2020 Annual Cybersecurity Report

  /  ICS Security   /  2020 Annual Cybersecurity Report
ICS Cybersecurity

2020 Annual Cybersecurity Report

Looking back at a most unprecedented year, Trend Micro’s Annual cybersecurity Report surveys the most notable and crucial security concerns that emerged and persisted in 2020, and provides users and organizations with insights into how they can navigate a drastically changing threat landscape.  One of the areas of concern is supply chains.

Cybersecurity Threats on Supply Chains

While it is difficult for threat actors to directly attack organizations with strong security systems in place — for example, government entities that house extremely sensitive data — they could circumvent these defenses by indirectly compromising the less secure portions of the organizations’ supply chains.

In essence, a supply-chain attack takes advantage of the trust model between an organization and its suppliers to allow an attacker to gain a foothold into the target’s system. This makes it difficult to counter or even detect. Not only do organizations implicitly assume that the products and services offered by their partners are safe to interact and conduct business with, but they also often have no way to actively check for threats lurking in their supply chains beyond what they can see in their own systems.

Supply-chain attacks had become so notorious that in February 2020, the FBI issued a security alert concerning them. In particular, the alert warned of supply-chain attacks being launched by threat actors on software companies in order to obtain access to their strategic partners, including organizations supporting industrial control systems in the energy industry. These were done via Kwampirs, a RAT that was used to gain entry to the victims’ machines and networks, after which follow-up activities could be performed, such as delivering additional components or payloads.

One of the most highly publicized supply-chain attacks in recent years was the attack involving SolarWinds. In December, reports began circulating about a sophisticated attack targeting several organizations, including US government agencies, via a compromised update of Orion, SolarWinds’ widely used network management system software.  Given the nature of some of the targets, the attack could have far-reaching consequences.

According to the information provided by the company, the malicious actors behind the attack inserted a vulnerability into certain Orion software builds that could allow attackers to compromise servers running Orion.  This meant that once the relevant update was pushed to customers, the attackers were able to deploy a powerful backdoor, known as Sunburst, on the affected machines. Once implanted into the systems, Sunburst gave the attackers complete access to the affected networks. The attackers could then issue commands to gather system information, write and delete files, create and delete registry keys, and disable analysis tools, among other malicious activities. A second-stage payload, a backdoor known as Supernova, was also part of the attack. The attackers used Supernova to inspect and respond to HTTP requests via appropriate HTTP query strings, HTML form values, and cookies, and to execute web shell commands through a specific HTTP request format.

Download the full report from Trend Micro to learn more about the most significant cybersecurity issues of 2020 (including Ransomware and threats in Cloud, IoT and Mobile environments), and the most effective strategies against current and emerging threats.