves. In
this paper, we introduce a new APT group we have named LazyScripter,
presenting in-depth analysis of the tactics, techniques, procedures,
and infrastructure employed by this actor group. Lisäksi:
https://www.bleepingcomputer.com/news/security/lazyscripter-hackers-target-airlines-with-remote-access-trojans/.
Lisäksi:
https://resources.malwarebytes.com/files/2021/02/LazyScripter.pdf
Tomi Engdahl says:
Online Trackers Increasingly Switching to Invasive CNAME Cloaking
Technique
https://thehackernews.com/2021/02/online-trackers-increasingly-switching.html
With browser makers steadily clamping down on third-party tracking,
advertising technology companies are increasingly embracing a DNS
technique to evade such defenses, thereby posing a threat to web
security and privacy.
Tomi Engdahl says:
Samsung Investigation Part 1: TEEs, TrustZone and TEEGRIS
https://www.riscure.com/blog/samsung-investigation-part1
The goal of our investigation was to assess how strong Samsung’s TEE
OS is and whether it can be compromised to obtain runtime control and
extract all protected assets, allowing, e.g. decryption of user data.
We did not consider a full exploit chain and instead focused on the
TEE only, assuming an attacker already in control of the Android
environment.
Tomi Engdahl says:
Cybercrime groups are selling their hacking skills. Some countries are
buying
https://www.zdnet.com/article/cybercrime-groups-are-selling-their-hacking-skills-some-countries-are-buying/
A report by cybersecurity researchers at BlackBerry warns that the
emergence of sophisticated cybercrime-as-a-service schemes means that
nation states increasingly have the option of working with groups that
can carry out attacks for them.. Researchers point to the existence of
extensive hacking operations like Bahamut as an example of how
sophisticated cyber-criminal campaigns have become.. Researchers note
how “the profiles and geography of their victims are far too diverse
to be aligned with a single bad actor’s interests”, suggesting that
Bahamut is performing operations for different clients, keeping an eye
out for jobs that would make them the most money and when it comes to
funding, certain nation states have the most money to spend on
conducting campaigns.
Tomi Engdahl says:
Microsoft open sources CodeQL queries used to hunt for Solorigate
activity
https://www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/
n this blog, well share our journey in reviewing our codebases,
highlighting one specific technique: the use of CodeQL queries to
analyze our source code at scale and rule out the presence of the
code-level indicators of compromise (IoCs) and coding patterns
associated with Solorigate. We are open sourcing the CodeQL queries
that we used in this investigation so that other organizations may .
perform a similar analysis. Note that the queries we cover in this
blog simply serve to home in on source code that shares similarities
with the source in the Solorigate implant, either in the syntactic
elements (names, literals, etc.) or in functionality.
Tomi Engdahl says:
A 2020 Go Malware Round-Up
https://www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf
In the last few years, almost an increase of 2000% of new malware
written in Go has been found in the wild. …. Traditional Antivirus
solutions still appear to struggle detecting malware written in Go.
Newer techniques that not only determine maliciousness based on code
reuse but also classify the threat have seen greater success as they
can handle similarities even between Linux and Windows . binaries.
While malware written in Go may still be in its infancy, it may soon
reach adolescence resulting in a considerable increase
Tomi Engdahl says:
The state of stalkerware in 2020
https://securelist.com/the-state-of-stalkerware-in-2020/100875/
Kasperskys data shows that the scale of the stalkerware issue has not
improved much in 2020 compared to the last year:. The number of people
affected is still high. In total, 53,870 of our mobile users were
affected globally by stalkerware in 2020. Keeping in mind the big
picture, these numbers only include Kaspersky users, and the total
global numbers will be higher.
Tomi Engdahl says:
An Exploration of JSON Interoperability Vulnerabilities
https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
As we’ve seen through attacks like HTTP request smuggling,
discrepancies across parsers combined with multi-stage request
processing can introduce serious vulnerabilities. In this research, I
conducted a survey of 49 JSON parsers, cataloged their quirks, and
present a variety of attack scenarios and Docker Compose labs to
highlight their risks. Through our payment processing and user
management . examples, we will explore how JSON parsing
inconsistencies can mask serious business logic vulnerabilities in
otherwise benign code.
Tomi Engdahl says:
Why You Should Stop Sending Texts From Your Android Messages App
https://www.forbes.com/sites/zakdoffman/2021/02/27/google-android-messages-update-apple-iphone-ipad-imessage-security-versus-sms-rcs-and-whatsapp-encryption/
Until Googles RCS offers end-to-end encryption by default and can
provide that level of security for groups as well as 1:1 messaging,
then its as much of a no-no as Facebook Messenger. And Samsungs
alternative is exactly the same.
Tomi Engdahl says:
China Hijacked an NSA Hacking Tool in 2014and Used It for Years
https://www.wired.com/story/china-nsa-hacking-tool-epme-hijack/
The hackers used the agency’s EpMe exploit to attack Windows devices
years before the Shadow Brokers leaked the agency’s zero-day arsenal
online. More than four years after a mysterious group of hackers known
as the Shadow Brokers began wantonly leaking secret NSA hacking tools
onto the internet, the question that debacle raisedwhether any
intelligence agency can prevent its “zero-day” stockpile from falling
into the wrong handsstill haunts the security community. Lisäksi:
https://www.bleepingcomputer.com/news/security/chinese-hackers-used-nsa-exploit-years-before-shadow-brokers-leak/.
