As we write this article on Christmas week, we are aware of an indisputable truth: the full implications of the SolarWinds hack carried out by Russia-based agents will be unknown for a very long time.
The scale of this cyberattack is unprecedented and its current and future consequences hard to imagine.
Russia’s SolarWinds hack may be the biggest known, most serious attack in cyberwarfare, creating a new era for cybersecurity and technology. Right now, Microsoft and other major players involved in the investigation continue to work full-time to understand better the damage caused by this attack.
In the following lines, we will try to summarize what is known about this gargantuan and, unfortunately, successful cyberattack.
SolarWinds as the Perfect Victim
Why SolarWinds? Why the hackers behind this masterplan chose this company in the first place?
SolarWinds is an IT management firm with an estimate of 300,000 customers. Companies choose this firm for networking monitoring and other managed IT services that are highly demanded.
Its outstanding dominance in the market wasn’t the only appeal for the hackers. SolarWinds was the target of many critics before this attack due to poor cybersecurity practices disclosed and criticized by the media, such as using simple passwords for critical assets.
SolarWinds’ dominance involved the use of Orion, a market-leading network management software that served 18,000 customers, some of them being US agencies and billion-dollar companies. It was this piece of software the channel chosen by the hackers to inject malicious code through official updates.
The evidence so far shows that SolarWinds was successfully penetrated in March this year. It seems that at that point, hackers behind the attack began using Orion to access thousands of networks, 80% of them in the US.
Supply Chain Attack
A supply chain attack is when a malicious party uses trusted software to bypass cybersecurity mechanisms. This is dramatically different than trying to break into networks using malware or other methods, as this is much easier to detect and prevent.
The whole point of supply chain attacks is to use a channel that is trusted and therefore, neglected in terms of cybersecurity. This is what happened with SolarWinds’ Orion.
The US government uses a highly powerful cybersecurity program called Einstein. Billions of dollars have been invested so far in this system, improving it further to be up to the current challenges. However, back in 2018, the Government Accountability Office released an official report recommending agencies to pay more attention to potential supply chain attacks as Einstein didn’t push hard enough on that end.
Paying the Consequences
We are years away from understanding the full damage of this attack. Initial reports indicate that more than 40 percent of Orion users were severely damaged by the attack. Of these customers, 18 percent were government targets. Some examples are the US Department of State, Homeland Security, and the Treasure.
If Russia-sponsored hackers are indeed behind this attack, the situation can get even worse. Tom Bossert, the former homeland security adviser, argued in his NYT op-ed that the US government must act swiftly against the perpetrators, especially if there are political motivations that affect national security matters.
In the private sector, real consequences are yet to be known. This story will be a long one and unfortunately, it will bring major repercussions in financial and geopolitical matters, some of them being more severe than others.