In this attack, the adversaries embedded malware in SolarWinds’ Orion software — a network monitoring and management system used by many organizations. Such as hackers from Russian state-sponsored group APT29 or “Cozy Bear” that gained access to embed malicious code into Orion software updates. The trojanized updates were sent to thousands of customers for SolarWinds, including some of the largest names in the cyber world like the U.S. Treasury Department and the Department of Homeland Security as well as many Fortune 500 companies.Biggest Cybersecurity Breaches.
Once entered, perpetrators were able to extract sensitive information whilst also traversing affected networks undetected over a period of months. This was a complex attack that made the software-unpacking-traditional security protocols, which raised questions about the trust of Software Supply Chains.
In light of the incident, there’s an increased education and understanding about the importance of securing supply chains and implementing zero-trust architectures as organizations across America re-assess their defensive postures to mitigate future attacks. The ramifications of the breach at SolarWinds are still being calculated, and it may be years before the total loss and data exposure can be measured.
While the risks are clear, there are also opportunities to address them and strengthen supply chain security through proven certifications and training programs. Choosing the right cybersecurity certification for your organization is an important first step for organizations seeking to best position themselves better prepared to defend sensitive data.
Facebook-Cambridge Analytica Scandal (2018) Biggest Cybersecurity Breaches
The scandal between Facebook and Cambridge Analytica, has emerged as a turning point for many in realising the data privacy issues and also the potential harm that irresponsible behaviour with data can do due to lack of controls on user consent.
Cambridge Analytica, a political data firm, accessed private details of 87 million Facebook users in 2018 without their consent. It was collected using an app called “This Is Your Digital Life,” built by data scientist Aleksandr Kogan. The app was a glorified personality quiz, but it collected troves of information on its users and tapped into the data