Recent supply chain attacks prompted cybersecurity professionals, under the auspices of Cybersecurity Collaborative, to stand up a task force focused on minimizing third-party risk. The need for the Third-Party Risk Task Force, which kicked off this week, has been amplified by recent advanced persistent threat attacks that infiltrated corporate and government networks, due to security…
While researchers may want to invest time and energy towards attributing the latest high-profile attack to a particular adversary, more productive is the ability to see similarities in the underlying techniques employed in the attack were to prior attacks.
The Chinese espionage group APT27 has moved into more financially-motivated cybercrimes, using ransomware to encrypt core servers at major gaming companies worldwide.
Communicating with the public, working with stakeholders and convincing insurers that root security failures have been addressed are all part of how companies come back from a bad breaches. But it still may not be enough.
As a journalist I’ve spent years reporting about both our country’s strengths and weaknesses, mostly within the tech and government space. And yet, even in my own reporting and that of my peers, there is this precept that the U.S. is among the most advanced – superior even – in most every area of consequence.
Smith suggested a three-point plan he believed would prevent further supply chain attacks: Increasing intelligence sharing between government and the private sector, developing stronger international norms for acceptable behavior in cyberespionage, and finding harsher ways to hold governments accountable.
Chances are, we’re far from fully seeing the fallout from the SolarWinds incident. But to understand why SolarWinds was attacked, we have to first identify what makes it attractive to bad actors.
SolarWinds customers – over 300,000 of them, including most of the Fortune 500 – must determine what was breached, mitigate the damage before using the software again, and explore new supply chain safeguards.
As public and private sector companies share common tools, practices and managed services, it’s important to remember that homogeneity makes us vulnerable.
The attack featured a new strain of malware that was spotted in the wild, which centers around a backdoor aims to take over user devices.
