Cyber Weekly Digest - Week #51

Updated: Jan 7, 2021

During this week cyber criminals have proved that December is their busiest time. As most businesses begin to slow down as Christmas and the new year approaches, criminals are taking advantage. Read this week's digest to find out the most significant cyber security stories.

1. Multiple US federal networks were compromised after SolarWinds was breached.

This week trojanised versions of SolarWinds' Orion IT monitoring and management software were used in a supply-chain attack against multiple US government and high-profile companies' networks. The attackers deployed a backdoor dubbed SUNBURST, which later this week Microsoft, FireEye and GoDaddy collaborated to create a "kill switch" for the backdoor. It is believed that 18,000 customers were affected by the malicious code of the Orion platform.

2. Lithuania's government suffered one of its "most complex" cyber-attacks in recent history.

Criminals breached multiple content management systems to gain access to 22 different websites operated by Lithuania's public sector. The attackers then published fake articles containing misinformation on the sites including a story which alleged a Polish diplomat had been detained at the Lithuanian border due to carrying illegal drugs, weapons, and money. The fake story was posted on the website of the State Border Guard Service. The attackers posted similar false stories on other public sector websites.

3. Habana Labs was hit by Pay2Key ransomware cyber-attack.