The SolarWinds breach that hit last year was widely considered to be one of the worst cyber breaches ever seen in the US – and the true extent of the damage is still being assessed. This has only been highlighted by a New York Times column published late last year, in which a former high-ranking US official claimed that it ‘will take years to know for certain which networks were compromised’.
Attacks such as this are, unfortunately, only likely to grow in frequency as threats evolve and we continue to rely on a hybrid working approach across the rest of 2021 – and potentially beyond. This has led to the World Economic Forum declaring ‘the threat of cyber attacks is too big a job for either government or business to tackle alone’.
In a previous blog post, we looked at how cyber criminals may be shifting their focus to the Property Sector. Not only is the industry extremely lucrative, but there is also an incredibly high amount of sensitive data being exchanged throughout the day from those working in the sector – both of which are like gold dust to those attempting to infiltrate your network.
However, the reality is that most private sector companies, and now governments, are no longer slipping under their radar – as shown by last week’s attack on government agencies around the world, carried out by Nobelium, the group behind the SolarWinds attack.
Nobelium, the group behind the SolarWinds attack, were previously an unknown entity until last year’s breach took place, however, they’ve made their return with another high profile attempted attack, leveraging the stolen email account of a United States federal agency to run a phishing campaign.
The attack – so far –appears to have resulted in ‘limited damage’, with ‘no evidence of a significant number of compromised organisations at this time’, according to Microsoft.
A screenshot of one of the spear-phishing campaigns can be seen below – taken from a Microsoft update that lists the technical aspects of these attacks, and whilst it may look to be US-specific, it’s believed to have run against 150 government entities in 24 countries.
Whilst this appears to be largely contained by Microsoft at the time of publishing, it ties back into the findings from the WEF. Compromising a credible source means that phishing attempts have evolved, becoming even harder to detect by employees.
This has led to Dirk Schrader, Global Vice President of Security Research at New Net Technologies telling CPO Magazine that ‘future employee training could now prove incredibly complicated’, before going on to state ‘employees will have more difficulties with the distinction of good and bad, of trusted and untrusted, which increases the importance of having an onion layer approach to security controls, overlapping each other as a backup’.
In many of our previous posts, we’ve emphasised that there simply isn’t a one-size-fits-all approach when it comes to cyber security now. Threats are evolving too frequently and you simply cannot afford to stand still and hope for the best. Instead, you need a multi-layered approach that covers every aspect of your organisation – from the technical side of your servers, inboxes and devices, all the way through to your staff.
Generic off-the-shelf solutions may work in limited cases for smaller organisations, however, this doesn’t ring true as you scale up a business.
By partnering with an MSP such as Fifosys, you can get access to a broader, tailored range of solutions, alongside an external team with a wealth of experience. Services we offer that could complement an in-house IT department include: Penetration Testing, Auditing, EDR and Dark Web Monitoring.
Typically, staff are the weakest link in an organisation’s security too, which is why we also run free educational training sessions every month – head over to our ‘Events’ page on our website for more information.
All of this, alongside our NOC and SOC, means that we can offer a layered approach to businesses in both the public and private sectors, protecting all aspects of your IT round the clock, irrespective of the time or date.
The pandemic brought about ‘years of change in the way companies in all sectors and regions do business’ and, as such, cyber threats, criminals and attacks are only going to continue to innovate and come up with new methods of breaching networks. It could simply be a matter of time before you’re next.
As written by the WEF, ‘As technology’s role in society increases, cyber security will become an ever-greater challenge. Governments and the private sector have a shared interest and responsibility to face that threat together.’
Therefore, we’re committed to securing organisations and lightening the burden of cyber security, supporting you on your journey.
Reach out to us today to hear how we can help.
Security
I’m sure you know yourself. You know your business. Of course you want to protect everything in it,
Technology is evolving quicker than most peoples’ ability to understand it; therefore it is increasi
You should now understand the difference between Privacy, Anonymity and Pseudonymity. which should l
What business owners consider to be valuable assets will vary from one business owner to another bu