The recent cyberattack on the US government was massive. While the total extent of the breach is still being uncovered, what’s already apparent is that many various government agencies from federal to local levels have been compromised in a way that could pose lingering security threats. Adding another degree to the alarm is that it appears this hack had been ongoing for months, even though it was only just revealed.
And although much of this cyber infiltration seems to be directed towards critical government agencies, there were numerous private sector businesses involved as well. Upwards of 18,000 agencies and businesses received the malware infected software update that sits at the heart of the attack (Chappell, et al. 2020).
So, is this a threat to your business?
Suspect Software and Who is at Risk
The entire attack is centered around SolarWinds Orion software that was compromised with infectious malware – possibly all the way back in the spring of 2020. This software is used by many of the leading companies and organizations across the globe, including the US government as well as top-tier tech and security firms.
Government agencies that have been breached because of this attack have been dominating the press, and rightfully so. With the Pentagon, Department of Homeland Security, and National Nuclear Security Administration all reporting compromised networks because of the Orion update, it raises the brow of even those unacquainted with the world of cyber security. But the attack stretched beyond the government and has affected businesses such as tech giant Microsoft and the security firm FireEye.
If your business had used the Orion software at any point during 2020, then there is a more than credible threat to your data and security. The malware seems to be specific to a SolarWinds Orion update that was released earlier last year however, so not all users of Orion are under immediate risk. The threat actors behind the malware infection sat silent for months as the breach went unnoticed and were able to glean everything from internal communications to source code to just about any other type of valuable information, they now had access to. And with nearly 9 months for the perpetrators to gather this data before the hack was first realized, the true scope of things is yet to be fully understood.
A glimmer of hope amidst the vast scale of this wide-reaching and historic cyberattack is that of the 18,000 networks infected with the malware. It appears as though only a fraction of those victims were targeted by the hackers to a widespread degree. If you are reading this and are involved with one the of the larger businesses who have been compromised, chances are your firm’s remediation and cleanup efforts are already well underway. If you are involved with a smaller scope business that did install the Orion update, you’re not entirely out of the woods – but recent investigations report that only around 250 networks have been exploited on deeper network levels (Sanger, E. et al. 2021), leaving thousands of others breathing a subdued sigh of relief.
How Stolen Data from the Hack is Being Used
The scale of this hack makes it hard to determine exactly how the stolen data is going to be used. And the cybercriminals who now have a nearly bottomless chest of valuable information may not yet know themselves, either. Moreover, the reality of the size and scope of the attack represents critical flaws that can disrupt the world of global security and stability, with government agencies in mind, and tech supply chain issues at risk, both of which affect businesses of all shapes and sizes worldwide.
A better way of looking at the breach occurrence is not necessarily how this information will be used, but rather the fact that it was such a sophisticated and well-coordinated attack that represents the ongoing need for developing modern defenses that are better suited to deal with these events in the future. It makes for an alarming situation that shows just how vulnerable even the highest-level institutions are to cyber threats. And it very much brings to the spotlight the need for developing cyber security tactics that can keep up with these threats and limit their prevalence and impact in the future.
What’s Next?
This entire situation is very much still ongoing. The number of entities affected as well as which networks may be entirely compromised are seemingly growing by the day. This hack represents the largest and most wide-reaching cyber-attack in history – and it continues to get bigger as more investigations occur, and details are exposed. The true depth of the hack may take years to fully understand, and the networks that have been compromised may never quite recover and will have to be rebuilt. This event is vast, alarmingly impressive, and well executed.
On a business level, companies that have been compromised need to take immediate action to uncover the scope or their individual situations. From there, any affected networks can be assessed, and the malware code can be removed if it is still active. Professional cybersecurity assistance and guidance is recommended throughout this process. There isn’t going to be an overnight fix, but defenses can be rebuilt in order to limit any damages already done and work towards future prevention of similar events.
This entire situation brings defenses against cyber threats to the forefront at many of the agencies and organizations affected by the hack but also with the general public as well. If the top levels of government are susceptible to such a sophisticated attack, how are companies without similar resources going to be able to adequately protect themselves? Quality cyber defenses are still the answer, even amidst what seems like a lingering catastrophe.
SolarWinds is reported to have been lax about their own cybersecurity defenses leading up to the attack (Sanger, E. et al. 2021) and may have taken some cost cutting maneuvers in lieu of proper protection. The result was certainly not expected but should be taken as a stark reminder of the significance cybersecurity holds in our modern world.
LibertyID is the leader in identity theft restoration, having restored the identities of tens of thousands of individuals without fail. If you retain personal information on your customers, now is the time to get data breach planning and a response program in place with our LibertyID for Small Business data breach preparation program. With LibertyID Enterprise you can now add value to existing products, services, or relationships by covering your customers, employees, or members with LibertyID’s fully managed identity theft restoration service – at a fraction of our retail price – with no enrollment and no file sharing. We have no direct communication with your group members – until they need us.
Call us now for a now obligation proposal at 844-44-LIBERTY (844) 445-4237.
References: