The most pernicious aspect of the 2020 supply chain attack is that hackers used trusted programs like SolarWinds to launch the attack. The major supply chain hack of last year took advantage of flaws in firms’ cybersecurity controls, such as unprotected developer environments and logins via trusted software updates.
Businesses have seen an increase in supply chain threats in recent months. The alarming attack on SolarWinds, which impacted several government agencies, brought the year to a close.
This information has surfaced because cyber criminals involved in the attack actively sought to exfiltrate data from the network, most likely with the intention of selling it on the dark web for profit. Furthermore, given the volume of data extracted prior to detection, they were likely well-versed in the network, particularly how to exfiltrate data while remaining unnoticed, reducing the risk of triggering security warnings. This is becoming a far more prevalent method that is no longer reserved for more skilled threat actors and is now being routinely used in cybercriminal operations, resulting in more reputational and financial damage to the target firm.
Threat actors value airline data because it contains significant amounts of Personally Identifiable Information (PII), such as names, addresses, passport numbers, emails, credit card numbers, and so on. This data can be sold separately on the dark web or combined into a full-data package known as a “Fullz.” Fullz is easily monetized on the dark web, with prices ranging from US$10 to US$100, though passport information can increase the value by up to tenfold. As a result, the data taken in this attack is worth a significant sum of money to the cybercriminals.
The emphasis that companies place on securing this data should reflect the value put on it by cybercriminals. Airlines, for example, hold a significant amount of data, and businesses should take this into account when implementing cybersecurity, aiming to build a mature cybersecurity posture in line with the relevance and worth of the data they are protecting. Single cybersecurity solutions, such as an anti-virus or a firewall, are no longer sufficient to protect a network. Endpoint solutions, antivirus, and firewalls, as well as network security solutions, are required by organizations to offer visibility throughout their whole digital estate, not just on endpoints.
However, as the complexity of cybersecurity solutions grow, so should the knowledge and skills of the analysts and teams who use them. This will ensure that they are not only getting the most out of their solutions but also that they can transition from a reactive security posture, where teams actively conduct threat hunting within their network to discover unknown malicious activity before it causes damage.
Threat actors are growing more sophisticated, and their skills are always improving to be effective in their operations. In order to have the best chance of averting an attack, companies must invest in the people, processes, and technology that they deploy across their network. And, in the worst-case scenario, this will lead to the establishment of skills and techniques that will help in the rapid remediation of any attacks, lowering the potential damage on both the company and its customers.
For more such updates follow us on Google News ITsecuritywire News.