Several US agencies and thousands of businesses have been blindsided for months by sophisticated cyberattacks orchestrated by hackers – hackers that officials believe were backed by the Russian government.
The hackers abused a vulnerability on an update for IT management software developed by SolarWinds. The tech company revealed that as many as 18,000 of its customers downloaded the compromised software update, which allowed the cyberattackers to spy on businesses and agencies for nearly nine months. SolarWinds also disclosed that that it believes the attack was the handiwork of an “outside nation state” that inserted malicious code into the updates.
SolarWinds serves some 300,000 customers around the world, including most US-based Fortune 500 companies, as well as critical parts of the US and British governments – including their defense departments and their signals intelligence agencies.
The federal agencies that were confirmed affected by the cyberattacks include the US Departments of Treasury and Commerce, parts of the Defense Department, the State Department and National Institutes of Health, and the US Department of Homeland Security.
Sources familiar with the matter told Reuters that the DHS – which oversees border security and defense against hacking – was monitored by the hackers as part of the wave of cyber breaches.
Earlier this week, the US issued an emergency warning ordering government users to disconnect SolarWinds software, which had been compromised by “malicious actors.”
Regular businesses using SolarWinds’ software were also hit by the cyberattack; the most prominent of which is major cybersecurity company FireEye. A press release from the firm revealed that despite its formidable cybersecurity, it was compromised by the attackers. Moreover, the attackers targeted and accessed FireEye’s “Red Team” assessment tools – diagnostic tools the company uses to simulate hacking attempts on the company’s clients to identify any security vulnerabilities.
FireEye gave assurances in a release that none of the tools contain zero-day exploits, and that it is releasing methods on how to detect use of the stolen Red Team tools to the public.
In response to the cyberattack, Darren Thomson, head of cyber security at CyberCube, issued a statement to Insurance Business outlining that the breaches are “significant due to their strategic importance.”
“It looks like this attack could be linked to COVID-19 and the move to home working,” he said. “The resultant changes to working patterns and behaviours have exposed many new attack vectors that were previously ignored by attackers. In this case, monitoring software allowing IT staff remote access to computers on corporate networks was hacked. It’s likely we’re going to see more of this kind of attack in 2021.
“This type of software supply chain attack is on the rise. Between 2018 and 2020, we saw several examples of legitimate software update mechanisms being used to breach systems. Good examples were the attacks on BA and Ticketmaster in 2018. However, using software supply chains attacks to target a government is still relatively rare.”