As we enter December and the year comes to a close, let’s take a look at the current state of the digital world in this cybersecurity update – what’s new, what trends have continued and what we need to do to keep ahead of developments.
Most recent cyberattacks
There have been a number of cyberattacks either happening in the last few weeks or only just coming to light. As such, it’s instructive to look at them and see what lessons need to be learned:
Trellance:
Computing firm Trellance recently came under ransomware attack, causing disruptions for approximately sixty credit unions in the United States. The National Credit Union Administration (NCUA), responsible for overseeing technology related to federal credit unions, confirmed the incident. NCUA assured the public that systems would be restored within the next few days.
By all accounts Trellance had solid disaster recovery systems in place and avoided paying a ransom for restored access to their systems, meaning this attack represented merely an uncomfortable interruption of service for some of their clients rather than a severe financial hit or existential threat. This is a lesson other organizations have not learned so well, as becomes clear from some of the other recent cases.
Twitch.tv:
ALPHV, better known in some circles as BlackCat, has been featured on this blog before in the past months and have continued to be prolific. The gang has shared screenshots on the web showcasing stolen data from platforms such as Tipalti, Roblox, and Twitch. The actual server breach appears to have been as old as September, but the malware remained undetected until recently leading to a leak of as much as 256 GB of data, including employee information and customer data.
Sellafield:
As in the previous case, the actual cyberattack on Sellafield appears to have occurred some time ago. The news was broken yesterday by the Guardian as one of the latest in a long list of scandals involving the nuclear waste and decommissioning site, but the article suggests some of the breaches may be as old as 2015.
This remains one of the most troubling pieces of news, as it not only reveals an attack against a significant and critical piece of sensitive infrastructure but also is emblematic of the continued disregard for cybersecurity, prevention and recovery measures in many organizations.
Sellafield, which has more than 11,000 staff, was last year placed into a form of “special measures” for consistent failings on cybersecurity, according to sources at the Office for Nuclear Regulation (ONR) and the security services. The watchdog is also believed to be preparing to prosecute individuals there for cyber failings, piling litigation on top of their other problems.
Old trends are reinforced by new threats
In addition to this ongoing continued spate of ransomware attacks, there have been new developments that merit paying attention to. In particular, Microsoft has issued an alert regarding a spate of CACTUS ransomware attacks using other malware as an initial vector of infection.
While this sort of layered attack is not unknown or uncommon, CACTUS has been linked to attacks since March of this year both using vulnerabilities in the Qlik Business Analytics platform but also demonstrating an uncomfortable expertise in compromising VPN systems.
With employees still working remotely fairly often, this latter point should be worrying for any organization. But as stressed previously in this article, too many organizations will continue to not pay any mind and neglect their disaster response and recovery planning until it is far too late.
Secure archiving with TECH-ARROW
As this cybersecurity update reaffirms, Step one of mitigating cybersecurity concerns is to institute a quality archiving and backup solution. You can operate with peace of mind knowing that your emails, files, SharePoint data, or MS Teams communications are secure in an archiving system and can in times of need be retrieved.
In this way, TECH-ARROW can simplify the preparation of a quality disaster recovery plan. With archives being generally isolated from live systems, they are by nature more resilient and likely to remain unaffected by a wide range of points of failure. Your infrastructure’s robustness also can be boosted to new levels by choosing to archive on the Cloud with our contentACCESS Cloud Archive. That data can then smoothly be retrieved in the case of ransomware, data corruption, or any number of other issues you may potentially experience.
If you are interested in setting your company up for success into the next year and protecting it with our contentACCESS archiving solution, contact us for a free consultation and decide objectively if we are the right partner you can trust with all your assets.
Take the best steps to protect your data – with TECH-ARROW.
Archive all your O365 data with contentACCESS