General malware findings
One of the dominating threats in 2020 was the botnet Emotet with several variations. The software has evolved from a Banking Trojan to a sophisticated attack tool with a flexible set of extensions and functionality, ranging from identity theft to other forms of destructive behaviour. The malware infrastructure has been successfully taken down due to an intervention of European investigators.
Creating major cyber security headaches and significant financial damage, ransomware attacks targeted victims across all sectors and company sizes, one of them being German Software AG. In an attack, which started in October, a double extortion strategy was employed by the attackers. Since the company refused to pay the ransom, the attackers started to publish confidential company data. As another example the attack on cyber security company FireEye in late 2020 seizing their red team tools evidently showed how even the best can be hit. Reputational damage and loss of intellectual property in this case came along with adding new threats to any other organization caused by this external takeover of the weaponry.
Furthermore, ongoing attacks against the healthcare sector ingloriously peaked in the unscrupulous attack against EU drug regulator European Medicines Agency in December, accessing data and later leaking manipulated versions of documents related to COVID-19 medicines and vaccines.
An interesting development that gained a lot of attention around the globe for a good reason was the recent SUNBURST (“SolarWinds.Orion.Core.BusinessLayer.dll”) attack on network management software vendor SolarWinds that was based on a supply chain compromise followed by a compromise of cloud assets. The chosen approach allowed an unknown attacker to distribute malware to potentially thousands of organizations through the IT footprint of their supply chain and applying a cross-domain approach. For any organization involved in any form of digital transformation endeavour this type of attack shows that Cyber Security does not begin or end at the fence or the firewall.
With regards to its broad outreach, phishing, scam, cyber fraud, ransomware and malicious domains remain the biggest digital threats across the world in the wake of the pandemic. With the internet browser being a main delivery vector for such attacks, organizations need to pay even more attention to maintaining consistent security controls.