Long before rioters pushed and forced their way into the U.S. Capitol, a stealthier invader was lurking through the computers of government officials, stealing documents, monitoring emails, and setting up traps for future attacks. Foreign hackers, who top US officials believe to be Russian, were able to hack into private companies such as the elite cybersecurity firm FireEye as well as the upper levels of the government including the Department of Homeland Security and Treasury Department.
How did this attack happen?
This all began when hackers secretly broke into a Texas-based company known as SolarWinds, that produces a network and applications monitoring platform called Orion. This breach gave the attackers access to the networks and systems of SolarWinds customers, which includes 425 of the US Fortune 500 including all branches of the military, the Pentagon, the State Department, as well as hundreds of colleges and universities worldwide. This attack is considered to be one of the largest, if not the largest, of its kind ever recorded.
Who was affected by the attack?
Over 30,000 public and private organizations, including local, state and federal agencies, use the Orion network management system to manage their IT resources. As a result, this hack compromised the data and network infrastructure of thousands of organizations including top US government departments as well as private companies including Microsoft, Intel, Cisco, and Deloitte.The SolarWinds software supply chain attack also gave hackers access to the US Cybersecurity Firm FireEye. FireEye has detected multiple victims worldwide, including government and technology firms in North America, Europe, Asia, and the Middle East.
Who is responsible for the attack?
Although it has not been confirmed, federal investigators and cybersecurity agents believe a Russian espionage operation known as ‘Cozy Bear’ is behind the attack. The Russian government has denied any involvement in the attack and has claimed that they do not condone nor conduct cybercrimes. Despite these claims, the Biden administration intends to hold Russia accountable and through a full-scale intelligence gathering and review of the SolarWinds hack.
Why is this attack so important?
The SolarWinds attack is considered to be the worst cybersecurity attack in history and carries global implications. By breaching the Orian software, hackers have gained access to several government systems and thousands of private systems around the world. Having access to entire networks puts a large number of government and private organizations at risk of significant breaches.
This is among the most advanced attacks FireEye has ever observed which has stunned a number of stop security officials. As a result this cybersecurity hack is acting as a catalyst for rapid changes in the cybersecurity industry and various companies and government agencies are looking to devise new methods for preventing these types of attacks before they happen. These organizations are now realizing that a firewall is not adequate protection and there are still many vulnerabilities among these systems. While the attack is certainly unprecedented, leading security researchers believe that future attacks can be detected through persistent defense.
Companies should begin thinking about applying zero-trust networking principles and role-based access to users, applications, and servers. Companies should consider the possibility of vulnerabilities within their networking systems and try to put controls in place to minimize the impact of malicious attacks. It is likely that the supply-chain attacks will continue to increase in the future as attackers become more sophisticated so it is more important than ever to consider new security techniques that can help protect against this global cybersecurity threat.
Your business is important and that’s why it’s recommended to work with a trusted cyber security partner like Contextual Security. We offer a personal, customized plan to help your business navigate cyber threats and we are committed to helping you develop a plan that fits your needs and budget. To learn more about our services, check us out at www.contextualsecurity.com or call and speak with one of our knowledgeable representatives 855-907-3013. You can also email us with any questions at [email protected]