Throughout 2020, organizations faced the challenges of an expanded remote workforce, during which time attackers ramped up their social engineering efforts. All the while, nation-state actors leveraged vulnerabilities in the SolarWinds Orion software to pull off a massive cyberattack on the United States. Twitter was hacked, Parler was banned. All in all, 2020 was an unprecedented year, indicating the need for private organizations and federal agencies to augment their security strategies if we are to defend against malicious attacks and disinformation campaigns from both foreign and domestic actors.
The new administration has heard the calls of cyber-concerns, particularly as they relate to national security and the President’s Peloton bike. Alas, the Secret Service and the NSA are working to ensure that neither the President nor the First Lady misses a workout with Cody Rigsby or Tunde Oyeneyin (two of my personal favorites).
The President has nominated and appointed cybersecurity experts across his administration. In fact, his cabinet picks are already being peppered with questions from a Congress eager to understand, “their approaches to pressing cybersecurity issues.”
It will certainly be interesting to watch the industry evolve as this year unfolds, but for now, let’s take a look at what made cybersecurity headlines this week.
Jan. 22: Jamil Farshchi and Samantha Ravich opined on the next pandemic, suggesting, “The next seismic event we face as a country may be a cyber pandemic.”
Jan. 21: CISA’s Acting Director Brandon Wales announced a new program to curb the growing threat of ransomware attacks.
Jan. 21: Students across the UK in need of devices for homeschooling received government-issued laptops containing malware dubbed Gamarue worm.
Jan. 21: Credentials stolen by malicious actors during a phishing campaign targeting the construction and energy sectors were reportedly, “saved in files that were public and were indexed by Google—allowing anyone to view them through a simple search.”
Jan. 20: Malwarebytes announced that it too was a victim of the SolarWinds attack, though adversaries did not breach the organization through the SolarWinds platform. Threatpost reported, “the advanced persistent threat (APT) abused ‘applications with privileged access to Microsoft Office 365 and Azure environments,’ the security firm said—specifically, an email-protection application.”
Jan. 20: Reuters reported, “Outgoing U.S. Federal Communications Commission (FCC) chairman Ajit Pai said potential Chinese espionage and threats to U.S. telecommunications networks and internet freedom are the biggest national security issue that regulators will face in the next four years.”
Jan. 19: Engadget reported that since January 28, 2020, the EU has charged approximately $192 million in fines, which reflects a 39% increase on the preceding 20-month period, according to a report published by law firm, DLA Piper.
Jan. 18: Security Week reported, “The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms.”