With all of the craziness in the last year related to cybersecurity, it only makes sense to recap some of SecureWorld's most intriguing stories.
So let's kick things off with the one that generated the most discussion.
1. Suing the CISO: SolarWinds Fires Back
It seems we are adding to the things in life that are guaranteed. Death. Taxes. And litigation after a cyberattack.
This week, there was significant action in court as SolarWinds fired back against one of the lawsuits related to its Orion cyberattack saga.
However, this is not just another nameless, faceless piece of litigation; this one specifically names the company's Chief Information Security Officer.
A group of investors filed the suit which specifically calls out SolarWinds, its former CEO, and also Tim Brown, who is VP of Security and CISO.
This serves as a crucial reminder that security leaders can and sometimes are getting sued. According to Rebecca Rakoski, cyber attorney and managing partner at XPAN Law Partners:
"The C-Suite is not immune, and while lawsuits against the C-Suite are in some aspects more difficult to prove, those C-Suite members have a heightened obligation to the organization.
The takeaway message? The C-Suite needs to ensure that its actions are comprehensive and well supported. They need to consider the legal ramifications of both action and inaction."
And in this case, the lawsuit claims that inaction around cybersecurity led to deception for investors. Specifically, that SolarWinds embraced intentional or severely reckless deceit on investors.
2. 'An 8th Grader Could Have Hacked' Colonial Pipeline
Here is something you never want to hear about your company after a ransomware attack: "I mean, an eighth-grader could have hacked into that system."
Which company was this person speaking about? Colonial Pipeline.
The person speaking authored a $1.8 million information governance report for the company which uncovered "a patchwork of poorly connected and secured systems."
Is this what led to the successful ransomware attack against the company? The attack left millions of drivers in the eastern U.S., along with airlines and truckers, scrambling to find fuel.
And let's consider another key question. How much action did Colonial Pipeline take to shore up its vulnerabilities following the report?
We may never know. Unlike cybersecurity standards that electric providers must adhere to, there is no federal requirement around cybersecurity for America's pipeline operators.
Now, a powerful voice is calling for that to change.
3. DOD's First Software Chief Resigns in Frustration
It is no secret the United States government has been playing catch up when it comes to cybersecurity. Ever since the SolarWinds hack compromised thousands of organizations, with many victims in the U.S, federal leaders have made cybersecurity a priority focus.
The Biden Administration has announced numerous measures aimed at improving the nation's cybersecurity infrastructure and has encouraged collaboration between the public and private sector, which many experts believe is a key component when it comes to improving cybersecurity as a whole.
But these improvements in the last year or so will hardly make up for decades of lax cybersecurity protocols, according to Nicolas Chaillan, who was the Department of Defense's first Chief Software Officer before recently resigning.
He cites cybersecurity leadership, a lack of funding, and the power and potential of a foreign adversary.
4. New Record: Darknet Markets Are Booming
As most of us know, 2020 was a year of polar opposites in the business world. Some businesses went bust while others boomed and set new records.
One profitable line of work during the pandemic? Selling illicit goods and services on the Dark Web.
These darknet markets hauled in a record amount of revenue last year, with customers around the globe spending $1.7 billion in cryptocurrency.
Chainalysis, which tracks this kind of spending, shared new research breaking down darknet markets and their geographic distinctions in 2020.
5. Security Standoff: IT Department vs. City Councilman
We are living in a world where mask and vaccine mandates have become more than health issues—they are also political landmines.
It's hard to believe, but security awareness training is now being viewed through a political lens, as well.
There is an unusual case unfolding right now in Alabama. The controversy revolves around race, politics, and executive privilege as a city's mayor, CTO, and councilman go back and forth on cybersecurity training.
The U.S. Department of Justice (DOJ) made a surprise announcement this week: it was able to recover more than $2 million of the ransom money Colonial Pipeline had paid to a cybercrime gang.
But with the ransom being paid in Bitcoin, how could this happen?
After all, the conventional wisdom is that ransomware gangs demand cryptocurrency so they can move the funds anonymously and with impunity. In other words, so they don't get caught. And so the money stays out of the hands of law enforcement.
This time, it didn't work out that way. So what happened? How did the U.S. DOJ track, seize, and recover the crypto?
Things you buy at the grocery store come in the packaging their team creates.
But now, WestRock, America's second largest packaging company, says its network and production are disrupted because of a ransomware attack.
The company is known for paper and packaging solutions, including products such as corrugated containers, folding cartons, and even custom machines for packaging automation.
The WestRock Company announced on January 23 that it had detected a ransomware incident which may have a material impact on earnings.
Security researchers have warned us about this for years now.
Cars are getting smarter, becoming more connected, and increasingly they are at risk of being hacked through the cloud.
But what about hacking a human who helps create these connected cars?
A Russian national in U.S. jail pleaded guilty to trying to hack Tesla's computer network through an employee. He attempted to get the employee to turn on his own company, something security experts call an insider threat.
The plot in this case is full of intrigue, social engineering, diversion, and a seven-figure bribe dangled in front of the employee.
The U.S. Attorney's Office in Nevada explains the crux of the Russian man's scheme:
"According to court documents and admissions made in court, from July 15, 2020, to Aug. 22, 2020, Egor Igorevich Kriuchkov, 27, conspired with others to recruit an employee of a large U.S. company to transmit malware provided by the conspirators into the company's computer network. Once the malware was installed, Kriuchkov and his co-conspirators would use it to exfiltrate data from the company's computer network and then extort the company by threatening to disclose the data."
Court documents are taking us inside the FBI sting that tripped up the suspect.
The cybercriminals involved, including Kriuchkov, targeted Tesla through an employee who works at the company's Gigafactory in Sparks, Nevada.
Cyberattacks have now caught the attention of the North Atlantic Treaty Organization.
The Heads of State and Government of the 30 NATO allies met in Brussels, Belgium, recently to discuss the state of cybersecurity around the globe.
The most important takeaway from the meeting is this:
"We remain firmly committed to NATO's founding Washington Treaty, including that an attack against one Ally shall be considered an attack against us all, as enshrined in Article 5."
This is a huge announcement that nation-states and threat actors will need to take very seriously.
NATO's Article 5 states that if an ally is the victim of an armed attack, it is deemed as an attack against all allies and the Alliance will take any necessary actions to help the victim ally.
Now, cyberattacks will be considered in the same light.
The company knew it had been breached. The incident response was underway.
But the IR team was trying to figure something out: how did a hacker access the organization's AWS cloud to exfiltrate data and then proceed to copy more than 150 repositories from its GitHub account?
According to court records unsealed this week, one of the people on the Incident Response team could have answered that question because he was "the hacker" who did it.
And get this: while he was responding to the incident with his colleagues, he was attempting to extort his company for millions of dollars.
Are we going too far with our headline that calls this the ultimate IT betrayal? Read about this insider threat case and let us know what you think in the comments below.
What a year in cybersecurity!
Take a look at SecureWorld's Events page to see our conferences planned for 2022 as we return to in-person conferences!