Normally we use this space to collect the greatest stories from all over the cybersecurity world. This week we are making an exception because there is really only one story: how Russia carried out the biggest espionage hack ever.
The Russian hack of IT management company SolarWinds started way back in March and only came to light when the perpetrators used that access to break into cybersecurity company FireEye, which first revealed a breach on December 9. Victims have been identified, including the United States Departments of State, Homeland Security, Commerce, and Finance, as well as the National Institutes of Health. The nature of the attack – and the tremendous concern the hackers take – means it could take months or more to reveal the extent of the damage. However, the impact is already devastating, and it underscores how bad the US was to defend itself against a known threat – and to respond. It’s also underway.
And there is so much more. Below we’ve collected the most important SolarWinds stories from the internet so far. Click on the headlines to read them and stay safe there.
Reuters has broken multiple stories about the SolarWinds hack and its fallout, but this piece takes a step back to look at the company at its core. The IT management company has hundreds of thousands of customers – including 18,000 who were vulnerable to the Russian attack – who rely on it for network monitoring and other services. Security practices seem to be lacking on a few fronts, including the use of the password “solarwinds123” for its update server. (Not suspected of being tied to the current attack, but … still.)
The Wall Street Journal this week shared new details about what happened in FireEye earlier this month when it discovered and responded to its own compromise. The tip: An employee received a warning that someone had signed into the company’s VPN with their credentials from a new device. More than 100 FireEye employees took part in the response, which included searching 50,000 lines of code to identify any anomalies.
In recent years, the US has invested billions of dollars in Einstein, a system designed to detect digital intruders. But because the SolarWinds hack was a so-called “supply chain” attack in which Russia compromised a trusted tool instead of using known malware to break in, Einstein failed spectacularly. The government cannot say it was not warned; A 2018 report from the Government Accountability Office recommended that agencies – and federal defense systems in general – take the supply chain threat more seriously.
It’s a good question, and one that will take a long time to answer. In any case, Microsoft shared some initial findings this week: More than 40 of its customers were victims of sophisticated compromises by Russia. (Microsoft itself was also hacked as part of the campaign.) Of those 40, nearly half were companies in the IT sector, while another 18 percent were targeted by the government. Eighty percent were based in the US. This is not intended to be a comprehensive look at the victims; there are probably a lot more than what Microsoft has found so far. But it does at least hint at geography and category, neither of which is particularly reassuring.
Don’t believe us how serious all this hacking is. Read Tom Bossert’s New York Times op-ed, in which the former homeland security adviser asserts convincingly that “the magnitude of this ongoing attack is difficult to overestimate”, requiring a quick, decisive response that “must bring all elements of national power to the table”. (This is also a good time to mention that President Donald Trump has not mentioned the SolarWinds hack at all, not once, not even a whisper. President-elect Joe Biden has issued a statement promising to “impose significant charges. to those responsible for such malicious attacks. “)
More great WIRED stories