Lessons from SolarWinds hack

What can SolarWinds hack teach us?

We all heard of the SolarWinds hack. Many people dismissed it as “just another data breach”, either by state actors or commercial hackers. We’ve become so hardened to such news that many of us don’t stop to think about the catastrophic implications of such an attack, how an attack like this can take place, and why these types of attacks aren’t being stopped? In this shocking and sobering video from CBS’ 60 Minutes, Bill Whitaker digs beneath the surface to find out more. In conversation with Microsoft President Brad Smith, staggering insights emerge from the SolarWinds hack that should sound alarm bells for every single cybersecurity professional.

“From a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen”

Brad Smith, President of Microsoft and Chief Legal Officer

“The attack was unprecedented in audacity and scope. Russian spies went rummaging through the digital files of the U.S. departments of Justice, State, Treasury, Energy, and Commerce and for nine months had unfettered access to top-level communications, court documents, even nuclear secrets. And by all accounts, it’s still going on.”

Bill Whitaker, 60 Minutes

How Attackers Got In

It’s now widely accepted, and confirmed by Smith, that attackers piggy-backed on a piece of third-party software used to connect, manage and monitor computer networks. The 60 Minutes report notes: “SolarWinds Orion” is one of the most ubiquitous software products you probably never heard of, but to thousands of I.T. departments worldwide, it’s indispensable. It’s made up of millions of lines of computer code. 4,032 of them were clandestinely re-written and distributed to customers in a routine update, opening up a secret backdoor to the 18,000 infected networks. Microsoft has assigned 500 engineers to dig into the attack. One compared it to a Rembrandt painting, the closer they looked, the more details emerged. According to Smith’s estimation, over 1,000 engineers worked on creating this attack, making it unprecedented in scope. Smith also responded that “when you look at the sophistication of this attacker there’s an asymmetric advantage for somebody playing offense”, and that the attacks like SolarWinds hack are almost certainly continuing.

Things Get Worse

As if this wasn’t enough, the protectors became the prey with SolarWinds hack. FireEye, a massive cybersecurity company, was itself a victim of the attack and was lucky to have even caught it. Intruders were moving freely about their network, “stealing FireEye’s proprietary tools to test its client’s defenses and intelligence reports on active cyber threats. The hackers left no evidence of how they broke in”

How Bad Did It Get?

It got this bad: the U.S’ qualitative technological edge has been seriously compromised. The Justice Department acknowledged the Russians spent months inside their computers accessing email traffic, as did Treasury, Commerce, the NIH, Energy, and even the agency that protects and transports the country’s nuclear arsenal.  According to the report, the attackers also hit the biggest names in high tech. The report goes on to detail many more staggering details and mind-blowing facts about SolarWinds hack. The bottom line? Cybersecurity professionals need to up their game to deal with a new era of cyberattacks.

The Solution Is Available To Those In The Know

Imagine there was a solution that planted mines among sensitive data, that would “explode” when accessed by the wrong people (like the SolarWinds hack) – with data becoming unusable, and immediately alerting security professionals.  This would have stopped this attack – or any advanced threat – in its tracks.  This solution exists and is being used by companies across the globe to protect their sensitive data. BeyondDLP™ by ITsMine includes the advanced SoftwareMines™ feature.  With SoftwareMines™ spread across the file server, suspicious behavior can be sensed immediately. When a SoftwareMine™ is set off – that is, exfiltrated and opened outside of the company’s environment – it will “call home” whenever and wherever it is used; thus providing an indication of a potentially significant data event. The unique identifier that is carried by the exfiltrated SoftwareMine™ will allow the company to get vital forensic information regarding this data event, including when the event happened, who was responsible, and what other resources this entity took or accessed. Data is protected against being used outside the organization, being accessed by unauthorized parties, or any other suspicious behavior. In this case, BeyondDLP™ would have protected and alerted data owners to this attack. For any storage – both in the cloud and on-premise – your organization should be using ITsMine’s BeyondDLP™ solution.

You can read more about SolarWinds hack here.