SolarWinds & FireEye Data Breach: The Wakeup Call for all organizations to Intensify Cybersecurity
The security industry is resonating with news of the FireEye breach and the announcement of the U.S. The Treasury Department, DHS, and possibly many other government agencies have been breached as a result (at least in part) of a supply chain assault on SolarWinds.
SolarWinds, a software company with over 3,00,000 customers, had released a notification that potentially 18,000 customers have downloaded. This flagship product that could have been compromised with a malicious code gives the threat that hackers might access their networks backdoor. FireEye, one of the Dominant cybersecurity companies in the United States, said FireEye had hacked it on Tuesday.
These breaches are a wake-up call that no one else is immune to risk or hacked. I have no uncertainty that both FireEye and SolarWinds take their security very seriously, but every organization is subject to the same reality: compromise seems inevitable.
Nature of the assaults
As details emerge, it is evident that the assault on SolarWinds was initiated in March 2020 and went undetected for almost nine months. The highly qualified actors were, by all means, effective in reducing their presence, as it has been some time since the intrusion.
Seamless attacks such as the plug-in discovered on the Orion platform can optimize an adversary’s access and insights into sensitive instruments and information.
Around 18,000 customers installed the March update affecting organizations in an SEC filing earlier this week, SolarWinds noted. The company’s total customer base means that for a large chunk of 2020, 6 percent of SolarWinds’ users have been vulnerable.
The Federal Reserve, the Department of Justice and the State Department, the Department of Homeland Security also the National Institutes of Health, CDC, NSA, NASA, and U.S. nuclear weapons agencies are all targeted by U.S. government agencies to illustrate the number of institutions impacted by the attack on SolarWinds. Tech giant Microsoft, Visa, AT&T, Lockheed Martin, Ernst & Young, Yahoo! are just a few of the affected companies! And the Times of New York.
A digitally signed portion that communicates through HTTP to third-party servers was the source of the malicious FireEye plug-in dubbed SUNBURST within the SolarWinds Orion platform. Hackers were able to insert a loophole into their code that went to thousands of customers by breaching SolarWinds’ construction servers. The malware retrieves and executes commands after an initial inactive duration, which can pass and run data, profile the device, reboot the computer, and disable system services. As an Orion Improvement Program (OIP) protocol, SUNBURST’s network traffic is secret, and inspection results appear seamlessly in the SolarWinds plug-in configuration files.
Implications for the security industry
The news this week carried two crucial headlines for the cybersecurity industry with it. The first story told us that nation-states now have access to hacking resources they did not previously have in the form of the FireEye attack. You should expect these resources to be enabled soon enough for malicious purposes. The second story, news of the Orion platform’s vulnerabilities, told us of an enduring compromise.
Expect Improved Tools for Hacking
FireEye’s attack offered hacking tools for malicious actors that can mimic what nation-states regularly do in cyberspace, accessing data for millions of people, hacking into the global economy, theft of intellectual property, and more. As the news continues to change, it is clear that this infringement would boost Russia’s ability to see what businesses and agencies are doing to protect against APTs.
On a macro-scale, these nation-state manoeuvres have little or no rules.
With minimal retaliation, nation-sponsored attempts have occurred. Ex NSA agent and TrustedSec CEO David Kennedy noted on CNBC that a rising population linked to organised crime creates breaches like this much more hazardous. Sharing these improved hacking skills would only add to their use, such as ransomware schemes that bring hundreds of millions of dollars each year.
How can businesses safeguard themselves?
Statistics abound when it comes to chronicling the effects of data breaches. According to research firm Cybersecurity Ventures, the global cost of cybercrime would surpass $10.5 trillion by 2025, a sum that far exceeds the annual harm caused by natural disasters by 2025. This figure hides countless ramifications inside it, spanning data destruction, financial losses, and theft of intellectual property and personally identifiable information to business disruption, Yet the numbers do not tell the whole story, considering this toll.
Think you consider what organizations have been affected by recent attacks. In that case, you must take action as a direct target and as a member of your larger ecosystem to determine your current risk. You need to assess whether you or other members of your ecosystem have encountered a breach, Lessen down your view of the attack surface, and identify possible entry points before you can respond to your executive sponsors.
The most acceptable approach to cybersecurity, then, is to do the little things right, build great defenses and identify threats as quickly as possible, and evade the inevitable breaches.
Manish Chaudhary (CISO) Of Cybernetic Global Intelligence, An Aussie Cyber Security Firm, said the attackers misused a few certificates and keys as part of their toolkit to penetrate and disseminate while avoiding detection.
One part of the SolarWinds breach, but not because of a stolen certificate, is code signing. Attackers were able to insert malware, which is difficult to detect, into the construction process. They could breach certificates, enabling them to produce fake network access tokens, convert them into cloud access, and control network access and user permissions.
This could involve delving into your third-party obligations and liabilities with other organizations. It entails categorizing the unique interest vendors for others and deciding where you fit into vendors’ larger ecosystem. It is helpful for each of us to note that we are all together in this. By improving our cybersecurity responsibilities collectively, you can boost organizational resilience and increase cyber maturity across the board.
Contact Cybernetic Global Intelligence today if you are under pressure to reduce the effects of a recent cyber incident or would like the options available to you when considering concentration risks or boost your readiness to withstand future threats.