Are the JBS and Colonial attacks just the beginning?

Cybersecurity News

While the recent attacks on the JBS plants and the Colonial Pipeline are far from unique, the tangible nature of the damage hits close to home.    

From a security perspective, the SolarWinds and Microsoft breaches were far more devastating than either the JBS or Colonial attacks. For one, both the SolarWinds and Microsoft attacks successfully compromised hundreds of organizations around the world. Moreover, while meat and oil are certainly important resources, they can be subsidized via federal stockpiles or even limited for a short period of time without too much long term damage. Compare this with the confirmed access that the SolarWinds hackers had to the Treasury and Commerce Department’s internal networks, as well as unconfirmed victims such as the Pentagon, NASA, and the White House. In today’s world, information, rather than any individual commodity, is our greatest resource.

Putting this aside, however, the fact that the damage from the JBS and Colonial attacks can be concretely felt (both at the pump and the checkout counter) adds a psychological element to these attacks that the previous software breaches lacked. JBS handles 20% of US beef production, while the Colonial Pipeline transports a whopping 45% of the East Coast’s fuel. This one-two punch has prompted some media outlets to warn of an impending cyber 9/11, unless we step up now to ramp up cybersecurity investments across the board. The analogy is worryingly apt. Just like 9/11, many of these attacks are not coming directly from hostile governments, but are rather funded and executed by relatively small groups of hackers. And, just like any terrorist organization, one successful hack spawns a series of fresh attacks.

Take the Colonial Pipeline for example. The only way that they were able to get their systems back up so quickly was by paying the hackers $4.4 million in Bitcoin. And, while this may seem like a bargain for the oil giant, it simply provides the attackers with the capital and the confidence to launch new attacks. Just like with conventional terrorist groups, the attack itself is often not the object. What they want is to create a sense of vulnerability and fear that even a minor attack can plant in even the most powerful nation. In this, the recent spurt of cyber-attackers were all too successful.

So, what can be done?

For starters, the Biden administration already has plans to include large investments in cybersecurity as part of its infrastructure bill. Furthermore, the Administration is in the midst of a 100-day cybersecurity sprint. If successful, this could pave the way for larger projects. Using the recent attacks as an opportunity to lean into both of these initiatives is no-brainer.

But a top-down approach will not be enough. If the US wants to build resilience to cyber threats, corporations and public entities across the country need to step up and take responsibility. For example, here’s a list of what Silent Breach considers to be the top 5 challenges facing CISOs in 2021 along with mitigation recommendations.

To generate this list, we combed through internal Silent Breach data from 2020, discussions with clients and industry leaders, as well as a holistic review of global trends, technologies, and threats.

Remote Work
As the global economy shifted into lockdown last spring, millions of businesses were forced to transition virtually overnight to remote work. Consequently, the usual network and endpoint protections that had served as the frontline defense were no longer sufficient. Employees now work off of home WiFi networks, personal devices, and under unsupervised, and therefore ungovernable, conditions.

Recommendations: Remote workers are particularly susceptible to social engineering attacks, outdated software usage, and weak password policies. Review Silent Breach's Cybersecurity Survival Guide for Remote Working for a list of mitigation tips.

Cloud Security
The global migration to the cloud is perhaps nothing new, but it also shows no signs of slowing. The cybersecurity landscape has become incredibly complex, and cloud security has been continuously evolving to keep up with emerging threats. To cite just one example, the Cloud Hopper attack, widely believed to be the work of the Chinese government, infected at least a dozen cloud providers hosting sensitive data for multinationals like Philips, American Airlines, Deutsche Bank, Allianz, and GlaxoSmithKline.

Recommendations: This is where the regular slate of configuration reviews, architecture audits, hardening exercises, and tactical coaching will come in handy. Alternatively, consider outsourcing these exercises to a managed security partner. Finally, continuous monitoring platforms, such as Quantum Armor, are now available to provide in-depth monitoring, auditing, and analytics across your cloud environments.

Supply Chain Attacks
It’s clear that supply chain attacks (such as those discussed in this article) exponentially increase the potential scope and impact of a given attack. As organizational software stacks expand, and application dependencies multiply, the technological landscape is growing tightly integrated. Opportunities for malicious activities are growing along with them and, as the saying goes, a chain is only as strong as its weakest link.

Recommendations: Aside from ensuring that all of your dependencies and software are up-to-date, we recommend enrolling in a managed incident response program. This ensures that in the event of a compromised product, you'll have access the latest IOCs, forensics, and mitigation techniques.

Data Analytics
There is an incredible abundance of data, but not nearly enough time and human capital to interpret it all. The challenges that organizations are facing will be centered around data analytics. Those who excel here will be able to stay ahead of the curve and have far more visibility into their network's health, activity, and needs, while those whose analytics lag behind will quite literally be drowning in meaningless data.

Recommendations: Depending on the size and needs of your organization, consider shifting a greater portion of your budget to developing an analytics strategy. Alternatively, outsource these responsibilities to a reputable MSSP. Often, a hybrid model, where a trusted security partner helps compliment your in-house resources, is the way to go.

Growing Attack Surface
Unfortunately, organizations across nearly every sector are still struggling to secure their public-facing applications. In 2020, for example, Silent Breach security consultants found that 92% of web applications tested contained serious or critical security flaws. In particular, we recently reported that 97 of the 100 largest airports are similarly compromised.

Recommendations: While penetration tests, vulnerability assessments, and attack surface monitoring tools like Quantum Armor will help uncover your weakest links, without corporate buy-in and a company-wide cybersecurity awareness, technical fixes will only go so far. Here, regular training workshops are crucial; not only to provide the necessary skills and knowledge, but perhaps more importantly, to instill a culture of security and responsibility throughout the organization.

Talk with one of our representatives today to learn more about how we can help improve your security. For a limited time, Quantum Armor licenses are being offered completely free of charge so that you can test-drive our platform 100% risk-free!

More Stories Like This:
Top Four Benefits of Attack Surface Management
SmileDirect Becomes Latest Victim in String of Cyberattacks
Inside Biden's Plan to Protect the Power Grid from Hackers

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.