Russia’s SolarWinds Hack: What We Know So Far

Share this post
Share on twitter
Share on facebook
Share on email
Share on linkedin
Russia’s SolarWinds Hack: What We Know So Far

As we write this article on Christmas week, we are aware of an indisputable truth: the full implications of the SolarWinds hack carried out by Russia-based agents will be unknown for a very long time.

The scale of this cyberattack is unprecedented and its current and future consequences hard to imagine.

Russia’s SolarWinds hack may be the biggest known, most serious attack in cyberwarfare, creating a new era for cybersecurity and technology. Right now, Microsoft and other major players involved in the investigation continue to work full-time to understand better the damage caused by this attack.

In the following lines, we will try to summarize what is known about this gargantuan and, unfortunately, successful cyberattack.

SolarWinds as the Perfect Victim

Why SolarWinds? Why the hackers behind this masterplan chose this company in the first place?

SolarWinds is an IT management firm with an estimate of 300,000 customers. Companies choose this firm for networking monitoring and other managed IT services that are highly demanded.

Its outstanding dominance in the market wasn’t the only appeal for the hackers. SolarWinds was the target of many critics before this attack due to poor cybersecurity practices disclosed and criticized by the media, such as using simple passwords for critical assets.

SolarWinds’ dominance involved the use of Orion, a market-leading network management software that served 18,000 customers, some of them being US agencies and billion-dollar companies. It was this piece of software the channel chosen by the hackers to inject malicious code through official updates.

The evidence so far shows that SolarWinds was successfully penetrated in March this year. It seems that at that point, hackers behind the attack began using Orion to access thousands of networks, 80% of them in the US.

Supply Chain Attack

A supply chain attack is when a malicious party uses trusted software to bypass cybersecurity mechanisms. This is dramatically different than trying to break into networks using malware or other methods, as this is much easier to detect and prevent.

The whole point of supply chain attacks is to use a channel that is trusted and therefore, neglected in terms of cybersecurity. This is what happened with SolarWinds’ Orion.

The US government uses a highly powerful cybersecurity program called Einstein. Billions of dollars have been invested so far in this system, improving it further to be up to the current challenges. However, back in 2018, the Government Accountability Office released an official report recommending agencies to pay more attention to potential supply chain attacks as Einstein didn’t push hard enough on that end.

Paying the Consequences

We are years away from understanding the full damage of this attack. Initial reports indicate that more than 40 percent of Orion users were severely damaged by the attack. Of these customers, 18 percent were government targets. Some examples are the US Department of State, Homeland Security, and the Treasure.

If Russia-sponsored hackers are indeed behind this attack, the situation can get even worse. Tom Bossert, the former homeland security adviser, argued in his NYT op-ed that the US government must act swiftly against the perpetrators, especially if there are political motivations that affect national security matters.

In the private sector, real consequences are yet to be known. This story will be a long one and unfortunately, it will bring major repercussions in financial and geopolitical matters, some of them being more severe than others.

Share on twitter
Share on facebook
Share on email
Share on linkedin

More Articles by Julie Security

Juliesecurity Logo

Download a sample report

The best way to understanding our value is to see it with your own eyes. A risk assessment report is a powerful tool helping mitigate cybersecurity vulnerabilities.

Welcome to Julie Security

Map your OT and IoT assets. Monitor your networks. Protect your facility from cyber attacks. Do it with Julie Security Intrusion Detection Platform.

By clicking the “Sign Up” button, you are creating a Julie Security account, and you agree to the
Terms of Use and Privacy Policy.