More security incidents were detected by the intruded organizations last year, a positive trend in the cybersecurity sector as cyber threat actors are increasingly exploiting the remote work setup, a 2021 trends report by Fire Eye and Mandiant – both cybersecurity firms – found.

The report also found that ransomware has become a “multifaceted extortion” scheme, identified a financial cyber threat group, and detailed how Mandiant worked with law enforcement after finding the initial SolarWinds Orion intrusion.

“Security practitioners faced a series of challenges in this past year which forced organizations into uncharted waters. As ransomware operators were attacking state and municipal networks alongside hospitals and schools, a global pandemic response to COVID-19 necessitated a move to remote work for a significant portion of the economy. Organizations had to adopt new technologies and quickly scale outside of their normal growth plans,” the report says.

“As organizations settled into a new understanding of “normal,” UNC2452, a suspected nation-state threat actor, conducted one of the most advanced cyber espionage campaigns in recent history,” the report continues. “Many security teams were forced to suspend wide-ranging analyses around the adoption of remote work policies and instead focus on a supply chain attack from a trusted platform.”

In addition to naming UNC2452, the report also names FIN11 as a threat actor to be aware of. FIN11 is a financially motivated group, suspected of committing “widespread phishing operations” and “several multifaceted extortion operations.”

On a positive note, the report notes that 59 percent of the intrusions Mandiant investigated were self-reported by the organizations experiencing the intrusion, a reported 12 percent increase from the year before.

Read More About
More Topics
Lamar Johnson
Lamar Johnson
Lamar Johnson is a MeriTalk Senior Technology Reporter covering the intersection of government and technology.