More security incidents were detected by the intruded organizations last year, a positive trend in the cybersecurity sector as cyber threat actors are increasingly exploiting the remote work setup, a 2021 trends report by Fire Eye and Mandiant – both cybersecurity firms – found.
The report also found that ransomware has become a “multifaceted extortion” scheme, identified a financial cyber threat group, and detailed how Mandiant worked with law enforcement after finding the initial SolarWinds Orion intrusion.
“Security practitioners faced a series of challenges in this past year which forced organizations into uncharted waters. As ransomware operators were attacking state and municipal networks alongside hospitals and schools, a global pandemic response to COVID-19 necessitated a move to remote work for a significant portion of the economy. Organizations had to adopt new technologies and quickly scale outside of their normal growth plans,” the report says.
“As organizations settled into a new understanding of “normal,” UNC2452, a suspected nation-state threat actor, conducted one of the most advanced cyber espionage campaigns in recent history,” the report continues. “Many security teams were forced to suspend wide-ranging analyses around the adoption of remote work policies and instead focus on a supply chain attack from a trusted platform.”
In addition to naming UNC2452, the report also names FIN11 as a threat actor to be aware of. FIN11 is a financially motivated group, suspected of committing “widespread phishing operations” and “several multifaceted extortion operations.”
On a positive note, the report notes that 59 percent of the intrusions Mandiant investigated were self-reported by the organizations experiencing the intrusion, a reported 12 percent increase from the year before.