Lisäksi:
https://thehackernews.com/2021/02/chinese-hackers-had-access-to-us.html.
Lisäksi:
https://www.zdnet.com/article/chinese-hackers-cloned-attack-tools-belonging-to-nsas-equation-group.
Lisäksi:
https://www.forbes.com/sites/zakdoffman/2021/02/22/dangerous-chinese-cyber-threats-against-microsoft-windows-users-were-made-in-america/
Tomi Engdahl says:
Microsoft-huijarit ovat vieneet tänä vuonna jo miljoona euroa
suomalaisten rahoja nettirikollisten uusi temppu on verottajana
esiintyminen
https://yle.fi/uutiset/3-11802472
Rikolliset yrittävät päästä käsiksi rahoihisi tällä hetkellä muun
muassa Postin, Microsoftin ja uutuutena Verohallinnon nimissä.
Verottajan sähköposteiksi naamioiduista huijausviesteistä on tullut
viime päivinä muutamia ilmoituksia Liikenne- ja viestintävirasto
Traficomin alainen Kyberturvallisuuskeskuseen. Myös Verohallinto
varoittaa huijareista verkkosivuillaan.
Tomi Engdahl says:
How to Fight Business Email Compromise (BEC) with Email
Authentication?
https://thehackernews.com/2021/02/how-to-fight-business-email-compromise.html
An ever-evolving and rampant form of cybercrime that targets emails as
the potential medium to conduct fraud is known as Business Email
Compromise. Targeting commercial, government as well as non-profit
organizations, BEC can lead to huge amounts of data loss, security
breach, and compromised financial assets.
Tomi Engdahl says:
Erasing data from donated devices
https://www.ncsc.gov.uk/blog-post/erasing-data-from-donated-devices
How charities can erase personal data from donated laptops, phones and
tablets, before passing them on. Many charities have recently
encouraged the public to donate their old laptops, tablets and other
devices to schoolchildren. This makes a huge difference, as it means
more schoolchildren can learn at home during the COVID-19 lockdown.
Tomi Engdahl says:
[1209] This Tiny WiFi Camera Owns Kwikset SmartKey (LockTech LTKSD)
https://www.youtube.com/watch?v=DGdsIrAjp3k
LPL: “I happen to have a machine for cutting keys in my garage”
Everyone: of course you do
Tomi Engdahl says:
Free cybersecurity tool aims to help smaller businesses stay safer
online
https://www.zdnet.com/article/free-cybersecurity-tool-aims-to-help-smaller-businesses-stay-safer-online/
The NCSC’s Cyber Action Plan tool aims to help small businesses
improve their resilience to cyber attacks via the aid of a short
questionnaire about their current cybersecurity strategy and provides
customised advice on how the business could be better protected
against cyber crime.
Tomi Engdahl says:
National Security Risks of Late-Stage Capitalism
https://www.schneier.com/blog/archives/2021/03/national-security-risks-of-late-stage-capitalism.html
In todays underregulated markets, its just too easy for software
companies like SolarWinds to save money by skimping on security and to
hope for the best. Thats a rational decision in todays free-market
world, and the only way to change that is to change the economic
incentives.
Tomi Engdahl says:
NSA Publishes Guidance on Adoption of Zero Trust Security
https://www.securityweek.com/nsa-publishes-guidance-adoption-zero-trust-security
Tomi Engdahl says:
Titled “Embracing a Zero Trust Security Model,” the document details the benefits and challenges of the security model, and also provides a series of recommendations on the implementation of Zero Trust within existing networks.
https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF
Tomi Engdahl says:
Is Your Suppliers’ Security Your Business?
https://www.securityweek.com/your-suppliers-security-your-business
Companies Must to Look Beyond Their Own Company to Also Consider the Security Measures Their Immediate Suppliers Have in Place
The number of cyberattacks on industrial sites of all sizes is increasing significantly, with risk spreading across supply chains. An ESG survey of 150 cybersecurity and IT professionals in mid-market and enterprise manufacturing organizations, found 53% say their operational technology (OT) infrastructure is vulnerable to some type of cyberattack, while the same number state that they have already suffered a cyberattack or other security incident in the last 12-24 months that impacted their OT infrastructure. Manufacturers are part of trading partner networks that are intertwined, and when they are compromised, the effects ripple across all parties in the supply chain. The impact of an attack on a first-tier supplier can be just as devastating as if the attack initially penetrated your own OT network. Production lines can be shut down, creating significant costs, negatively impacting revenue, and causing reputational damage.
For years, threat actors have taken advantage of weak links in the supply chain as stepping-stones to infiltrate other organizations. We all remember the Target security breach nearly a decade ago, in which attackers used stolen credentials from an HVAC systems vendor to access Target’s network and move laterally until finally stealing bank card and personal information of millions of customers. A few years later, the NotPetya ransomware was another high-profile supply chain attack that initially poisoned software from a Ukrainian accounting firm and went on to affect multinational corporations and cause an estimated $10 billion in damages. More recently, the SolarWinds Orion software compromise and SUNBURST backdoor has allowed a threat actor to gain access to numerous organizations around the world. The scope and impact of this attack is still being understood.
Tomi Engdahl says:
Securing Today’s Networks Requires Consolidation and Collaboration
https://www.securityweek.com/securing-todays-networks-requires-consolidation-and-collaboration
Tomi Engdahl says:
https://www.securityweek.com/inside-ransomware-economy