My job is to plan the blogs in Salt Communications. As it’s the end of the year I had been researching the top 10 attacks of 2020 for a few weeks and then, at the start of December I’d put it out for internal review. The rest of the team are always busy but have good input so I give them 2-3 days to come back to me before updating, getting sign-off and pushing it live. I thought I’d done a good job of this one so it was a little shocking when my boss came back to me with a one-liner: “This blog makes no sense. Read the news today!”.
That email was sent at 6am on Wednesday 9 December 2020 and as I checked the headlines it wasn’t too long before his point became apparent. But before we talk about that (I want to use at least some of the copy I’d spent hours on!), it’s worth acknowledging that 2020 had already seen a lot of action – probably enough to keep every CISO worth their salt up at night.
In 2020 more than 80% of firms reported a dramatic rise in cyber attacks. A 238% surge in cyber attacks on banks is blamed on Coronavirus alone. Since the end of February 2020, phishing attacks have seen a dramatic rise of 600%. Although ransomware attacks increased 148% in March 2020 due to the pandemic, the average ransomware payment also grew by 33% to $111,605 in comparison to Q4 2019.
Some of the victims…
The biggest ransomware attacks of 2020 targeted those protecting A-listers in Grubman Shire Meiselas & Sacks, prestigious international law firm Seyfarth Shaw LLP, the world’s largest cruise line operator, Carnival Company and Software AG, the seventh largest software vendor in Europe. The weapon used in many attacks appears to be the Clop ransomware which is of course highly efficient at encrypting your crown jewels (or enough of them to make operations next to impossible) until the ransom is paid.
Obviously Zoom was a big target in 2020 and we saw breaches in April, soon after COVID-19 kicked in globally. More than 500,000 Zoom passwords were stolen and were available for sale as well as being distributed through dark web sites for free. There was a load of other stuff happening with Zoom but they have continued to prosper and are clearly big winners in 2020 because of the new way business is being conducted. And of course the Twitter cryptocurrency scam – when a tweet requesting contributions from the official Apple & Uber accounts in the cryptocurrency, followed by Tesla CEO Elon Musk and Microsoft co-founder Bill Gates to name but a few!
Yeah, a lot had happened in 2020 before we got to December and I thought I’d rounded it up nicely.
But then Kevin Mandia, the CEO of FireEye, released his blog (before I released mine) and that sent me back to the drawing board…
FireEye is one of the largest and most trusted cybersecurity firms in the United States and Mandia disclosed in his blog that foreign government hackers with “world-class capabilities” broke into its network and stole instruments it uses to monitor the defences of its thousands of clients, including federal, state and local governments and major global corporations. All of the indicators point to the usual suspects with the necessary advanced capabilities to carry this out.
The gut punch for FireEye is that it appears that their “red team tools” were stolen during the attack – which is essentially the box of tricks they use when trying to test out the resiliency of customer networks. The hackers also seemed to be particularly interested in the list of Government agencies and departments within their customer list.
Fireye has 8,800 clients, including US federal government agencies and more than half of the Forbes Global 2000 list.
This is scary stuff but we only had about a week to digest it before the Trump administration confirmed that hackers working on behalf of a foreign government (Russia) hacked into a number of key government networks, including in the Treasury and Commerce Departments, giving the attackers free access to their emails and other systems for many months.
This disclosed the SolarWinds hack, labeled SunBurst, which exploited the update process within it’s Orion product to infiltrate up to 18,000 companies using an extremely sophisticated and patient approach which goes a long way towards tipping us off about who the assailants are. Given that the first initial code changes happened in October 2019 but the code wasn’t activated until March 2020 shows that the assailants probably did some dry runs and were waiting until the right time before edging forward. Jeremy Kirk gives a great explanation of what we know to date in this linked article.
We know that the attackers were interested in the email systems but there is so much going on at the moment surrounding these stories that it is hard to fully appreciate the scale and scope of the risks presented.
We’ll need to wait and see, but it definitely sharpens the minds of those who have been left exposed, with the 2020 Holidays expected to be a busy period for IT security teams working in many organisations across the globe.
Before the news of these latest incidents broke Salt had scheduled a January 2021 webinar discussing the pros and cons of having a tightly integrated secure communications system versus a somewhat isolated safe-haven network. The FireEye and SolarWinds news of December 2020 make this even more topical as a way to start your 2021 planning. You can register for this webinar HERE.
2020 has been a very tough year for many people so I am personally very happy to see it go. Yeah, 2021 is going to start off as 2020 left off, but I’m an optimist – so I can’t wait to enjoy a nice drink with friends in a pub in the spring and then a long summer holiday in a far off land!
Happy New Year from everyone at Salt Communications!
About Salt Communications
Salt Communications is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. Salt Communications is headquartered in Belfast, N. Ireland, for more information visit our website.