It’s more difficult than ever to protect our infrastructure, government, and businesses from becoming victims of well-funded, skilled adversaries. From the Log4j vulnerability to the SolarWinds hack to the Colonial Pipeline cyberattack, organizations are more vulnerable to cyberattacks than ever before. In fact, 87% of enterprises across 11 countries have fallen victim to cyberattacks in…

In the SolarWinds incident, up to 18,000 companies could have received the malware injected into the SolarWinds software. Not all could have been affected. Many of these ‘victims’ did not install the infected version, and many others did so on servers with no internet connectivity. Of those companies that did receive the Nobelium Sunburst malware,…

Cyentia Institute and RiskRecon released a research that quantifies how a multi-party data breach impacts many organizations in today’s interconnected digital world. The study is based on an analysis of 897 multi-party breaches involving three or more interrelated companies. The impact of multi-party data breach events 897 multi-party data breach incidents, also referred to as…

SolarWinds had previously traced the origins of the hack to the fall of 2019 but now believes that hackers were doing “very early recon activities” as far back as the prior January, according to Sudhakar Ramakrishna, the company’s president and CEO. “The tradecraft that the attackers used was extremely well done and extremely sophisticated, where…

In response to recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline ransomware attack, President Biden on May 12, 2021 signed an Executive Order (EO) to improve the nation’s cybersecurity and protect federal government networks. For close observers, this seems to be like Groundhog Day, as past incoming administrations have issued similar…

Attacks against the supply chain have been growing in quantity and gravity for several years, culminating in SolarWinds. Most discussion has focused on the software supply chain, but a new study shows that the physical logistics supply chain is equally subject, and susceptible, to cyberattacks. The Covid-19 pandemic has increased and highlighted the world’s reliance…

The sanctions, foreshadowed for weeks by the administration, would represent the first retaliatory action announced against the Kremlin for last year’s hack, familiarly known as the SolarWinds breach. In that intrusion, Russian hackers are believed to have infected widely used software with malicious code, enabling them to access the networks of at least nine agencies…

Chris Inglis, a former NSA deputy director, is being nominated as the government’s first national cyber director. Jen Easterly, a former deputy for counterterrorism at the NSA, has been tapped to run the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security. The appointments come as the Biden administration grapples with the aftermath…

The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what’s known as the SolarWinds intrusion and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if…