Following the FireEye story, this week has continued to be a whirlwind in cybersecurity news. So, let us jump right into it. Information of a large-scale cyberattack likely stemming from a nation-state perpetrator is increasingly unfolding and dominating the headlines. We break down what we know so far.
The Associated Press reported that Federal authorities have categorized an attack compromising U.S.-based and other systems as a “grave threat.” Believed to be Russian initiated, the hacking is considered sophisticated and has impacted or is at risk of impacting both government and private networks. The Department of Energy confirmed that it is one of the organizations already victimized by the attack. The Cybersecurity and Infrastructure Security Agency shared that it has reason to trace the hacking all the way back to last March, and power plants and financial institutions are among those that are cause for concern as targets. Of the methods that appear to have been used to carry out the cyberattack, the infiltration of SolarWinds, a management software, seems to be one.
Full Scope of Attack is Still Unknown
While a cyberattack like this is never warranted, former Homeland Security Advisor Thomas P. Bossert wrote in an opinion piece for The New York Times that an attack with such magnitude could not have come at a more inopportune time as the COVID-19 pandemic and presidential transition makes us particularly vulnerable. He stated that, considering the recent news of the FireEye attack and now the SolarWinds attack, “We need to understand the scale and significance of what is happening.” In his explanation of the SolarWinds case, hackers were able to gain access to networks by creating a compromised version of the software download. According to Bossert, the advanced style of this hacking suggests the work of Russian Intelligence. He estimates the number of those impacted to be around 18,000 including federal government and large company networks. Having control of such networks could mean the further distortion of information and trust in information he warns. Although he fears that the reaction may already be too late, Bossert does outline the next steps to take. Of his suggestions are that network operators must be highly alert and vigilant; the U.S. should focus on working with allies and utilizing coalitions and the incoming Biden administration needs to place addressing this attack at the forefront.
New Administration Sets Cybersecurity as Key Focus
As news of the recent attacks broke, Biden stated that he plans to set cybersecurity as “a top priority,” according to Bloomberg News. Within that priority is responding to this breach which officials from the Cybersecurity and Infrastructure Security Agency relay will be quite difficult. Part of what makes it so challenging is that the Orion software used by SolarWinds and corrupted is expansive in its utilization across the public and private sectors. As for now, the investigation is still open.
“Hack against US is ‘grave’ threat, cybersecurity agency says” – Ben Fox, Associated Press
- Federal authorities have categorized an attack compromising U.S.-based and other systems as a “grave threat.”
- The attack is considered sophisticated and may have been initiated by Russia.
- Private and government networks have been compromised in the attack including The Department of Energy.
“I was the Homeland Security Adviser to Trump. We’re being hacked.” – Thomas P. Bossert, New York Times Opinion
- In an opinion piece, Former Homeland Security Advisor Thomas P. Bossert stated that, “We need to understand the scale and significance of what is happening.”
- What is known of the attack is that hackers accessed software distributed by SolarWinds.
- The attack has the potential to impact 18,000 networks according to Bossert and could have many effects including on the distribution of data.
“Biden calls cybersecurity a ‘Top Priority’ after Russian hack” – Emma Kinery, Bloomberg News
- Joe Biden stated that he plans to put cybersecurity at the top of his list as his administration takes office.
- Responding to this attack will be very challenging as the use of Orion software like that from SolarWinds is widely used across government and private sectors.
- The investigation into the cyberattack is still ongoing.