Cyberattacks are not slowing down. The recent cyber-espionage attacks involving Russia and China that exploited SolarWinds and Microsoft Exchange vulnerabilities demonstrate the intensity of these threats to our national security.

The Annual Threat Assessment report essentially says that China wants to rule the world, and will stop at nothing to attack the U.S. Homeland. Ironically, China already leads the world in surveillance systems. Too bad our own government hasn't deployed sophisticated monitoring platforms like behavioral analytics to proactively identify and mitigate these cyber-espionage cyberattacks.

Meanwhile, it's no surprise that Russia continues to be a top cyber threat to the U.S., intentionally targeting our critical infrastructure. We need to be much more prepared to defend our electric grid, industrial control systems, and underwater cables. The best defense is a full-stack offense which again includes cyber defenses powered by machine learning like security analytics.

Sadly the Joker Malware is no joke. And even more depressing, no dark knight is going to ride in to save users from these malicious apps. Users have to manually clean their devices of this pesky malware. The good news is that it appears the only damage is financial, and likely temporary. Users who have been subscribed to premium mobile services as a result of this malware can request refunds for said services since the affected applications are known. The real problem sits with Huawei since over 500,000 users will be battling the company for premium service refunds. If only Huawei could send Alfred "to the bat cave" to create a self-refunding app! Then they could have the last laugh...

Most IT departments are not structured to be mobilized. Sending a member of your IT staff out into the residences of employees to set up remote access, the availability of network library shares and FTP up/downloads is largely out of the question. Sadly, there are also no controls in place that would prevent kids from working on Dad's computer or losing his cellphone. The more local control you release by expanding the workplace beyond a secure, hard-wired network, the greater the security threats to your work environment, et al. Plan for it.

This is a huge blow to Facebook. Leaking the personal data of 533 million Facebook users is a data breach of massive significance and consequence. The fines alone could literally cripple the company.

11 million of the users whose data was exposed are in the UK. Under GDPR penalties, Facebook faces a maximum fine of £17.5 million or up to 4 % of their total 2020 global turnover - whichever is higher. The UK fine alone could set Facebook back $3.4 Billion.

Further, over 32 million records are US users. The California Attorney General can seek civil penalties of $2,500 per violation of the CCPA (California Privacy Protection Agency). So, depending on how many of those users are in California, Facebook could be looking at additional fines in the billions.

All in all, a very bad situation for Facebook and as usual, completely avoidable. The data breach occurred because of a vulnerability that the company patched in 2019. Facebook obviously needs to improve the company's maintenance processes to reduce risks from known vulnerabilities.

The revelation that personal information involved in a 2020 breach has wound up in a code archive, on film, stored in a repurposed coal mine in Norway, is fascinating. While it seems unlikely that this information will ever be accessed from the archive, that it happened at all points to the unintended permanency of data stored on the internet. The lesson here for any organization is that their data, especially sensitive data, needs to be protected before it gets into the wrong hands.  The saying "the internet never forgets" is especially true here, where this breached data will be around for a millennium.

The attack against PDI follows a common pattern with hybrid ransomware attacks. The attackers exfiltrate data before encrypting it, then extort money with the threat of releasing it if their demands are not met. The surprise here is how much data was apparently stolen. Attackers sneaking out a few Gigabytes of data is plausible. However, stealing almost a Terabyte without being noticed indicates their perimeter defenses weren't even looking for this kind of data exfiltration. We have seen this level of data theft in other attacks. Organizations need to review their policies and security stacks, and deploy tools that can identify mass data transfers like this, such as DLP and security analytics platforms.  Stopping the attackers before they get in is ideal but identifying and stopping them quickly once they're inside is vital.

The breach of UK clothing retailer FatFace is interesting more for their response than the incident itself. While the data stolen was limited, it would still be useful to attackers. Their response to customers included an advisory to keep the incident in confidence. That is unusual and would seem to fly in the face of the UK's data protection laws. While a business might suffer a hit to their reputation after a breach, it is guaranteed to suffer a greater hit if they try to conceal one. Customers and the general public appreciate transparency and it goes a long way to restoring trust after a cybersecurity incident.

There is little information about the attack against CNA insurance as yet, but insurance agencies are a tempting target for cybercriminals.  If an attacker can extract a list of clients who have cyber-attack insurance, those clients in turn become inviting targets themselves.  Since they have insurance they are seen as more likely to pay off a ransom. It's a win-win for the attackers and a lose-lose for everyone else.

Organizations need to up their cybersecurity game if they don't want to become a victim themselves.  There is more to it than checking the boxes so they can get insurance.  They need to implement best practices and take cybersecurity seriously.  It needs to be ingrained in process, policy, and company culture.  And that needs to be backed up with best in breed security solutions, such as security analytics, that can blunt an attack when malicious actors get past the perimeter.

As long as there are still unpatched Microsoft Exchange servers accessible on the open internet, we will see attacks like this. The payloads may change depending on what the threat actor is after, but they will continue to leverage the vulnerabilities in Exchange Server until there aren't any vulnerable hosts to exploit.

This series of attacks is a reminder how important it is to maintain on-premises software with security patches, and to make sure the local environment is protected with an up to date security stack.

Malicious actors know that users are the weak link in the security chain. They know that a timely and relevant hook can be all it takes to get a victim to reveal their credentials or download a malicious application.  For much of the last year, they used Covid 19 as the hook.  Now that it's tax season in the US, they're shifting to tax related hooks.

The technical methods attackers have adopted to bypass anti-virus and anti-malware applications is evolving, but it still comes back to the Human element. Which means user education remains the first line of defense against malicious actors. A complete security stack can help, but well trained users are less likely to become victims.