Since we released our first article discussing our technology and cybersecurity trends and predictions for 2021, the SolarWinds attack has rocked the cybersecurity world. Though the total extent of this attack is still unknown, this devastating attack points to a larger, equally troubling trend.
Security threats, including malware and ransomware, are on the rise, and organizations of all sizes need to take action to safeguard their digital assets in 2021 and beyond.
The SolarWinds Attack: A Brief Primer
The SolarWinds attack was first discovered by FireEye, a well-known cybersecurity company, on December 8th, 2020. Over the following days, it became clear that the attack on FireEye by malicious actors (believed to be affiliated with the Russian government) was part of a much larger attack.
This attack was carried out via malicious code updates to a popular network monitoring product called SolarWinds Orion. The attackers were able to create an undetected back door in the system, which they then later used to insert the malicious software (malware) into the Orion software. Both the backdoor and the malware were unknowingly downloaded by users of Orion versions 2019.4 HF through to 20202.2.1, which were released between March 2020 and June 2020.
Once downloaded, the malicious code granted the attackers access to computer systems belonging to a large number of private companies (including Microsoft) as well as those belonging to multiple US government departments, including the US Treasury Department, the Department of Energy, and the Department of Homeland Security.
Through this recently discovered back door, the attackers were then able to deploy malicious software onto user’s computer systems.
Sunburst vs Supernova
Sunburst is the name of the back door that was added to the Orion codebase, which was then to deploy the supernova malware. The company has since released hot patches designed to close the Sunburst backdoor in impacted versions of the software and protect users against supernova.
The SolarWinds attack is an example of a supply chain attack, where malicious actors infiltrate computer systems through an outside partner or provider who has legitimate access to your systems and data. By sneaking malicious code into updates, malicious actors can leverage the trusting relationship between users and their outside partners or providers to gain covert access to systems.
Trends to Keep an Eye On in 2021
The Lasting Impact of the SolarWinds Attack
It will likely take years for security experts to fully comprehend the total scale of the SolarWinds attack. Though SolarWinds has released a number of software patches that aim to address the issue and safeguard users, the SolarWinds debacle is likely far from over.
This attack is likely to have widespread implications for the cybersecurity industry as a whole, as governments and private companies alike continue to become increasingly reliant on online and cloud systems to carry out their daily activities.
Two factors set the SolarWinds attack apart from similar previous attacks: the scale and the timeline. The SolarWinds attack is one of the largest and most pervasive in US history, and the fact that it remained undetected for so long is incredibly disconcerting.
What’s worse, the number of cyberattacks, and their level of sophistication, only continue to grow. Instances of cyberwar and cyberespionage like the SolarWinds attack targeting cybersecurity vendors are on the rise, and this disturbing trend is unlikely to change course any time soon. Other vendors that have been recently targeted include CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks, and Qualys.
Ransomware Continues to Evolve
Ransomware, which allows attackers to encrypt a victim’s files and restrict their access to computer systems until the ransom is paid, remains an ongoing threat. According to a recent report by PurpleSec, the number of ransomware attacks has increased 350% since 2018, with the average ransom payment increasing by more than 100% in 2020, and downtime caused by these attacks increased 200%.
Organizations in all verticals and industries can be, and frequently are, targeted both vaccine manufacturers and hospitals have been hit particularly hard. Once the realm of unsophisticated thugs, ransomware attackers are becoming increasingly organized, well-funded, and sophisticated, creating professional criminal organizations.
These newly-professionalized criminals have also started a new trend: ransomware as a service. From delivery to ransom payment processing, modern criminal organizations are offering to run ransomware attacks for other criminals for either a cut of the ransom or a fixed fee. This professionalization of the ransomware industry is deeply troubling, as criminals no longer need to possess the required technical skills in order to launch these attacks.
How Can Bird Rock Systems Help Me Keep My Organization Safe?
SolarWinds was targeted because of its reach and its high-profile clients, but in reality the attackers could have targeted any equally-well positioned and connected business.
Quarterly Security Business Reviews
To help our customers better safeguard their digital assets, Bird Rock offers quarterly security business reviews. These quarterly reviews include meetings with Bird Rock security experts to conduct health checks on security tools and processes, as well as education and strategy sessions to give you, and your team, the knowledge you need to keep potential attackers at bay.
These quarterly security assessments help our customer identify potential issues and vulnerabilities as soon as possible, giving you the information you need to proactively improve your organization’s security posture.
Our security experts are strong believers in the benefits of penetration (pen) testing and continuous pen testing both internally and externally. Pen testing involves hiring a red team (essentially a group of authorized hackers) to stress test your current security posture and identify vulnerabilities and other issues that could be exploited by malicious actors.
One popular pen test is the simulated ransomware attack test, which allows our red team to simulate an attack on your environment and validate that the proper controls are in place to thwart, or at least hinder, a ransomware attack.
Data Mapping Helps Ensure Compliance
Our team of experts also offers data mapping services, a popular tool for assessing sensitive data best practices so you can ensure your organization is complying with all relevant regulations (such as GDPR and CCPA). This service includes installing software on your system that identifies where sensitive data is being stored (both on your local network and in cloud-based applications), so you can ensure proper security and privacy measures are in place and is an excellent addition to any data governance toolbox.
Security Score & Security Roadmap
Using the information gained during the pen tests, your BRS expert will give you an overall security score and help your team develop a holistic security roadmap.
Ransomware, malware, and other cyber attacks remain ongoing threats that can target organizations of all sizes in all industries and verticals. Our team of security experts is here to help ensure your organizations’ digital assets are adequately protected. For more information, or to book your security assessment, please contact us today.