Ransomware Trends 2

Supply chain breaches were common in 2021, and they aren’t likely to disappear anytime soon. When an attacker compromises a software developer, hardware manufacturer, or service provider, the adversary then uses that access to target consumers who utilize the compromised software, gear, or service. SolarWinds, Kaseya, Node Package Manager (NPM) breaches, and Log4j are among the major supply chain compromises expected in 2021.

In December 2020, hackers cracked into SolarWinds’ update infrastructure for their Orion IT management software and issued backdoored updates to the company’s thousands of clients, disrupting businesses far into 2021. The trojanized Orion platform updates included a genuinely signed dynamic link library (DLL) file, and some incorporated backdoor functionality that commenced contact with command and control (C2) servers after a dormancy period of up to two weeks. Adversaries detected potential targets for future exploitation and carried out follow-up activities such as installing further malicious binaries. These malicious binaries were used to install a backdoor that allowed adversaries to get access to the accounts of the victim companies.

Many networks were impacted by SolarWinds, and it took months for businesses to analyze and respond. The event brought supply chain concerns to light and prompted a fresh emphasis that will continue to be significant in 2022 and beyond.