This June 6, 2013 file photo, shows the sign outside the National Security Agency (NSA) campus in Fort Meade, Md.All fingers are pointing to Russia as author of the worst-ever hack of U.S. government agencies. (AP Photo/Patrick Semansky, File)
December 22, 2020
While the U.S. reels from the massive SolarWinds hack, which compromised government agencies and private tech companies, cybersecurity experts predict that more attacks on high-value targets are likely to occur.
“There is a high probability that we will continue to see other wide-scale attacks like those targeting Microsoft, SolarWinds, UK, and U.S. government agencies and their customers in the foreseeable future as the size of this breach is massive," said Lior Div, CEO of Cybereason, the technology company behind a popular cybersecurity defense platform.
The Washington Post reported last week that the Russian hacker group APT29, or Cozy Bear, was behind the attack, though its sources were unnamed. Div said he shares this belief based on the group's history and the resources required to organize a hack of this scale.
"The amount of resources and time needed to prepare, and the accuracy required by the threat actors, make it very difficult to achieve success," he said.
The hackers gained access to government agencies, including the U.S. Homeland Security, State, Energy, and Treasury departments, as well as IT companies in the supply chain, including Intel, Deloitte, and Cisco, among others.
They did this by inserting malicious code into the network monitoring software of a third-party vendor. Texas-based SolarWinds sold the tainted software to at least 24 organizations, according to a Wall Street Journal report.
Experts agree this is the worst incident since the NotPetya attack in 2017, considered by some the most sweeping cyberattack in history.
Div said the hack highlights the vulnerability of IT supply chains to cyberattacks and how they can have far-reaching ripple effects. He also pointed to the presidential transition and the demands of fighting misinformation around COVID as contributing to officials perhaps taking their eyes off the ball.
"Adversaries like Russia and China look for this kind of instability and distraction to exploit for their benefit," he said. "If SolarWinds, a company with a stellar reputation, is hacked, then no hygiene in the world will prevent future attacks if companies don't have a robust, post-breach mindset and around-the-clock threat-hunters on the job.”
While supply chain attacks of this kind have so far been rare, they present a significant opportunity to hackers willing to put in the time because once they're inside a trusted network, they can essentially roam free.
"The biggest concern here is that the success of this attack may lead to more threat actors looking to repeat the success that the SolarWinds compromise has had thus far," said Kate Kuehn, senior vice president at vArmour, a cybersecurity software company. "If supply chain hacks become more commonplace, the focus on visibility within an environment and app-to-app/user-to-app communications in a real-time, dynamic way, will become critical to prevent additional widespread breaches."
This means more real-time monitoring of behavioral changes by privileged accounts and systems, which played a key role in slipping past security measures up and down the supply chain that SolarWinds was a part of.
The long-term consequences of this kind of attack is an erosion of trust between partners, particularly those at the borderline of private and public organizations, she added.
"Software testing and code review will also come under massive scrutiny from a security perspective, more so than has ever been seen in the past," she said. "Companies will have to quickly put measures in place to address both of these issues."