On Friday January 14, 2022, in the aftermath of unproductive diplomatic meetings between Russia and the U.S. and NATO, malicious cyber attackers launched a massive attack against Ukrainian government websites. Approximately seventy websites were targeted, and several sites are impacted, including the Ministry of Foreign Affairs and Ministry of Education.
As advisors to some of the world’s largest organizations, we know firsthand how critical the implementation of a company-wide cybersecurity strategy is to defending against today’s rapidly evolving threats. The continuous strengthening of security posture – from prevention measures to plans for detection, response, and recovery – serves to prepare organizations for the inevitable with effective damage controls in place.
It’s important to remember, though, that cybersecurity is not just about tools and technology. There is a human element, too, that companies can leverage in their favor in their cyber defense strategies year-round – and particularly during the busy holiday season.
On Friday December 10, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert based on the Apache Software Foundation security advisory regarding a critical (CVSS score of 10 out of 10) remote code execution vulnerability affecting Log4j.
Many remember the truck attack in 2017, where a terrorist rented a van, killed 8, and injured 11 in Manhattan. My colleague at the Chertoff Group, General Michael Hayden, referred to it at the time as an “attack of limits.”
Earlier this week, the FBI released an alert warning that ransomware actors are seeking to exploit significant financial transaction events and stock valuation to extort victims, including malware specifically written to look for 10Q/10K earnings release information, and information disclosure threats intended to impact share price.
On the evening of July 2, IT software management provider Kaseya announced that threat actors had successfully targeted its on-premises VSA server software technology, which is used by multiple Information Technology (IT) managed service providers (MSPs) to manage and monitor computers remotely. Initial reports suggest that the threat actors exploited a 0-day software vulnerability, and Kaseya’s CEO stated that “We will release that patch as quickly as possible to get our [on-prem] customers back up and running.” The threat actor in this context appears to be REvil, the same threat actor group behind numerous other ransomware attacks including on meat processor JBS. The scope of impact is not yet fully understood.
On Sunday, May 30th, JBS SA determined its information technology (IT) systems were compromised by a ransomware attack. In response to the attack, JBS SA suspended its North American and Australian computer systems, shutting down its beef processing operations in the U.S., Australia, and Canada while severely disrupting operations at poultry and pork plants.
On Wednesday, May 12, President Biden signed an extensive Executive Order (E.O.) on Improving the Nation’s Cybersecurity. The E.O. is primarily directed at federal departments and agencies, and federal contractors, but its implementing standards will likely have a much broader impact across critical infrastructure sectors and related technology suppliers.
On Saturday, May 8th, Colonial Pipeline confirmed that its information technology (IT) systems were compromised by a ransomware attack. As a precaution, Colonial temporarily halted operational technology (OT) functions across four of its mainlines that transport gasoline, diesel, and jet fuel, stretching from Texas to New Jersey.
On December 8th, FireEye, a leading cybersecurity provider, reported that a sophisticated threat actor had infiltrated its network and accessed proprietary penetration testing tools. Upon further investigation, the firm uncovered a global cyber intrusion campaign, which trojanized a software update to a widely deployed SolarWinds IT management software product. Nation-state actors, likely of Russian origin, subverted SolarWinds’ software supply chain and inserted malicious code into the company’s Orion software product update. Because the SolarWinds Orion solution is used by thousands of large organizations, and is often enabled with elevated privileges, it is a valuable target for adversary activity.
