2020 will be remembered for many things: a blind-sighting menagerie of faltering hopes, bottomless worry and bitter disappointments. And for something else, as well: 2020 is the year in which we saw an acceleration of cyber warfare, in not only its adoption but ambition and sophistication.
We recently released a blog post discussing a cyber attack on Covid supply lines. Now, however, a more insidious hack has come to light: the SolarWinds hack, which targeted US government agencies that use the SolarWinds software (which, incidentally, includes most of them).
What did the hack involve, and who was targeted?
Hundreds of US organisations across the US, and many in the UK, rely on Orion, a piece of software developed by the IT company SolarWinds. The hackers – reportedly state-sponsored Russian hackers – surreptitiously hid malware within SolarWinds’ software updates. It represents one of the most sophisticated and sustained cyber-espionage campaigns ever seen, astounding not only for its precision and sophistication but widespread application.
SolarWinds has said the effected updates were released between March and June of this year, which means the attackers may have been inside systems for up to nine months. On its website, the company said that “fewer than 18,000” of its customers downloaded the compromised updates. It has 275,000 customers worldwide. Given the ubiquity of the software, and its use within critical systems and governmental infrastructure, the potential damage is staggering, even if only a relatively small number of the company’s overall customers were affected.
One notable victim is FireEye, a cybersecurity company, which revealed it had been a victim of the attack, and said it had found other victims in “government, consulting, technology, telecom and extractive entities.” The hackers, they revealed, targeted the data of its government customers by breaching its internal systems, but, fortunately, there was no evidence that any government information was stolen.
What it means for networks and network managers
Ubiquitous software means, naturally, that any composite vulnerability is also ubiquitous, as well as the disruption caused if that software can no longer be used. The Russian government has denied involvement in the attack. At this point, however, identifying the source of the attack is, for many organisations, less important than understanding how to prevent future occurrences, or integrating effective detection and resolution solutions. We’re living in a time of heightened tensions which show no signs of abating; how states disrupt critical systems and access information has, as with the rest of our lives, changed. As cyber warfare becomes more sophisticated, and the campaigns more prolific, insidious and calculating, so too must network protection solutions, as well as the personnel responsible for integrating them.
One solution provider already looking to provide better protection against such attacks is Plixer. Their key network monitoring and security product, Scrutinizer by Plixer, is capable of precisely tracking and recording data packets across networks. In a recently published blog post, they detail their efforts so far to help users track SUNBURST – the fitting name for the responsible malware. Ultimately, network metadata is your friend; with it, you can see precise detail of what’s taken place, and which areas of your network – or which users – were affected. Using context-rich metadata, investigations can then more easily and more expediently take place, and resolutions found to any damage inflicted.
For more information on Scrutinizer by Plixer and how to improve your network’s monitoring in 2021 and beyond, contact us today.