In early May we began a discussion with our OODA Network members that started with an observation. About six months prior we had been through the Solar Winds attack, which from our perspective was clearly one of the most damaging attacks/espionage operations in history. Soon after that, the attack series named Hafnium by Microsoft was revealed. Hafnium had started as espionage but then turned into a Gold Rush of criminal activity, one of the worst attacks in history. Then the Codecov attack hit.  This is a widely used tool for software developers that is used for managing continuous integration and continuous deployment of code. Turns out some nation state level actor modified this tool so that all code that was used by it was also copied off and sent to the bad actor. It was brilliant and absolutely one of the worst in history.

The discussion we had in early May was, since we are now getting something we could call the worst attack in history every 2 months, what can we expect next? Could the rate accelerate even more?

Since then there was the Colonial Pipeline attack, of course. Not necessarily a sophisticated actor but a new business model and good code, causing one of the worst attacks in history. It was followed by many other major ransomware attacks and then a major Microsoft announcement of an attack dubbed “PrintNightmare” which was also, clearly, one of the worst in history. Three days later an attack on an IT management software package named Kaseya (which is used by many IT and security providers) was revealed. This one is also huge, clearly one of the worst in history. The rate of new massive attacks is clearly accelerating.

We are not oblivious to the many good and positive things occurring in the cybersecurity community. But all of us should understand that some things just don’t cause real world results. Other things may be directionally correct by have very little impact (like the new cyber Executive Order, and the Biden-Putin summit where cyber was discussed).

Point of all this:

If you are a business leader, do not expect anyone is going to save you from this. Take responsibility for building your own secure infrastructure and defend your business. This is why we thought of the quote from Paul Carus’s 1894 book “Karma: A Story of Buddhist Ethics” (often misattributed to Buddha):

“No one saves us but ourselves. No one can and no one may. We ourselves must walk the path.“

If you are in government, we empathize and know how hard your job is. Please do keep making directionally correct moves, but understand we do not believe you will really help stop these attacks. Just going off of 40 years of observations here. Please try to prove us wrong and do what you can. And keep helping assess situations and provide helpful advice where you can, you (especially CISA and NSA) are doing great at that.

All of us should implement a zero-trust architecture. We tell you how here: The New Enterprise Architecture is Zero Trust

Everyone should understand the new ransomware threat. We tell you how here: Ransomware, and update on the nature of the threat.

Do a quick review of priority controls designed to mitigate malicious code like ransomware. We tell you how here at: The Executive’s Guide to Mitigating The Ransomware Threat.

If you are not already on distribution for our Daily Pulse do so now. This will help you track the interrelated connections between geopolitical events, technological developments, cyber risks and opportunities.

About the Author

Bob Gourley

Bob Gourley is an experienced Chief Technology Officer (CTO), Board Qualified Technical Executive (QTE), author and entrepreneur with extensive past performance in enterprise IT, corporate cybersecurity and data analytics. CTO of OODA LLC, a unique team of international experts which provide board advisory and cybersecurity consulting services. OODA publishes OODALoop.com. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency.