Responding to news that US federal agencies have had their security breached by a major cyber attack, Darren Thomson, head of cyber security strategy for CyberCube said:
“While it remains too early to fully assess the impact of this attack, both the FireEye and SolarWinds breaches are significant due to the strategic importance of their target – the machinery of the US government.
“It looks like this attack could be linked to COVID-19 and the move to home working. The resultant changes to working patterns and behaviours have exposed many new attack vectors that were previously ignored by attackers. In this case, monitoring software allowing IT staff remote access to computers on corporate networks was hacked. It’s likely we’re going to see more of this kind of attack in 2021.
“This type of software supply chain attack is on the rise. Between 2018 and 2020, we saw several examples of legitimate software update mechanisms being used to breach systems. Good examples were the attacks on BA and Ticketmaster in 2018. However, using software supply chains attacks to target a government is still relatively rare.”
CyberCube is the market-leading provider of cyber risk analytics to the global insurance industry. Its analytics platform allows insurance businesses to analyse what effect a major cyber-attack and other cyber-related scenarios would have on a portfolio of insurance risks.