In recent days, the cyber attack SolarWinds has been actively discussed in the United States. Initially, there were not many details about it, except that it has a very large scale and has affected many American institutions and companies. Gradually, US authorities began to report more information.
The attack was initially discovered by cybersecurity company FireEye. It reports that elements of the attack have been spotted in a number of US agencies. Among them is that of US national security, as well as the country’s nuclear programs. Gradually, the attack was detected in large companies such as Microsoft and international agencies and institutions.
“We have a serious problem. We don’t know which networks they’ve entered, how deep they’re, what access they have, and what they’ve left,” Bruce Schneier, a cybersecurity expert, told the Associated Press. There are not enough experienced professionals to carefully check all government and private networks.
The attack was so widespread in various networks and institutions that it was probably not with one target, but several. It is believed that the main task was espionage and gathering as much information as possible on a variety of topics.
According to Schneier, the situation is very complicated. “The only way to make sure a network is clean is to burn it down and rebuild it,” he says.
U.S. Secretary of State Mike Pompeo announced on Mark Levin’s radio show that Russian hackers were most likely behind the attack. Soon after, however, former President Donald Trump refuted that claim.
How the attack happened
It was done by compromising SolarWinds software. Its product helps organizations keep track of what’s going on in their networks. Hackers have managed to use the latest version of the software and compromise it. It is used by about 18,000 SolarWinds customers.
Hackers have managed to embed their malicious code in trusted software and thus bypass many of the protections. The code infects the programs while they are being updated, and the victims practically install the virus themselves while they think they are increasing their defenses.
There are various lists of victims in many American media. Among them are many agencies, ministries. Microsoft said it had found the problem in 40 other customers. The software giant has also launched a campaign calling for a unified, global response to cyber threats as they become larger, more serious, and more complex. A common front of protection from them is needed.
Microsoft President Brad Smith said it was an “irresponsible act.” “This is not just an attack on specific targets, but also on the trust and reliability of the world’s critical infrastructure …” He also called for restrictions on the development of hacking tools.
Former Facebook cybersecurity director Alex Stamos also warns that due to the great success of the current attack, this method could become very popular.
What is happening now
There is a lot of work ahead to check all the networks. The attack is believed to have started in March last year, with the distribution of the compromised software continuing until June. Although 18,000 customers have installed the software, the malicious code has been activated on a much smaller number of them – specifically selected targets.
“Taking this out of so many different environments is like heart surgery,” TAG Cyber CEO Edward Amoroso told the Associated Press.
Cybersecurity experts expect that “clearing” the networks will take months. In some places, it will be even easier to just build new networks. At the same time, many security systems and protection methods will have to be redesigned and improved. Therefore, the attack will have lasting consequences not only in the IT industry.
Sign up for our newsletter to get the best of The Sized delivered to your inbox daily.