The SolarWinds Hack and What It Means
In our digital world, cybersecurity has become a household term. Computers are embedded in everything we do and the networks of computers that provide us digital services and business utility are now vast. Therefore, management tools have become incredibly important to the IT function so many devices can be more easily managed and subordinated to well-defined security policies. But while these tools provide significant benefits to managing many resources, they also pose a significant vector for hackers to target. Enter Solarwinds. We trust companies to protect the cyber health of essential US departments, and these same companies protect major private companies as well. When cybercriminals hack these companies, it potentially allows access to information-sensitive US information. It also creates fear that none of the US’s cyber information is totally secure. A hacker group infiltrated SolarWinds Orion update as it was being created. So what does this mean? CNET.com has the answers.
Who is SolarWinds?
SolarWinds is a cybersecurity company that many people may not be familiar with. However, the unfamiliarity doesn’t make them unimportant. SolarWinds provides cybersecurity for many US departments and a number of large private companies as well. Their software lets an organization see what’s happening on its computer networks, which is essential for keeping information secure.
As with any cybersecurity software, it’s essential to apply updates as time goes on. SolarWinds was working on an update to their Orion software, and hackers inserted malicious code into the update. According to SolarWinds, roughly 18,000 SolarWinds customers installed the infected update.
Inserting malicious code into a known update is referred to as a supply-chain attack. It’s called this because the hackers insert the code while the software is being assembled.
Who Was Behind It?
The US claims the hack to be the work of Russia. The Russian embassy in the US denies that Russia was involved at all.
The hacker group is nicknamed APT29 or CozyBear. They are the hacking group that was previously blamed for targeting email systems at the State Department and White House while President Obama was in office. US intelligence agencies also called them out as one of the groups that infiltrated email systems at the Democratic National Committee in 2015.
Why Did It Work So Well?
Typically, when hackers are looking to put malware onto your computer, they try to trick you into clicking on a malicious link. This does not always work as people often don’t fall for it, or their virus detector on the computer picks it up. However, no one was expecting malware on an update from a trusted company. So, all these companies and US departments downloaded the software when SolarWinds instructed them to.
Who Was Affected?
While it is still unclear just how many companies and US departments have been affected, here is a list of those SolarWinds know were affected.
- Security firm FireEye
- Department of Energy
- National Nuclear Security Administration
- US Homeland Security
- State, Commerce, and Treasury Departments
- National Institutes of Health
In terms of private companies, Microsoft and FireEye are the only two that have come out and said they were affected. Some other large companies that work with SolarWinds include McDonald’s, AT&T, and Procter and Gamble.
What’s the Effect?
Any company or US department that was impacted is potentially in a lot of trouble. The malware allows “broad access” into any of the affected systems. This means that any classified information that may be stored in these systems is potentially able to be accessed. It’s currently not clear what information may have been stolen, but the possibilities are vast.
How Is It Being Handled?
While it is not known what other departments may have been affected, “The US Cybersecurity and Infrastructure Security Agency put out an advisory urging federal agencies to mitigate the malware, noting that it’s ‘currently being exploited by malicious actors.'”
The government and private companies are looking into the attack to determine who all was affected. Then they will determine what steps need to be taken moving forward.
At Evernet, we are monitoring the SolarWinds hack closely, and thankfully none of our clients appear to be impacted. Contact us today for more information about our IT services.
Eric is a Business IT cybersecurity advisor, consultant, manager, integrator, and protector who founded EVERNET in 2007. Eric co-hosts a podcast called “Finance and Technology Insights by Brian & Eric” on YouTube. Eric is a regular contributor to the EVERNET blog, writing about the latest technology news and providing his expertise in cyber security prevention and management.