A new report from cybersecurity firm FireEye Mandiant Intelligence highlights the growing trend of hackers using strategic attacks to exploit new vulnerabilities. The report shows that cybercriminals are moving away from traditional methods of attack, such as phishing and malware, and instead using strategic attacks to target specific vulnerabilities that have not yet been widely publicized.
The report also notes that the recent SolarWinds hack, which affected numerous US government agencies, was a prime example of a strategic attack. The hackers were able to exploit a vulnerability in the SolarWinds Orion software that had not been previously identified or disclosed to the public, allowing them to gain access to sensitive information.
FireEye Mandiant Intelligence’s report found that many of the vulnerabilities being targeted in these strategic attacks are found in the software and hardware of industrial control systems (ICS). These systems are used to manage critical infrastructure, such as power plants, transportation systems, and water treatment facilities. Cyberattacks on these systems could have devastating consequences, so it is concerning to see hackers targeting these vulnerabilities with such precision.
The report concludes by emphasizing the importance of identifying and patching vulnerabilities as soon as possible, and of increasing investment in cybersecurity measures. It also recommends that organizations conduct regular vulnerability assessments and prioritize the patching of vulnerabilities that could be exploited in strategic attacks.
In conclusion, the report shows that cybercriminals are becoming increasingly sophisticated in their methods of attack, and are moving away from traditional tactics to target new vulnerabilities. It is critical that organizations take cybersecurity seriously and invest in measures to protect themselves from these strategic attacks. By identifying and patching vulnerabilities early, and by conducting regular vulnerability assessments, organizations can help to mitigate the risks posed by cybercriminals.