On December 8th, FireEye, a leading cybersecurity provider, reported that a sophisticated threat actor had infiltrated its network and accessed proprietary penetration testing tools. Upon further investigation, the firm uncovered a global cyber intrusion campaign, which trojanized a software update to a widely deployed SolarWinds IT management software product. Nation-state actors, likely of Russian origin, subverted SolarWinds’ software supply chain and inserted malicious code into the company’s Orion software product update. Because the SolarWinds Orion solution is used by thousands of large organizations, and is often enabled with elevated privileges, it is a valuable target for adversary activity.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and Department of Health & Human Services (HHS) issued a joint alert October 28 that they had “credible information” of an “increased and imminent” cybercrime threat to U.S. hospitals and healthcare providers. In the last week, at least six U.S. hospitals have been hit by Ryuk ransomware within 24 hours by the cyber criminals behind Trickbot and Ryuk. Separate reporting indicates that healthcare organizations in Oregon, upstate New York, Minnesota, and Vermont have been infected.

For the last decade, the public and private sectors have faced increasing complications managing complex and dispersed international supply chains. The issues confronted are extensive, including physical and cybersecurity vulnerabilities, trade and customs compliance, the threat of malign foreign influence, and supply chain resiliency. In 2020, these trendlines have accelerated further, with organizations now having to manage the COVID-19 pandemic, heightened geopolitical tensions, and natural disasters, creating a series of disruptions unrivaled in modern history.

Last month the Court of Justice of the European Union (CJEU) issued one of the most significant decisions in the court’s history, invalidating Privacy Shield, an important but relatively obscure agreement used to facilitate the transfer of private customer data between the U.S. and Europe, and also calling into question several privacy-related mechanisms. The decision has left widespread uncertainty and turmoil in its wake, threatening to further damage trans-Atlantic commerce amidst a global pandemic and strengthen Chinese and Russian efforts to push their own model of “privacy.” Now is the time work with our allies on privacy and economic recovery, not to cut off our nose to spite our face.

In June 2020, a software exploit dubbed GoldenSpy was observed targeting corporations doing business in China – the underlying executable file was part of required tax software. Companies were required to install the software to enable payment of local Chinese taxes, and the software’s backdoor enabled command and control of victim systems and remote code execution.

The first half of 2020 has yielded multiple significant developments on ransomware and related disruptive attacks – including new targets and evolving tactics, techniques and procedures (TTPs). These trends require priority attention across all functions with security-related responsibilities. By better understanding these events and their risk implications, our clients and partners can more effectively manage ransomware risk and apply appropriate safeguards.

As the rate of new COVID-19 cases gradually stabilizes across a number of major metropolitan areas, companies are transitioning from risk avoidance to risk acceptance and contemplating how best to return their workforce to the office in a way that balances productivity and duty of care.

To execute a safe and successful transition, it’s paramount that business leaders leverage adaptive thinking and flexible policies that accommodate a broad array of employee and customer needs to protect individuals at greater risk of severe outcomes.

The use of local business partners is as old as global commerce itself. European merchants leveraged middle men across the ancient Silk Road, while the first multinational corporations relied on local resources and manpower for their global operations.

Today, requirements set up by foreign governments often mandate business relationships with native firms in order to guarantee the benefits of resource extraction or technology transfer. In other cases, complex business environments all but necessitate local know-how in order to get things done. But as firms move into emerging and frontier markets, they face increasing challenges on their home turf, especially in areas of compliance and reputation management.

2019 continues to be a year filled with ransomware attacks. One of the key themes at DHS’ 2nd Annual National Cybersecurity Summit was the rapid and overwhelming increase in cyber attacks on businesses and local governments. For example, Verizon’s 2019 Data Breach Investigations Report indicated 24 percent of all instances of malware involved ransomware. Malwarebytes, an internet security company, reported that the detection of ransomware attacks on businesses in 2019’s Q1 increased 195 percent from 2018’S Q4. According to Johns Hopkins University Professor Avi Ruben, many of the recently reported attacks were specifically focused on local governments and municipalities because “they tend to have lower IT budgets than they should.