A simple DLL file was the catalyst to the most devastating cyberattack against the United States by nation-state hackers. This cinematic breach demonstrates the formidable potency of DLL hijacking and its ability to dismantle entire organizations with a single infected file. DLL hijacking is a method of injecting malicious code into an application by exploiting the way some Windows applications search and load Dynamic Link Libraries (DLL).

In the aftermath of the notorious SolarWinds breach, occurring in mid-December 2020, a nefarious website was observed on 12 January 2021 and, presumably linked to the threat actors involved in the original supply chain attacks, purports to offer stolen data from four victim companies for sale: Other than the above, no file listings, screenshots or detailed 'proof' have been provided although links to four encrypted archive files, one for each potential victim organization, were uploaded to the popular

Cybersecurity may be different based on a person's viewpoint. One may want to simply protect and secure their social media accounts from hackers, and that would be the definition of what cybersecurity is to them. On the other hand, a small business owner may want to protect and secure credit card information gathered from their point-of-sale registers and that is what they define as cybersecurity.

In this blog, we break down the timeline of the number one hacker threat to ecommerce sites today – Magecart. The 2020 Magecart timeline includes all the significant Magecart attacks in 2020. With 4,800 formjacking attacks each month alone, this timeline only represents a small proportion of attacks reported in the public domain in 2020.

SolarWinds, an IT software provider, recently announced that it was the victim of a cyberattack that inserted malware (code name SUNBURST) within their Orion Platform software. Following the announcement of the SolarWinds Orion compromise, the Department of Homeland Security released an advisory for mitigating the code compromise.

If you were asked to list out the top problems society has been facing in 2020, cyberattacks on the maritime industry might not be an obvious issue that would come to mind. But the industry has seen a worrying trend in recent months, as a spike in cyberattacks that has left some of the biggest companies in the industry exposed. Specifically, both the fourth largest global shopping company and the International Maritime Organization (IMO) have been targeted in these attacks.

In December 2020, the U.S government announced that it fell victim to what is believed to be the largest security breach in the nation's history. The breach occurred through an innocuous IT update from the Government's network monitoring vendor, SolarWinds. This monumental breach exposes a novel and powerful method of clandestinely penetrating even the most sophisticated security defenses through third-party vendors - supply chain attacks.

The threat actor then gained a back door into the company’s Orion network management platform – used by over 300,000 organisations worldwide. Given the seriousness of the attack, its potential to affect customers across the SolarWinds supply chain and reports of espionage by nation state attackers, this is a story that is likely to have ongoing repercussions for organisations in 2021.

TL;DR: Supernova exposes SolarWinds Orion to attack via an in-memory web shell. It needs to be patched and detections below can help identify adversary actions. As organizations were catching their breath and winding down for the holidays, a fascinating twist in the SolarWinds Orion “Sunburst” intrusions began to appear.