In 2020, malicious actors took full advantage of the expanded threat landscape created by the increase in remote work. We saw the reappearance of older malware targeting older, unpatched devices in home networks, a seven-fold increase in ransomware attacks, and one of the most significant supply chain hacks in recent years. And so far, 2021 is following that theme with the recent attempts by cyber adversaries using a variety of attacks to exploit several Microsoft Exchange Server vulnerabilities and a continued assault with ransomware.
Given the rapid expansion of the potential attack surface, the interconnection of devices and data across a larger digital environment, and the inconsistent and fragmented approach to security taken by many organizations, cybersecurity risk has never been greater. As the saying goes, there’s no rest for the weary—and the recent spate of ransomware and other attacks looking to exploit newly revealed critical system vulnerabilities are just the latest in an escalating campaign by increasingly motivated and sophisticated criminals. And that means cybersecurity professionals have to stay vigilant and prepared.
Understanding the tactics of cybercriminals
But while HAFNIUM may have been among the first to target the Microsoft Exchange vulnerabilities as an example, they will certainly not be the last until patched. Campaigns like these demonstrate a classic strategy of cybercriminals. Once a high-profile vulnerability has been revealed, cybercriminals immediately attempt to make the most of it. They rely on two things. First, they are hoping to exploit the gap between the disclosure of vulnerabilities and when organizations begin to apply patches and updates. In most cases, exploits targeting newly released vulnerabilities show up within a few hours of a vulnerability being made public. While zero-day exploits are the most valued becau ..
Support the originator by clicking the read the rest link below.
