In this week’s roundup, we learn how esteemed and highly trusted infrastructure provider SolarWinds was targeted by potential state-run malware. In fact, this is quite the big deal, perhaps the biggest shocker for the United States government and tech companies around the world. Continue reading to learn more.
In our last roundup, we discussed how hackers penetrated up to 1,200 servers maintained by FireEye, which is a company responsible for mitigating cyberattacks.
In a significant blow to national security in the United States , the same group of attackers, believed to be Russia, spread malware in Orion-enabled systems that affected nearly 18,000 SolarWinds customers, who use an online application for tracking and inventory management..
SolarWinds is a Texas-based company that serves 425+ of the Fortune 500. From The Pentagon to the Army, hundreds of high-profile and extremely high-level organizations regularly entrust SolarWinds with their extraordinarily sensitive data.
Let’s dissect what happened here. There was a recent security update called SolarWinds Orion, through which a hacker group installed a trojan virus and spread malicious software to the company’s single point of network.
We are not entirely sure whether the malware affected more than 18,000 customers because up to 33,000 SolarWinds users have received the Orion update.
If you are reading this cybersecurity news for the first time, you may not realize the fact that this SolarWinds attack is regarded as one of the biggest state-run (allegedly) cyberattacks.
The cybersecurity experts are linking this attack to stolen FireEye RedTeam tools, and the United States must be shaking in its boots by hearing this news.
The ramifications of this type of attack are far-reaching, which suggests that America’s arch-enemies—that is, Russia—was behind this attack, and that it was truly state-run.
Russia, on the other hand, responded and rejected all allegations, saying that the country wants to restore Russia-US cooperation when it comes to information security.
(Perhaps they are saying that now that they have everything they need… what do you think?)
Let us be very clear on what this means: Several top-grade organizations like The US Cyber Command, Department of Homeland Security, US Treasury Department, and other elite services contract their services to SolarWinds.
Many security journalists are aware of the magnitude of this cyberattack and have shared their expert opinions, or concerns, on Twitter.
It’s a dangerous precedent.
From all malware attacks, this one is unique. Whoever these cyberattackers may be, they have taken on high-grade and expert-level companies, which raises the questions whether or not it is really a state-run attack. We may never know. Until then, hello, Russia!
To date, SolarWinds has failed to disclose how the attackers managed to control their systems after the Onion malware invaded the systems. In fact, they are hesitant to mention that their office accounts and emails might have given the attackers a backdoor to spread malware into systems.
There is no concrete news on information theft via email accounts, but we think using an Office account seems to be a plausible explanation for this attack.
What’s the fallout? Well, SolarWinds is in deep shit. The US government will likely temporarily stop any networks operated by SolarWinds.
This is bad news for a company like SolarWinds because Onion, an online application for tracking and inventory management, generated $343 million in total revenue in the last three quarters of 2020.
However, Microsoft has also explained how the attackers managed to spread malicious code into a secure system and how they affect software libraries.
These types of software attacks don’t have a one-size-fits-all solution because they involve machines and not loyal humans.
We have been covering cybersecurity news for quite a while now and discussing how cyberattackers are becoming more sophisticated over time. The attackers can now impersonate company employees to launch state-level malware attacks.
Even though there are many companies running security background checks on their software, there is no legit way to track malware in security updates, especially malware that may not be detected yet by larger scale virus/malware scanners.
All companies must outline contingency plans in case things go south during a security update. In this way, companies can try to reduce the risk of malware attacks as much as possible.
We’re still not blaming any country, but Russian state-backed Advanced Persistent Threats (APT) have been common for a long time.
But do you think the US government is not backfiring in return?
Is this going to trigger a fierce modern warfare between two first-world countries?
Are we expecting more state-level attacks?
Maybe…