Four words abbreviated cybersecurity in 2020: COVID-19, ransomware, Twitter and SolarWinds
Four words abbreviated cybersecurity in 2020: COVID-19, ransomware, Twitter and SolarWinds
COVID-19
COVID-19 suddenly forced organizations around the world to work from home if they could. This left many CISOs to struggle with data security for employees who were now working to increase security risks for company firewalls and fundamentals. Some gained quick funding to add security controls, such as virtual private networks, multifactor authentication and enterprise device management systems. Others were not so lucky.
On top of this, miscreants resorted to epidemics flooding with COVID-related phishing scams after government relief money and masks and hand sanitizers were sought, while some nation-states targeted pharmaceutical companies and universities for COVID research .
Types of tricks: failure to plan for disasters, and poor awareness training.
Ransomware
The Ransomware gang quickly caught the idea of double-extortion. In addition to encrypting data, stealing data and threatening to release it and embarrassing organizations until they pay a ransom for the decryption key. Given the number of companies listed by hacking groups, there were many hits in this way, including municipalities, public school boards, and hospitals.
Consider those who may discontinue ransomware: In January, Travellex was affected by international currency exchange ransomware. It paid US $ 2.3 million to obtain the decryption key. It was forced into administration in August.
The death of a sick woman in Germany, whose ambulance had to walk away from a hospital that suffered a ransomware attack, was convicted of participating in a cyber attack.
Types of exploitation: poor awareness training, failure to widely use data encryption for security.
Twitter became embarrassed in July when employees fell for a phone scam and reset the passwords of celebrity users, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple. He then tweeted a fake bitcoin scam. Three people have been charged.
Types of exploitation: vishing, poor awareness training.
Orion
And arguably, the year's lowest-scoring, respected vendor FireEye, was hacked, revealing that security updates for SolarWinds' Orion network management platform were infected by the backdoor. Some 18,000 Orion customers, largely U.S. In, let's download the update. The fingers point to a nation-state known as the bear as a national symbol.
Results: Saying too quickly, some reports suggest that the attackers exploited only a small number of 18,000 infections. However, it is believed that there are many government agencies. As cybersecurity expert Bruce Schneier told SecurityWeek.com, "We have no idea what network they are in, how deep they are, what access they have, what devices they have."
One big question: Organizations like the US federal government must protect deeply. How not caught?
No comments