The SolarWinds attack is the most prolific cyber attack in history and will have far-reaching consequences on all levels of business. Major attacks are becoming more common, so why is it so important to understand the impact of this attack compared to others?
On December 13th it was announced that IT Management Company, SolarWinds, was attacked leading to breaches on multiple US Federal Agencies and US Fortune 500 companies. While the severity of the breaches are still being evaluated, the impact is already starting to reverberate throughout the cyber world.
What Is SolarWinds and What Happened?
SolarWinds is an IT management and monitoring platform that allows IT teams to remotely access an organization’s technological environment. SolarWinds announced that they were the victims of a highly sophisticated, manual supply chain attack on December 13th. A vulnerability was built into SolarWinds’ Orion Monitoring platform, that if activated, could lead to a compromise to the server running the Orion software. This, in essence, gives attackers “hands on keyboard” access to move laterally through your network, allowing them to steal credentials or data. Kevin Thompson, President and CEO of SolarWinds, posted a message regarding the attack that can be viewed here.
The truly devastating aspect of this attack was how successfully it integrated itself into all levels of the US infrastructure. The attack impacted an estimated 18,000 Orion users that included the Department of Commerce, the Department of Energy, and the Department of Homeland Security. It also impacted some of the largest Fortune 500 companies like Microsoft, Nvidia, Comcast, Cisco, and VMware. Many of these organizations and companies are household names that we rely on daily. The extent of the attack was so prolific that on December 13th, the Cybersecurity & Infrastructure Security Agency (CISA) published an Emergency Directive 21-01 advising “all federal civilian agencies to review their networks for indicators of compromise.” The immediate impact of this Directive mandated that anyone who had SolarWinds installed on their network had to immediately disconnect it from the network. This left those affected scrambling to find alternative solutions to monitor their network. However, it will take time to fully investigate and understand the full impact of this attack.
You can learn more about the affected products and the direct impacts in SolarWinds’ Security Advisory.
What Will the Impacts Be to Businesses Not Directly Affected by the Attack?
The first impact is that confidentiality of sensitive data is already affected due to unauthorized access to networks that likely had sensitive information. While the implications of this are easy to understand, the full breadth of the attack is still being understood. Many of the impacted companies are conducting thorough investigations to understand what data and systems were compromised, but it could take a long time to uncover the full extent of the attack.
Even if you do not use SolarWinds, many federal agencies and major IT companies do. These organizations store sensitive data that is now subject to compromise because of the vulnerability.
One of the primary concerns is attackers having continued access to your network. The SolarWinds attack effectively allowed attackers free movement throughout the compromised network, allowing for any manner of mischief. It is quite possible for a hacker to install a backdoor during the SolarWinds breach, granting them continued access to your systems.
Apart from the loss of personal data and future access to your systems, the severity of this attack will spur a revamp of federal cybersecurity policy that will be felt through all levels of business. This attack, compounding on past events, has really hit home with the incoming administration the importance of a modern cybersecurity policy. Now President-Elect Joe Biden released a statement on December 17th, 2020 making it clear that his “administration will make cybersecurity a top priority”.
The level of sophistication demonstrated and evidence being uncovered strongly indicates that the actor behind this attack was a foreign nation-state. The gravity of this attack on our national infrastructure has highlighted the urgent need to address gaps in US cybersecurity and will force sweeping federal regulation to ensure agencies and companies do their utmost to protect against future attacks. This will create a huge burden, both in time and money, for US tech companies; a burden that will be passed on to smaller businesses and consumers alike.
While new legislation will take time to implement and may contain exemptions for smaller businesses, those companies will still feel the impact of the changes. Larger companies subject to regulation will need to step up their cybersecurity programs to prove due diligence in the event of an attack. This will require more stringent policies to be put in place as companies work to protect data. Not only will this place stricter measures on smaller companies via 3rd party vendor agreements, but it may very well impact the cost of products and services as larger companies absorb the additional burden.
What Should You Do?
First, make sure you were not directly affected by the attack on SolarWinds. They are reaching out to customers that were affected, but it is imperative that you verify you were not impacted and update any existing Orion software if it is used in your organization. You can learn more about what steps need to be taken in the SolarWinds Security Advisory.
Once you have ensured you were not directly affected by the attack, how do you know what to do next? Cybersecurity is an ever-changing journey and we are all at different stages with our own unique IT environment. So how do you best prepare a robust cybersecurity program?
The answer is to adopt a risk-based approach to cybersecurity that best mitigates your unique risks. There is no such thing as secure; there is only more or less risk. A risk-based approach will ensure you are educated on the likelihood and impact of risks to your environment and will help you prioritize your efforts as you continue forward.
Everyone should start by making an effort to uncover operational and business risks through the help of Rigid Bits. This can be accomplished in a variety of ways but may consist of a thorough Risk Assessment, a Vulnerability Assessment, or Penetration Test. These exercises will identify your areas of risk, prioritize those risks, and provide the information you need to make educated decisions about how to mitigate your risks through technology, cybersecurity policy & procedures, security awareness training, and other forms of cybersecurity controls.
While it is important to be aware of your particular risks, you should not feel overwhelmed by cybersecurity. There are easy wins that can be put in place quickly to get a jump start on your program.
As always, we are here to help. Please contact us today to learn more about how you can get started on the right path and prepared for what is to come.
- “A Message to Our Customers” by Kevin B. Thompson (https://orangematter.solarwinds.com/2020/12/18/a-message-to-our-customers/)
- CISA “Emergency Directive 21-01” (https://cyber.dhs.gov/ed/21-01/)
- “CISA Issues Emergency Directive to Mitigate The Compromise of SolarWinds Orion Network Management Products” (https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network)
- SolarWinds Security Advisory (https://www.solarwinds.com/securityadvisory)
- “Statement by President-elect Joe Biden on Cybersecurity” by Joe Biden (https://buildbackbetter.gov/press-releases/statement-by-president-elect-joe-biden-on-cybersecurity/)
- “Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack” by Mitchell Clark (https://www.theverge.com/2020/12/21/22194183/intel-nvidia-cisco-government-infected-solarwinds-hack)
- “Massive SolarWinds hack has big businesses on high alert” by Rishi Iyengar (CNN Business) (https://www.cnn.com/2020/12/19/tech/solarwinds-hack-companies/index.html)
- “I Was the Homeland Security Adviser to Trump. We’re Being Hacked” by Thomas P. Bossert (https://www.nytimes.com/2020/12/16/opinion/fireeye-solarwinds-russia-hack.html)
- “Reflections on the SolarWinds Breach” by Herb Lin (https://www.lawfareblog.com/reflections-solarwinds-breach)