A lack of data protection, side effects of a global pandemic, and an increase in exploit sophistication have led to a huge incline in hacked and breached data from sources that are increasingly common in the workplace, such as mobile and IoT (internet of things) devices. On top of this, COVID-19 has ramped up remote workforces, making inroads for cyberattacks.
2020 also saw an increase in the frequency of cyber attacks and higher ransom payments. According to Harvard Business Review, the amount companies paid to hackers grew by 300%. The sudden increase in remote work and more lax security protections at home gave hacker groups the perfect opportunity to breach sensitive data.
Chinese Hackers Demonstrate Their Global Cyber Espionage Reach with Breach at 10 of the World’s Bi
One of the men, Yaroslav Vasinskyi, 22, was allegedly responsible for the attack against Kaseya. Both of the men arrested in November may face life in prison. Although REvil is still an active player in the world of cybercrime, authorities hope to find and prosecute more hackers and end their operations. (NPR)
2020 was a roller coaster of major, world-shaking events. We all couldn't wait for the year to end. But just as 2020 was about to close, it pulled another fast one on us: the SolarWinds hack, one of the biggest cybersecurity breaches of the 21st century.
The breach was first detected by cybersecurity company FireEye. The company confirmed they had been infected with the malware when they saw the infection in customer systems. FireEye labeled the SolarWinds hack "UNC2452" and identified the backdoor used to gain access to its systems through SolarWinds as "Sunburst."
Microsoft also confirmed that it found signs of the malware in its systems, as the breach was affecting its customers as well. Reports indicated Microsoft's own systems were being used to further the hacking attack, but Microsoft denied this claim to news agencies. Later, the company worked with FireEye and GoDaddy to block and isolate versions of Orion known to contain the malware to cut off hackers from customers' systems.
The SolarWinds supply chain attack is a global hack, as threat actors turned the Orion software into a weapon gaining access to several government systems and thousands of private systems around the world. Due to the nature of the software -- and by extension the Sunburst malware -- having access to entire networks, many government and enterprise networks and systems face the risk of significant breaches.
Another lesson from Ukraine is that future wars will need to take into account the ubiquity of mobile phone cameras, public access to satellite imagery, and even communications intercepts using online services like WebSDR. These public, nongovernmental sources of information undercut any effort to control the narrative while providing real intelligence advantage. What used to be considered secret intelligence is becoming a publicly available good. Governments have not lost their monopoly of the use of force, but any monopoly they had on controlling information from war zones has largely disappeared. In theater, civilians can provide valuable information on opponent forces. Civilian actors can use digital and mobile technologies to greatly expand the amount of information available to the force they support and complicate efforts to falsify or disrupt it. Only the strictest censorship can hope to control the narrative and many news sources lie outside the scope of censorship. Russian efforts to jam cellular telephony or interfere with internet access in Ukraine were also unsuccessful. Planning how to degrade or control civilian communications spread across a decentralized global network networks will also need to become part of cyber offensive operations.
The past decade has been a tumultuous one in the cybersecurity world. As hackers develop increasingly sophisticated attack measures, companies of all sizes should be poised to defend and protect their data from even more serious cyber attacks in the coming years.
What happens when there is a criminal, terrorist, or other malicious actor engaging in destabilizing activity in which the likelihood of getting caught and punished is close to zero? In this section, we lay out some of the dimensions of the cybercrime wave in the United States and globally. The burgeoning cybercrime wave is the result of both the ubiquity of technology and the one-sided nature of our defenses: a reliance on building systems that are harder and harder to breach, training lay users to be harder and harder to fool, and faced with hackers who are harder and harder to catch.
While these cases are important and meaningful in punishing cyber attackers, they represent a very small drop in a very large bucket. And the low enforcement rate for cybercrime has consequences. Cybercriminals are operating with near impunity compared to their real-world counterparts. Given the increasing ease of committing these crimes and the unlikely chance of being caught, it is no wonder that this category of crime is on the rise.60
Congress and made to apologize for their lapses, their holes in security, and their failure to have the most up-to-date defenses. To be sure, some of these companies deserve criticism for not taking proper precautions. For example, Equifax, a consumer reporting agency, which holds millions of Americans personally identifiable information, was hacked in 2017 because they failed to update their software after knowing about the risk for months. This led to hackers exploiting the vulnerability, exposing the information of 143 million Americans.66 This was preventable and companies that similarly fail to address known vulnerabilities should be held accountable. Corporations in America fear the losses and reputational harm that come from a major breach, and thus focus their efforts on defending their networks and data.
