There is no let up in the number of reported cyber attacks. The Solarwinds affair again demonstrated the lengths attackers will go to and the patience to wait for the best time. Threat actors, who had performed reconnaissance since March, planted a backdoor in SolarWinds' Orion platform, which was activated when customers updated the software.
Those revelations were rapidly followed by news of the Microsoft Exchange hack which is estimated to have compromised upwards of 30,000 on-prem customers, but not Exchange online services. Microsoft were initially made aware of four zero day bugs in early January but no patch was forthcoming until 2 March. At the time, the company said that the bugs were being actively exploited in limited, targeted attacks.
On March 12, Microsoft focused its investigation on whether the hackers obtained the credentials needed to gain access to the Exchange Server by a Microsoft partner, either intentionally or unintentionally. It is suspected that the hackers possessed Proof-of-Concept (PoC) attack code that Microsoft shared with antivirus companies as part of the company's Microsoft Active Protections Program (Mapp).
While fixes have been issued, the scope of potential Exchange Server compromise depends on the speed and uptake of patches -- and the number of estimated victims continues to grow.
Ransomware and phishing attacks were again a major menace in 2020. The Marriott hotel chain was again hit and suffered a data breach. Garmin, the Satnav company, was held to ransom and allegedly paid the price after their services were not available, some for up to 4 days. Just as worrying are the number of attacks on schools and other educational institutions. Just last week, Hertfordshire University in the UK was taken completely offline by a cyber attack presumed to be a ransomware attack.
Next, a recent report from Surrey University sponsored by HP Inc suggests that cyber attacks initiated by or on behalf of nation states has doubled in the last three years moving the world closer to a point of advanced cyber-conflict. Nation states are devoting significant time and resources to achieving strategic cyber advantage to advance their national interests, intelligence-gathering capabilities and military strength through espionage, disruption and theft. writes the reports author Dr. Mike McGuire. The latest escalation is supposedly the attack by the state of Israel on an Iranian military centre with Iran threatening retaliation. It is 10 years now since the very similar Stuxnet attack (reportedly initiated by israel and the USA). Cyber warfare is not only about economic and business sabotage.
Whether or not you agree that we have entered a cyber crisis period, there is no excuse not to take the threats seriously and plan and implement security solutions. Unfortunately cyber resilience is still not being given the attention it requires by many companies.
Micro Focus has an extensive portfolio of security solutions which it has now brought together as the new CyberRes line of business (https://www.microfocus.com/en-us/cyberresilient) offering an all-round set of cyber security solutions for protecting, detecting and evolving your digital assets.
IDC defines cyber-resilience as the merging of cybersecurity, risk management, business continuity, and resilience practices that further the organization's ability to withstand and recover from any accidental or deliberate attempt to keep the organization from performing its core functions.
Cyber-resilience is a paradigm shift to enable enterprise resilience and the ability for organizations to thrive despite adversaries, crises, and business volatility. Being resilient will equip organizations with the ability to "pivot"at scale during adverse market conditions (including non-business events such as a global pandemic) and adapt to customer changes, digital transformation, and hyperscaled growth.
Micro Focus have developed a single page Cyber Resilience Maturity Model that quickly enables all organisations to assess their current position and the direction they need to move.
This can be used as an introduction to the Micro Focus security portfolio, whether it is the ArcSight suite for detection, Voltage for protecting data, Fortify suite for the development of secure applications or the NetIQ identity and access management solutions. Please take a look and protect your organisations against the cyber threat.
ps. Micro Focus have now launched their CyberRes Global User Groups. You can find more information and join up at https://www.microfocus.com/en-us/cyberres/community/user-groups?