2020 was a record-breaking year for cybercrime, with malware, ransomware, and phishing attacks all on the rise, more data breaches occurring than ever before. Unfortunately, these trends care nothing about a turn of the calendar, as the first half of 2021 has seen records of the previous year broken with even more vicious attacks.
Any cursory search will bring back dozens of high-profile incidents, and even industry outsiders could name a handful. The Colonial Pipeline, CNA Financial, and Solarwinds attacks have all made headlines, and we know that that’s only a tiny fraction of the threats that we had to face.
The year so far
Microsoft Exchange Servers were hit in a series of major data breaches that started in January. Microsoft released security patches, but clients were slow to update, and tens of thousands of small businesses were affected. It was soon revealed that Chinese gang Hafnium was responsible for the attack where they used four zero-day vulnerabilities to steal email mailboxes and address books from Microsoft-run servers. Just recently, the UK, US and EU have accused China of carrying out the attack. Their involvement was known much earlier, but to have states make the accusation takes the conflict to the next level.
In February, KIA Motors America’s servers were cut off, and the company issued statements of IT issues. Though unconfirmed by the company, there were reports of a major ransomware attack by the DoppelPaymer gang, who demanded US$20 million in Bitcoin.
CD Projekt Red, creators of the hugely popular Witcher series of video games, was also hacked in February. The attackers have reportedly used HelloKitty ransomware, and claimed to have gained access to source codes of CDPR’s most popular games, along with HR, legal, and accounting documentation. This case is noteworthy because CDPR very publicly refused to negotiate with the attackers. Instead, they patched the vulnerability, restored from backup, and assured everyone that no personal user data was taken.
This was a turbulent time for CDPR anyway, as the company was still reeling from the backlash of their latest game in September. Major retailers had to offer full refunds and the game was eventually taken off the “shelves” due to stability issues, which took until this July to resolve.
One of the largest financial firms in the US, CNA Financial was hit in a ransomware attack in March. Bloomberg reported that CNA ended up paying US$40 million to attackers, Evil Corp, the largest such payment up to that point.
Colonial Pipeline was hit in April in a widely reported ransomware attack, and DarkSide, the gang responsible, eventually received BTC 75 (roughly US$4.4m). Deputy Attorney General Lisa O. Monaco later announced that the DOJ, through its new Ransomware and Digital Extortion Task Force, was able to recover most of the ransom.
In May, Brenntag SE, a German chemical distribution company was attacked by DarkSide (US$4.4 million ransom paid), then computer manufacturer ACER, and the European insurance giant AXA were also hit. Ransoms amount to tens of millions of US$.
Summer brought no respite, as we saw meat manufacturer JBS getting hit in another major ransomware attack in June. They had to shut down some operations in Australia, Canada and the United States for days, which threatened food shortages. The company was forced to pay US$11 million in crypto to get their plants started again.
This isn’t an exhaustive list of even the major attacks and breaches, only the leading edge of what seems to be an escalation of the trends that began years ago.
Actions companies can take
These attacks fit into years-long trends that show no signs of easing as threats keep piling on. Governments all around the world recognise this, and are taking steps to protect their citizens and interests from cyber criminals, but we cannot sit idly by while some global strategy arises. Action on the part of individuals and organisations is required to ensure a degree of security.
It is true that criminals use remarkably sophisticated methods to break into systems, but more often than not, they rely on their victims to make a mistake which can then be exploited.
There are times, and we’ve seen this in the case of the recent Kaseya attack, when a system’s vulnerability originates higher up the supply chain. In these cases, the issue is far from home, but companies can still demand regular security reports or have independent contractors review providers’ protocols to ensure compliance. Whatever providers might claim, almost nobody has their security fully handled but there are ways to test contractors’ vulnerability, and it pays off to do so. Breaches are always more expensive than preventative measures.
When it comes to tools companies use within their own environments, the landscape is even more complex. There are countless tools, such as vulnerability scanners, patching, ATD, SIEM, SOAR, or XDR (the list goes on) available, but due to the complexity of these tools, no single vendor can provide best-of-breed solutions in every category. Inevitably, tools from different vendors won’t combine into a truly integrated solution. The challenge then is to coordinate all these—separately excellent but disjointed—tools.
The objectives are to coordinate tools, discover vulnerabilities, and assess threats. There are budget considerations as well, although it is worth repeating that preventative measures are always cheaper than putting out fires. If the system works well there will be no backbreaking expenses, like the ransoms mentioned above.
Just as in the case of outside vendors, companies’ own systems can benefit from regular external audits.
One of the most important things organisations can do is making sure all software is up to date. Vendors issue updates to fix everything from minor functional bugs to potential vulnerabilities, and without these updates, systems might be open to attacks, like in the case of the recent Microsoft Exchange hacks. In that case, Microsoft reacted quickly but users were slow to update and that allowed bad actors to breach thousands of systems. A reason why users might be slow to update is because a corollary of fragmented security solutions is that some enterprise applications might not be compatible with the latest update of another software. The answer is automated application testing which ensures compatibility and keeps everything running.
Another important measure is regular user education. This provides a different challenge, due to the ever-evolving phishing and social engineering tactics hackers use—but also because employees are focussed on their own tasks, not on additional training. Nevertheless, hackers know that it’s often easier to just walk past reception and snatch a password left on a sticky note or access the system through an unlocked laptop than to breach a sophisticated security system. Regular user training and basic security measures such as a company-wide clean desk policy can thwart those attempts.
When a breach occurs, individual users need clear and concise instructions. The alarm needs to travel fast and reach the right people for effective damage control. User education and company policies should include plans for worst-case situations to curb panic and miscommunication.
Every brick strengthens the wall
It is essential to secure systems on every level from service providers, through in-house tool integration down to the level of the individual user. IT departments, CISO’s, and CIO’s all need accurate insight—on different levels—into the company’s infrastructure. There are no perfect solutions, no impenetrable systems, but every security measure is an obstacle to bad actors. Hackers have the same constraints as the companies working against them, and following a few simple guidelines can go a long way towards security. The last steps are much harder, but there are companies out there with excellent cybersecurity solutions, eager to help.
The Connective Platform™ integrates a host of cybersecurity tools into one system faster than any of our competitors, but that alone wouldn't give our partners the edge over cybercriminals. Simply gathering all the data from a number of connected elements would still require an army of experts to make sense of it; it's analogous to how gathering stock prices from markets all around the world doesn't tell you where to invest your money next. Our platform goes on to analyse that massive amount of data to give our partners the information they need: where the weak points of their cyber defence are, and how to address them.