What to Do About Cyber Attacks?
- Looking back at the SolarWinds Attack
- Fujifilm, Microsoft, and JBS all under attack from ransomware
- Is the semiconductor industry going to be targeted next?
Hackers are gonna hack. To them, it isn't just about disruption. It's a game. As network security continues to tighten, hackers jump for joy at the new puzzles presented to them.
This might be obvious, but—hackers are very smart. Even worse, hackers are very smart and they want everyone to know it.
The folks behind cyber attacks are also another thing: very bored.
And what's that saying? Oh, yeah: "Idle hands are the devil's hacker shop."
The latest companies targeted by cyber-attacks are JBS and Fujifilm. One is one of the largest meat suppliers in the world. The other is a multinational conglomerate based in Japan that produces digital imaging products and high-tech medical kits.
The stark contrast between the products of each company reveals one thing about cyber attacks. They don't care what a company produces. Meat, tech, automotive, defense, etc...
They don't care. They just want to disrupt supply chains and show off their tech wizardry.
Microsoft is another company dealing with ongoing cyber attacks. The attacks are believed to be perpetrated by Nobelium, a criminal cyber group believed to be behind the SolarWinds attacks from yesteryear.
A SolarWinds Refresher
The infiltration of SolarWinds was announced in December of 2020 as an advanced and complex cybersecurity breach. The company's supply chain was infiltrated and its product was bugged. Any customer downloading the product was inviting trojan horses into their networks.
Organizations with no cybersecurity expertise were recommended to completely unplug their networks from the SolarWinds application. This just goes to show that companies with no defense against cyber attacks are pretty much dead in the water until someone else can fix the issue externally.
Yet organizations with implemented cybersecurity teams and strategies were able to conduct system audits and examine their networks for any malware. They at least had a chance to continue their use of SolarWinds' applications due to their ability to combat cyber threats.
This brings about the importance of the term, "Cyber Hygiene."
Cyber hygiene essentially rates how well an organization or company reduces potential cyber threats. The minimum level of cyber hygiene for a company would include the following, according to the Center for Internet Security:
- Asset inventories
- Patch and vulnerability management
- Multifactor authentication
- Adoption of least-privileged accounts
- System hardening
Companies performing these cybersecurity measures are taking a step in the right direction.
Even Microsoft isn't safe
Yet even companies with the money to set up the most advanced cybersecurity systems, like Microsoft, still fall victim to potential breaches.
The tech giant's business email servers were attacked by a coordinated phishing campaign, affecting over 3,000 individual accounts and more than 150 organizations.
The phishing attacks aim to steal data and create general chaos and disorder for companies and supply chains.
The moral of the story? Everyone is vulnerable to cybersecurity threats.
Just ask JBS and Fujifilm
Now, why would a global meat supplier and a tech conglomerate come under attack? This question is best left answered by threat researcher, John Hultquist, from cybersecurity company FireEye:
"The supply chains, logistics and transportation that keep our society moving are especially vulnerable to ransomware, where attacks on chokepoints can have outsized effects and encourage hasty payments."
Once again, more proof that hackers simply want to disrupt global supply chains, especially for in-demand industries. And what is one of the most in-demand industries right now?
Watch out for attacks on semiconductor and advanced computer component manufacturers
Rocketing consumer demands, automotive computing needs, and pandemic-induced factory shutdowns have all played a role in the current chip shortage. The last thing the industry needs, at this moment, is some type of cybersecurity breach.
And let's not forget that a breach already occurred in late 2020, with Tower Semiconductor having to pay hundreds of thousands of dollars to remove ransomware from their systems. The attack led to disruptions within the supply chain due to Tower having to temporarily suspend some of its operations. Another cyber attack on the semiconductor and advanced component supply chain could mean big trouble in 2021.
If it were 2019, maybe I would be optimistic.
Remember 2019? I think it looked something like this:
2020's pessimism is leaking into 2021, and it's as if Murphy's Law has become the norm. If something bad can happen, then it almost feels like it certainly will happen.