Is the Russian SolarWinds Hack the biggest and most important in years?

SolarWinds is an IT management company that suffered from attacks that began as far as March. But just now the news comes to light.

In short: Russian cybercriminals got into the cybersecurity firm FireEye.

And so far, dozens of big victims have been identified.

The nature of this attack? Silent and careful. The results? Devastating.

But we know something in fact: we aren’t ready to take more like this one, where the consequences are yet months to be known.

Here’s what we know.

 

What Is The “SolarWinds Hack” & How Bad Is It

Kevin Thompson, Chief Execute of SolarWinds showed off how far the company went throughout 11 years under his management:

“We don’t think anyone else in the market is even close in terms of the breadth of coverage we have…We manage everyone’s network gear.”

 

This wasn’t far from the truth. The Texas-based company provided its services to hundreds of thousands of customers.18,000 of those were vulnerable to the Russian attack.

Among them, you can find telecom and consulting corporations like Cisco Systems, Intel, Nvidia, Deloitte, VMware, as well as U.S. departments of State, Treasury, Homeland Security, and Commerce.

It was when SolarWinds confirmed that Orion (network management software) turned victim of this international, cyberespionage operation. It glued organizations together, which resulted in a toxic dominance.

And for the same reason, it was just a matter of time when sophisticated hackers found their security vulnerabilities (one being having  “solarwinds123” as server updates password .

Kim Peretti, the co-chair of Alston and Bird’s cybersecurity, acknowledges how the malicious updates were made on “perfect timing for a perfect storm”: they were executed between March and June, just right when the first wave of Coronavirus appeared.

Reuters received information from a few familiar with the investigation, claiming Russia is the top suspect, due to how it connects to other early attacks executed by the nation.

We’re talking about compromising the U.S. government in a sophisticated fashion, harming the entire country’s tech infrastructure, enough to surprise security experts.

 

How Did the SolarWinds Hack Happen?

The so-mentioned timing was a mix of never-seen cyber tools, with a precise strategy to take advantage of weak links under the software supply chain under all U.S. businesses and governments.

That, combined with the extraordinarily stealthy tradecraft equivalent of spy-level disguise.

The hackers blend in with data flowing through the corporate networks, to remain undetected. They also repurposed and took advantage of expired internet domains, as well as fake corporate software tools named to be seen as legitimate.

SolarWind’s patches were corrupted with malicious code that didn’t leave track: they were hidden well (communicating through US IP addresses, instead of Moscow one) and wiping away any possible footprints.

The most impressive (and even funnier) fact, is how they were capable of evading Einstein, the U.S. multibillion-dollar detection system, that only focuses on known malware.

A 2018 report suggested that building it was a wise investment. Operated by the CISA, it seemed like it wasn’t that much. 

Scary signs of consequences make this clear after unknown sources have claimed criminals were selling access to Soldarwind’s computers on underground forums. 

Mark Arena, Chief Executive of Intel 471 announced that one of such forum members selling access is known as “fxmsp” and is an FBI most-wanted criminal “for involvement in several high-profile incidents.

After all, it’s very likely that there are blackhat transactions still ongoing to this day after researchers confirmed SolarWind’s malicious updates were still available for download, even days after they realized about the issue.

The company said to calm media down:

”We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect our customers.”

 

Others, try to do so by assuring neither the password nor other known stolen goods were the sources of the intrusion.

Of course, it ain’t an easy task to do manage a situation like this. And while they try to play it safe and confident, reasonable events are occurring inside the firm. For example, Kevin Thompson is being replaced by Sudhakar Ramakrishna (Pulse Secure).

A job ad seeing a new vice president for security was posted, but the position remains open.

Now, cybersecurity experts are still struggling to understand how far the damage will extend.

 

What Could Happen After the SolarWinds Hack

The whole scope of the hack seems to keep expanding. Both the damage inflicted and the number of agencies penetrated don’t stop growing. And the damage 

For example, the Pentagon assessed how emails were a big target of the bad actors, but a real intention of the act of stealing and using this information is yet to be known.

A state spokesman assumed that they want to be aware of what policymakers are doing concerning issues that affect the strategic interests of regions such as Russia. 

On the other hand, lawmakers are trying to guess why federal cybersecurity efforts have fallen short, despite all the years of training, experience, and investment in defensive-tech.

Whatever it’s called, the undeniable fact is that the events have only provoked fear. It’s not for less, that the remediation effort will be staggering for itself. The replacement of computers, servers, and network hardware is a must. Even the “do-over” is mandatory.

For the same reason, as network operators must take inspect their internet traffic in detail to detect unexplained anomalies, everyone else must take immediate steps in their ways.

We need to form a national (and global) strategy to protect from cyberattacks of this magnitude. This one should start with the alliance of the governmental and tech sector.

What are your thoughts about the SolarWinds hack?

Have you been affected by it? If not, will you wait to be harmed to take some action?

Let’s talk. We’ll identify if there are vulnerabilities to patch/fix as soon as possible.

If something is found, the expert team of MyITGuy can take care of it.