Predictions for 2021, and for what remains of December
Solutions Review expects organizations to increasingly focus on resiliency in 2021 as they settle into an always-online business model. This will involve, in part, an emphasis on cloud backups and disaster recovery.
Digital Shadows offers a useful reminder that cybercriminals can be expected to take advantage of increased online shopping this holiday season.
The scope of the SolarWinds supply chain breach continues to expand. The New York Times reports that “parts of the Pentagon” were compromised, though the extent is still unclear. CyberScoop reports that the White House National Security Council has activated the Cyber Unified Coordination Group (UCG) to coordinate the government’s response to the incident.
ZDNet reports that Microsoft has seized and sinkholed the domain that served as a command-and-control server for the malware used in the operation. Microsoft Defender also began blocking known malicious SolarWinds versions this morning, stating that it “will quarantine the binary even if the process is running.”
Volexity describes an incident involving the threat actor behind the SolarWinds operation (presumed to be Russia’s SVR). The actor first compromised a US-based think tank and remained undetected for several years. After being discovered and removed, the actor regained access by exploiting a vulnerability in Microsoft Exchange Control Panel. The attackers were again expelled, but returned a third time via SolarWinds in June and July of 2020. Notably, during its second appearance, the actor used a new technique to bypass multifactor authentication after gaining administrative privileges on the victim’s OWA server.
Facebook has taken down three competing inauthentic networks that primarily focused on African countries. One of the operations originated in France, while two were based in Russia. Interestingly, Facebook says this is the first time it’s seen two opposing information operations “actively engage with one another, including by befriending, commenting and criticizing the opposing side for being fake.”