Insights blog.

On March 2, Microsoft announced that it has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. According to Microsoft, in the attacks observed, cybersecurity threat actors used this vulnerability to access on-premises Exchange servers, which enabled access to email accounts, and installed additional malware to facilitate long-term access to victim environments.

It’s every security manager's worst nightmare. A member of the IT department reaches to alert that malicious software has been detected on an internal network, and the hacker potentially has access to layers of sensitive data. In the following days and weeks of remediation, locating an access point, and reinforcing cybersecurity measures, security managers often ask themselves, “could this data leak have been prevented?”

The SolarWinds hack, discovered in late 2020 when FireEye announced it had been targeted through a third party vulnerability, has now become one of the most widespread and impactful supply chain attacks in history. 

The SolarWinds supply chain attack discovered in late 2020 was a wakeup call for security managers across all industries. The hack is shaping up to be one of the most impactful attacks against a critical supply chain partner in history.

In light of the cyber attack targeting SolarWinds, security and risk professionals are working to identify instances of the Orion software within their organization -- including their broader partner ecosystem -- and reduce their exposure.  How responsive have organizations been to the SolarWinds hack?  

The cyber attack targeting SolarWinds, a provider of network and system monitoring software, is shaping up to be one of the most significant attacks against a critical supply chain partner, with significant implications for national security. Similar to NotPetya, the attackers compromised a software provider in order to gain access to the trusted update channel. Any organization using specific versions of the SolarWinds Orion Network Configuration Manager (SolarWinds Orion) product is presumed to be at risk.   

New vulnerabilities emerge daily... but not every vulnerability is being actively exploited by nation state actors. Zerologon (CVE-2020-1472) is one such vulnerability.  Zerologon was recently identified by the National Security Agency (NSA) as one of 25 vulnerabilities actively being exploited by Chinese state-sponsored actors. 

Since its advent in May 2019, BlueKeep (CVE-2019-0708) has been observed to pose risks to information security worldwide. It is a vulnerability associated with a wide range of Microsoft operating systems that affords a bad actor leverage to remotely execute malicious code on affected devices. Remediation involves updating to the latest Microsoft security patches released to mitigate BlueKeep. Sectors that use Microsoft products extensively and persist in using outdated software are particularly susceptible to this threat.

As the biomedical community rushes to develop vaccines to combat COVID-19, malicious actors are seeking to steal the sensitive intellectual property that underpins treatment.

This week the 13th edition of the Verizon Data Breach Investigations Report (DBIR) was released, which is usually a hallmark event of the cybersecurity world. As we have been in previous years, Bitsight is proud to be a data contributor to the report. After taking some time to give it an initial read through, however, one thing stood out loud and clear to us: how little has changed after 13 years.

When people talk about cybersecurity risks, the first area that normally comes to mind is malware. Some might even consider that it’s the worst event that can happen, as it normally indicates that a malicious actor has already bypassed the layers of security and now has free-reign to do what they want. The circumstances that led to the compromised systems, however, often tell a larger story. Issues like EternalBlue and BlueKeep require prompt response by system administrators in order to minimize the risk posed to their attack surface. Vulnerabilities often represent unpredictable changes of an organization’s attack surface that increase the risk of breach and compromise where the organization has to react accordingly based on their response plans and internal processes.

During the period of March 2020, we looked at a sample size of 41,000 US-based organizations to understand the difference between corporate networks and Work From Home-Remote Office (WFH-RO) networks from a cyber-risk perspective.

On October 20th, 2019, authorities in India confirmed that one of its nuclear power plants had been hacked. The malware attack on the Kudankulam Nuclear Power Plant (KKNPP), first noticed on September 4th, has since been attributed to the North Korean state-sponsored threat group known as Lazarus.

Cyber risk and regulatory compliance are two sides of the same coin in the Financial Services sector. Together, they spur Financial Services companies to take action to protect customers, their business and the global financial ecosystem from the malicious cyber attacks or the risk of critical system failures.

As the number and costs of cyber-attacks and data breaches continue to rise, more money is being thrown at the problem. IDC projects that by 2022, organizations will spend $133.8 billion to protect their IT infrastructures against cybersecurity threats.