The S-RM Cyber Threat Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our threat intelligence specialists.
This is our final briefing for 2020. Following a two-week break for the festive period, we’ll be back with the next edition on 8 January 2021.
- SolarWinds supply chain attack. We summarise information surrounding the attack and advise taking mitigating steps as soon as possible, as recommended by SolarWinds, if your organisation uses affected SolarWinds software.
- Twitter receives GDPR fine. Ireland’s Data Protection Commission fines Twitter EUR 450,000 for breaching GDPR notification requirements.
- 2020: What’s in the numbers? As this tumultuous year draws to a close, we highlight some interesting trends from Verizon’s data that business leaders and cyber specialists should look out for in 2021.
SolarWinds supply chain attack: ripples felt across the cyber universe
- A sophisticated threat actor was able to breach SolarWinds, a widely-used software provider, and lace malware into updates for SolarWinds Orion software. Updates understood to be affected are versions 2019.4 through 2020.2.1. 
- This supply chain attack is known to have impacted at least 18,000 SolarWinds customers globally, according to the SEC filing. Victims include a number of US government networks and the security company FireEye, which disclosed a breach of its networks last week. FireEye has this week provided further details on how the hackers responsible for breaching its networks leveraged the malicious SolarWinds update.
- Underscoring the serious nature of the attack, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on Sunday 13 December, while the US National Security Council met at the White House on Saturday. Russia is currently believed responsible, according to individuals familiar with the investigation as reported by Reuters.
So what? If your organisation uses SolarWinds Orion platform software, take mitigating steps as soon as possible. Follow the recommendations that SolarWinds has laid out in the security advisory issued this week. The advisory details the products SolarWinds has determined were impacted as well as locations for version updates and hotfix releases to be applied as soon as possible. Further to this, query DNS logs for evidence of communication with the C2 domains listed in the FireEye advisory and update firewalls to deny all traffic to those domains.
Twitter fined for GDPR violation
- Ireland’s Data Protection Commission (DPC) fined Twitter EUR 450,000 on Tuesday for failing to appropriately document or notify the DPC of a breach within the 72-hour time limit imposed by the GDPR.
- The DPC’s investigation was initiated in January 2019 after Twitter notified the watchdog that a bug in its Android app had caused the private tweets of protected accounts to be inadvertently exposed to the public. Despite notifying the DPC on 8 January 2019, Twitter acknowledged that it had become aware of the bug’s severity on 3 January and had consequently failed to meet the GDPR notification requirements of 72 hours from the first detection.
So what? The GDPR imposes many obligations on organisations and data controllers. It is imperative that organisations have an appropriate incident response plan in place to guide their response to a data breach, which will help them comply with the various obligations imposed by the GDPR and any other key regulations. In this case, Twitter’s cooperation with the DPC likely mitigated the extent to which it was fined, particularly given that Google received a EUR 50 million fine from French data protection authorities in January 2019 for failing to properly obtain consent from users to process their data for targeted ads.
Looking at Verizon’s data – what’s in the numbers?
- Looking back at the cyber security threat landscape this year, we think of increasingly prevalent and impactful ransomware operations, the targeting of managed service providers (MSPs) and supply chains to reach end users, and new extortion techniques, to name a few trends.
- Verizon’s latest data also reveals some interesting trends. Here are some of the highlights:
- Uh-oh: An increasing cause of data breaches are errors and misconfigurations made by internal security teams.
- Money, money, money: There was an increase in financially motivated cybercrime, with a decline in cybercriminal activity attributed to espionage.
- Reeled-in: Despite all those phishing tests and online training programmes, phishing remains the most popular technique used by attackers in data breaches.
- Mal-rare? The use of malware continued to decline; just 6.5% of data breaches in 2020 were attributed to malware, down from approximately 50% in 2016.
So what? A key argument for the importance of cyber threat intelligence is that it helps us understand a rapidly evolving threat landscape, and see our adversaries more clearly. Keeping up to date with what we are seeing both in the news, and in the numbers, can ensure that we are focusing our efforts in the right places.
 ‘Twitter fined by EU data protection watchdog for GDPR breach’, Bleeping Computer, 15 December 2020; ‘Twitter Fined for Breaking EU Privacy Law in First for U.S. Tech Firm’, Wall Street Journal, 15 December 2020.