We usually use this space to round out the greatest stories of all areas of the world of cybersecurity. This week, we make an exception, because there is really only one story: how Russia got the biggest espionage hack recorded.
Russia’s hacking of information management company SolarWinds began as early as March and only came to light when the perpetrators used this access to break into cybersecurity firm FireEye, which first revealed a breach on December 9th. Victims have been identified, including the U.S. Sate, National Security, Commerce and Treasury departments, as well as the National Institutes of Health. The nature of the attack and the great care of hackers means they could spend months or more before knowing the extent of the damage. However, the impact is already devastating and underscores how ill-prepared the United States had been to defend itself from a known threat and respond to it. It is also ongoing.
And there is much more. Below we summarize the most important SolarWinds stories to date from all over the Internet. Click on the headlines to read them and be safe.
Reuters has broken several stories about SolarWinds hacking and its aftermath, but this piece takes a step back to look at the company downtown. The IT management company has hundreds of thousands of customers, including 18,000 who were vulnerable to Russia’s attack, who rely on it for monitoring the network and other services. Your security practices on some fronts seem to be missing, including the use of the “solarwinds123” password for your update server. (He is not suspected of being linked to the current attack, but … still).
The Wall Street Journal this week he shared new details about what happened inside FireEye earlier this month when he discovered and responded to his own commitment. Tip: An employee received an alert that someone had logged in to the company’s VPN using their credentials from a new device. More than 100 FireEye employees participated in the response, which included reviewing 50,000 lines of code to resolve any anomalies.
In recent years, the United States has invested billions of dollars in Einstein, a system designed to detect digital intrusions. But because the SolarWinds hack was what is known as a “supply chain” attack, in which Russia compromised a trusted tool instead of using malicious software known to break in, Einstein failed dramatically. The government cannot say it was not warned; a 2018 report from the government’s Accountability Office recommended that agencies — and federal defense systems more broadly — take the supply chain threat more seriously.
It is a good question and it will take a long time to answer. This week Microsoft at least shared some initial conclusions: more than 40 of its customers were victims of an advanced commitment from Russia. (Microsoft itself was also hacked as part of the campaign). Of those 40, nearly half were IT companies, while another 18% were government targets. Eighty percent settled in the U.S. It doesn’t mean it’s a complete look at the victims; there is probably a lot more to it than Microsoft has found so far. But it does give at least a clue about geography and category, none of which is particularly comforting.
Don’t take our word for the seriousness of all this hacking Read Tom Bossert’s New York News op-ed, in which the former national security adviser makes a compelling case that “the magnitude of this ongoing attack is difficult to overestimate” and demands a swift and decisive response in which “they must be put on the table all the elements of national power. “(This is also a good time to mention that President Donald Trump has not mentioned SolarWinds hacking at all, not once, not even a whisper. President-elect Joe Biden goes issue a statement, promising to impose “substantial costs on those responsible for malicious attacks.”)
Bigger cable stories