Once the United States has ultimately built cases against these cybercriminals, it will need help bringing them into custody. Once they have an arrest warrant, American authorities can ask INTERPOL, the global police cooperation body, to issue a Red Notice, which asks foreign authorities to locate and provisionally arrest an individual pending their extradition.130 Once a Red Notice is issued for a cybercriminal, these persons are placed on lookout lists and, if they come to the attention of police in other countries the United States can request that they be provisionally arrested or file a request for extradition.131 Extradition treaties allow US authorities to ask other countries to hand over an individual for prosecution or to serve a sentence following a conviction in American courts. The United States has signed extradition treaties with over 100 countries.132
Businesses also operate in a world in which 95% of cybersecurity issues can be traced to human error,52 and where insider threats (intentional or accidental) represent 43% of all breaches.53 Some companies will inevitably move to greater segmentation of digital systems to better account for insider risk. Companies could begin or continue to lock up key data as a result of cybersecurity issues. Workforce efficiency, too, could suffer if accessing data and information is less seamless.
Exponential advances in technology combined with decreasing costs have made the world more connected than ever before, driving extraordinary opportunity, innovation and progress. The coronavirus (COVID-19) pandemic has accelerated this trend, but we are likely still in the early stages of a long-term structural shift. The global expansion of cyberspace is changing the way we live, work and communicate, and transforming the critical systems we rely on in areas such as finance, energy, food distribution, healthcare and transport. In short, cyberspace is now integral to our future security and prosperity. This offers extraordinary opportunities for technologically advanced countries like the UK to pursue their national goals in new ways.
Cyberspace also transcends national borders. Technology supply chains and critical dependencies are increasingly global, cyber criminals and state-based actors operate from around the world, powerful technology companies export products and set their standards, and the rules and norms governing cyberspace and the internet are decided in international fora. Cyberspace is also continually evolving as technology and the ways people use it change, requiring us to adopt an agile and responsive approach.
However, we have growing evidence of gaps in our national resilience, with levels of cyber crime and breaches affecting government, businesses and individuals continuing to rise as well as cyber-enabled crime, like fraud.[footnote 9] [footnote 10] Legacy IT systems, supply chain vulnerabilities and a shortage of cyber security professionals are growing areas of concern. Almost four in ten businesses (39%) and a quarter of charities (26%) report suffering cyber security breaches or attacks in the last year, and many organisations (especially small and medium enterprises) lack the ability to protect themselves and respond to incidents.[footnote 11] Industry tells us that many businesses do not understand the cyber risks they face, that commercial incentives to invest in cyber security are not clear, and that there is often little motivation to report breaches and attacks.
The threats we face in and through cyberspace have grown in intensity, complexity and severity in recent years. Cyber attacks against the UK are conducted by an expanding range of state actors, criminal groups (sometimes acting at the direction of states or with their implicit approval) and activists for the purpose of espionage, commercial gain, sabotage and disinformation. Such attacks cause significant financial loss, intellectual property theft, psychological distress, disruption to services and assets and risks to our critical national infrastructure, democratic institutions and media. They can also damage investor and consumer confidence and amplify existing inequalities and harms. During the COVID-19 pandemic the shadow pandemic of gender-based violence was compounded by online attacks. Ransomware attacks continue to become more sophisticated and damaging. While the overall level of cyber threat from hostile actors during the COVID-19 pandemic has remained constant, they have exploited it as an opportunity and shifted their cyber operations to steal vaccine and medical research, and to undermine other nations already hampered by the crisis. The growing dependence on digital technologies for remote working and online transactions has also increased exposure to risks. Alongside this, digital divides have also created uneven access to online services and exposed people to online abuse and harms due to limited digital literacy and awareness of the cyber security measures we can all take to stay secure online.[footnote 12] 2ff7e9595c
Comments