The events of 2020 have undeniably shaped the landscape of cybersecurity, marking a year fraught with unprecedented challenges. As organizations shifted to remote work due to the COVID-19 pandemic, cybersecurity professionals grappled with the significant increase in remote access to critical company assets, prompting a wave of new security concerns.
Cybercriminals adeptly exploited the chaos stemming from the global health crisis, launching sophisticated cyberattacks that took advantage of heightened confusion and lapses in preparedness. Notably, the closing months of 2020 witnessed several significant breaches that targeted high-profile organizations and government bodies, revealing gaps in even the most established security measures. Cybersecurity firm Cynet is set to provide insights on these high-profile attacks in an upcoming webinar, offering guidance for 2021’s cyber threat landscape (register here).
The attacks from last year provide a sobering look at the evolving tactics employed by threat actors. One of the most notable incidents was the SolarWinds breach, which involved hackers infiltrating the infrastructure of SolarWinds, a major IT management software vendor. By compromising its Orion platform, attackers managed to deliver trojanized updates to potentially thousands of organizations, including a significant number from the Fortune 500, various branches of the U.S. military, and numerous educational institutions. This event highlights the initial access and supply chain manipulation tactics as outlined in the MITRE ATT&CK framework, underscoring the need for robust third-party risk management strategies.
Another significant breach impacting the cybersecurity landscape was the Clop ransomware attack on Software AG, a major German software vendor. Cybercriminals demanded a ransom of $23 million, showcasing the persistence and extortion techniques prevalent in ransomware attacks. This incident underscored the importance of organizations having an incident response plan in place to mitigate such attacks.
Sopra Steria, a leading European IT services company, also faced a severe security incident in October 2020 when an evolved version of the Ryuk ransomware was deployed against them. This attack, surprising even to antivirus solution providers, illustrates not only the danger of ransomware but also the challenge of staying ahead of evolving threats.
Additionally, the targeted attack against Telegram highlights the risks associated with mobile and messaging platforms. Here, hackers accessed sensitive data of high-profile individuals in the cryptocurrency sector, employing techniques to intercept 2FA codes. This incident may involve initial access tactics and session hijacking, illustrating the multifaceted threat landscape organizations must navigate today.
Looking ahead to 2021, cybersecurity experts, including those at Cynet, will likely emphasize a strengthened focus on protecting remote workforces and enhancing their security postures against evolving ransomware threats. The reliance on automated response mechanisms will be vital, ensuring swift reactions to prevent the spread of infections and protect critical assets.
As organizations prepare for another challenging year, insights from experienced cybersecurity professionals will provide essential guidance. Business owners concerned about cybersecurity risks are encouraged to engage with specialists and utilize resources that address the changing tactics of cyber adversaries. Register for the upcoming webinar here.
