Media coverage - 2021

It’s no surprise to anyone that the recent SolarWinds breach is requiring agencies to rethink their approach to cybersecurity. In many ways, it’s forcing all organizations—public and private sector—to reconsider how they perform network detection and response. Modern attackers, like those who are responsible for the SolarWinds attack, aren’t relying on these former practices of trying to inject malware or get users to click on links.

The FBI has released a private industry notification detailing how cybercriminals have been exploiting network access and escalating network privilege. As remote work has become the norm during the pandemic, many companies have adapted to changing environments and technologies. Due to this, network access and privilege escalation may not be monitored as closely.

The Biden administration begins at a time when cyberattacks against the US public and private sector are at an all-time high, meaning those in the cybersecurity community and beyond will be keenly watching to see what changes are brought about by the change of leadership and its strategy for protecting against nation-state attacks.

The malware, Raindrop is a loader which delivers a payload of Cobalt Strike. Raindrop is very similar to the already documented Teardrop tool, but there are some key differences between the two. Our head of security analytics, Chris Morales, shares that we are now getting into the semantics of minutia of how different malware worked so they can be named and detected with a signature. This is all great after the fact once we already know the attack occurred, however, it did not help when it mattered most.

Experts in the cybersecurity field have commented on the key cybersecurity matters that are likely to play pivotal roles in the Biden/Harris administration over the next four years. Biden therefore has a huge amount of work to do in the cybersecurity area, with attacks at an all-time high against the US public and private sector, says Chris Morales, our head of security analytics.

Detailed Monday by researchers at Symantec, the malware, dubbed “Raindrop,” is a loader designed to deliver a payload of Cobalt Strike. That’s a form of penetration testing software favored by hackers which leaked online in November.

The complex cyberattack campaign against major US government agencies and corporations including Microsoft and FireEye has driven home the reality of how attackers are setting their sights on targets' cloud-based services such as Microsoft 365 and Azure Active Directory to access user credentials — and ultimately the organizations' most valuable and timely information.

The FBI is warning that hackers are increasingly using voice phishing, or vishing, to target remote workers as a way of harvesting VPN and other credentials to gain initial access to corporate networks.

With cyber-attacks against the US public and private sector at an all-time high, as evidenced by the recent SolarWinds supply chain hack, the incoming Biden administration has a huge amount of work to do in the cybersecurity arena.

Unlike prior decades, the penetration of AI into society and the promise of attainable pragmatic solutions seems likely to sustain AI progress for the foreseeable future. The predictions focus primarily on key learnings from the past year, as well as anticipated trends and areas of clear business necessity.

The Cybersecurity and Infrastructure Security Agency (CISA) announced that it is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration.

The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday said it discovered several recent successful cyberattacks against the cloud services of multiple organizations, offering guidance on how security teams can bolster associated security. CISA said in its report that threat actors have used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a so-called “pass-the-cookie” attack that bypassed multifactor authentication to exploit cloud security weaknesses.

CISA reports in an alert issued Wednesday that attacks targeting cloud services have steadily increased since many organizations switched to a largely remote workforce as a result of the COVID-19 pandemic, with employees using a mix of corporate-owned and personal devices to access these services. Attackers are taking advantage of lax security practices, such as weak passwords and workers accessing data from unsecured laptops.

Organizations with remote workers who use cloud-based services are being warned of several recent successful cyberattacks against those services. Vectra's Tim Wade discusses an organization's ability to quickly zero in on an active risk and then take appropriate action to reduce the impact.

In a new alert, the Cybersecurity and Infrastructure Security Agency (CISA) announced that it is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration.

Google’s Project Zero on Tuesday introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency today issued a warning concerning several recent cyberattacks targeting various cloud services.

Forensic investigators have discovered a novel malware program used in the SolarWinds supply-chain attack – one designed specifically to seek out developers’ builds of the SolarWinds Orion IT management platform and then replace a source file with the Sunburst backdoor.

A Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor. Oliver Tavakoli, CTO, says that all of the organization’s digital certificates (ones the organization owns and has private keys for) should be destroyed and recreated in this instance.

Any piece of cloud service, software or hardware could represent a way into the system if a new vulnerability is discovered by hackers. Cyber criminals are continually looking for new exploits, producing new strains of malware or tinkering with existing strains just enough to alter their threat profile and evade signature-based detection solutions. Tactics have also evolved at a rapid pace, from the use of social engineering techniques in the initial attack to methods for evading detection once a network is compromised.

A security certificate issued by Mimecast Services Ltd. that’s used to authenticate some of the company’s products with Microsoft Corp. 365 Exchange Web Services has been hacked. Oliver Tavakoli, our CTO, shared his thoughts about how attackers can use the private key to perform any actions that the certificate entitles.

Researchers at Kaspersky said they found code similarities between the Sunburst malware deployed on SolarWinds Orion servers and known versions of Kazuar backdoors linked to the Russian APT group Turla. Oliver Tavakoli, chief technology officer at Vectra, added that these types of findings reinforce the fact that attackers don’t reinvent their attack methodologies and tools from scratch.

2020 provided a glimpse of just how much AI is beginning to penetrate everyday life. It seems likely that in the next few years we’ll regularly (and unknowingly) see AI-generated text in our social media feeds, advertisements, and news outlets. The implications of AI being used in the real world raise important questions about the ethical use of AI as well. Christopher Thissen, Ben Wiener, and Sohrob Kazerounian from Vectra share their insights.

The National Security Council (NSC) staff released an update regarding its investigative and mitigation efforts of the recent cybersecurity incident involving federal government and private companies. The NSC stood up a task force known as the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA to coordinate the investigation and remediation of this cyber incident.

Oliver Tavakoli, our CTO, looks back to the year that was and shares insights into the year to come for the cybersecurity landscape.