From ransomware schemes to supply chain attacks, this year melded classic hacks with extraordinary circumstances.
Wednesday, December 30, 2020
The Worst Hacks of 2020, a Surreal Pandemic Year
to kick off a new decade. 2020 showcased all of the digital risks and cybersecurity woes you've come to expect in the modern era, but this year was unique in the ways Covid-19 radically and tragically transformed life around the world. The pandemic also created unprecedented conditions in cyberspace, reshaping networks by pushing people to work from home en masse, creating a scramble to access vaccine research by any means, generating new fodder for criminals to launch extortion attempts and scams, and producing novel opportunities for nation-state espionage.
SolarWinds Supply Chain Hack
On Tuesday, December 8, the well-respected cybersecurity and incident response firm FireEye made a stunning disclosure. The company had suffered a breach, and hackers had stolen some of the firm's internal threat-intelligence data as well as a cache of its “red team” hacking tools—used to probe the systems of paying customers for weaknesses so they can be fixed before attackers find them. In itself, the FireEye breach, which The Washington Post quickly attributed to Russian state-backed hackers, was significant but not a catastrophe. What no one knew that day, though, was that 18,000 other shoes were about to drop.
Beginning on Sunday, December 13, news broke in waves that United States government agencies like the Commerce, Treasury, Homeland Security, and Energy Departments, corporations, and international targets had all been victims of a massive nation-state espionage campaign. The hackers, who have widely been reported as Russian, were on a rampage that was largely made possible by what's known as a supply chain attack. In other words, all of the attacks were made possible by one initial compromise, in this case at the IT infrastructure firm SolarWinds. Hackers had breached the company as early as October 2019 and planted malicious code in software updates for its network-monitoring tool, Orion. Without knowing it, any customer that installed an Orion patch released between March and June was also planting a Russian backdoor on their own network.
There is also some evidence that the attackers compromised victims through other means aside from the SolarWinds breach, but through that one intrusion the attackers created access for themselves in roughly 18,000 SolarWinds customer networks, according to the company. The impact of the attack varied among victims. In some cases the hackers planted a backdoor but didn't go any farther. In other cases they used the access just long enough to figure out that they didn't care about the target. And for an unlucky subset, the attackers moved deep within victim networks for reconnaissance and data exfiltration. For example, critical infrastructure companies like more than a dozen in the oil, electric, and manufacturing sectors seem to have installed the backdoor, but it's not clear how extensively they were actually infiltrated by attackers. The situation underscores the threat posed by supply chain attacks, because they can efficiently undermine all of a company's customers in one fell swoop.
Russian hackers have used the technique before, sometimes with more expressly destructive goals. The SolarWinds attacks so far seem to have been largely for espionage, though some experts warn that it's too soon to tell whether there was a destructive component. Even if the attacks were purely for information-gathering, which is usually a globally accepted activity, some politicians and researchers say that the intrusions cross a line or are out of step with espionage norms because of their scale and scope. As former CIA agent Paul Kolbe put it last week in a New York Times essay, though, “The United States is, of course, engaged in the same type of operations at an even grander scale. We are active participants in an ambient cyberconflict that rages, largely unseen and unacknowledged, across the digital globe. This is a struggle that we can’t avoid, and there is no need to play the victim.” The question now is how the United States will respond to the SolarWinds hacking spree and approach digital espionage and conflict in the future as the Trump administration ends and the Biden administration begins.
In July, a wave of stunning takeovers swept across Twitter, hijacking the accounts of Joe Biden, Barack Obama, Elon Musk, Kanye West, Bill Gates, and Michael Bloomberg, as well as major corporate accounts like that of Apple and Uber. The accounts tweeted out variations of a common theme: "I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes."
Final Fantasy is perhaps one of the most revered and celebrated JRPG series to date, filled with a colourful history that is fondly remember...
BOMBSHELL – JHO LOW BILLIONAIRE PLAYBOY NO MORE? 1MDB LYNCHPIN NOW MARRIED WITH 2-MONTH OLD SON – ‘FEARING CAPTURE, HE FORCED HIS WIFE JESSELYNN CHUAN TO STAY FOR DAYS ON BOARD HIS BOAT’ BEFORE IT WAS SEIZED, SAYS REPORTDespite his penchant for surrounding himself with beautiful and famous women, Jho Low craved recognition of his “power and prestige” mor...
KUALA LUMPUR, Sept 28 ― Tan Sri Michelle Yeoh will produce the film version of Billion Dollar Whale , a book unraveling the massive 1...
YouTube is testing a new Smart Downloads feature on its mobile app on Android in Europe, 9to5Google reports. It functions similarly to its c...