The year 2020 has seen its share of setbacks on the IT scene. Especially with regard to hacks and other data leaks. The SolarWinds case is probably the most important of this year.
The scope of the SolarWinds hack continues to grow. The New York Times conducted various interviews indicating that the apparently Russian-backed campaign was ultimately far deeper than previously thought. If, at the start, the intruders were to have tested “only” a few dozen government and business networks, today it would appear that around 250 networks were not victims of this hack. The attackers took advantage of multiple layers of supply, according to the report.
Scope of SolarWinds hack would be greater than previously thought
It would also appear that there were multiple defenses. Cyber Command and the NSA quickly set off warning systems in foreign networks to detect attacks, but they reportedly failed. The hacker team also appears to have orchestrated the attack from the United States to take advantage of local restrictions on private espionage. And there is also the fear that the heightened security around the US presidential election may have weakened security around software supply chains in some way.
The location of the hack itself could also have played an important role. Investigators are currently trying to determine whether the hack may have escaped SolarWinds offices in countries in Eastern Europe, such as Belarus, the Czech Republic and Poland. Engineers there had access to Orion’s compromised network software, and Russia has many affinities in those regions.
However, the investigation remains very difficult to conduct
The Times also asserts that SolarWinds has been rather slow to respond to these security concerns, notably citing executives in 2017 in response to privacy law in Europe and apparently ignoring the advice by Ian Thorton-Trump calling for “more proactive” internal safeguards. Ian Thorton-Trump left the company at the time frustrated by this non-reaction to these issues.
SolarWinds did not deign to comment on the subject of its security, simply reiterating that it was the target of a “highly sophisticated, complex and targeted cyber attack.”
Impossible to know precisely the extent of the damage but it is now clear that the attackers were able to get their hands on source code from Microsoft and attack the security company CrowdStriek in addition to a number of federal agencies and other businesses. It will take months, if not more, before we fully understand this attack and, more importantly, know exactly what its impact is.