2020 was an important year for the cybersecurity industry. New malware was discovered. New threat groups were created. New ransomware payment records were beat.
Around this time last year, things were iffy. There was a lot of talk about the coronavirus in China. People weren’t sure what to think, do, or how to seek information.
Covid-19 caused a lot of uncertainty around the globe. Citizens looked towards their leaders for advice. Sometimes, advice wasn’t clear or communicated properly. Basically, chaos formed, and many people were overwhelmed with information and feelings.
The global pandemic caused and is still causing organizations to face more vulnerabilities than expected.
Supply chain attacks
- Organizations rely on third-party solutions all the time. Relying on a third-party is very popular today, and we don’t see this going away anytime soon. The main issue is threat actors can take advantage of a third-party to gain access to their main victim in order to compromise their network. By attacking a supply chain, threat actors have a better aim at compromising more than one organization. Essentially, it is a domino effect.
Counterfeit software installers
- A fake software installer is incredibly dangerous. It tricks the user(s) to download it. It appears to be legitimate in all aspects. The victim downloads it and installs the software. As a result, the victim allows the threat actors into the environment. The threat actors are then able to obtain data, and have it sent back to their own environment. This happens often because most end-users are not knowledgeable enough to distinguish the difference, unfortunately.
- Specific malware has developed to be more sophisticated. For example, Conti ransomware has had the opportunity to enhance its tactics and techniques against its victims. It can, along with some other malware, get past some security products. This can be very terrifying for some especially if an organization doesn’t have a cybersecurity firm they are working with 24/7. It is never a good idea to assume your digital environment is secure against any type of malware. Continuously conduct risk assessments to understand your cybersecurity risk profile.
Maze ransomware followers
- Ransomware groups, like Egregor and Sekhmet, encrypt their victims’ data, issue a ransom note, and demand a payment before decrypting or releasing their victims’ data. This type of work is fast-paced and threatening. If not handled correctly, it can close a business, cause an intense business disruption, or even dismantle a brand’s reputation. Threat actors are able to access network via stolen admin credentials by launching a phishing campaign through various methods like malicious Word Documents or Excel files.
RaaS – Ransomware as a Service
- Threat actors communicate with one another on a special network. There is a new RaaS caked Beur Loader. This malware is known as downloaders or simply “loaders.” This type of malware gives threat actors the ability to issue payload-type malware attacks. Typically, this is done via email and various delivery systems. Since threat actors can purchase this type of malware, it makes it easier for them to attack their victims since they don’t have to face other roadblocks.
SpearTip experts have had their eyes on all things cybersecurity, especially the SolarWinds breach. In fact, our developers created a free tool, Sunscreen SPF 10, to check if the Sunburst Malware has been in your network by monitoring malicious activity and rooting out compromised versions of SolarWinds. We’ve also developed an EDR tool, ShadowSpear®, to monitor your environment and allow full transparency on your risk profile.
The cybersecurity professionals in our Security Operations Center are on call 24/7 and will assist with any issues or concerns regarding the SolarWinds breach. If you have questions, call the Security Operations Center (SOC) at 833.997.7327.