It is a well-known fact that governments have been spying on other ones (and often people in their governments) from the beginning of their existence. Of course, this meant that they had more and more ways and opportunities to do so with the rise of new technologies. In this article, we will talk about the SolarWinds incident and what is the damage it on the US Department of Homeland Security.
One might say a constant hidden Cold War is happening around us, with many participants, all trying to gain classified information that would, in one way or another, help them achieve their goals, whatever they are. Cyber-espionage is one of the main ways this is happening, and there are thousands of cyberattacks happening daily, with varying degrees of success.
In 2020, a year memorable in many ways, a significant cyberattack successfully penetrated many organizations globally, including many governments and major companies. At first, it seemed that the US Department of Commerce and the US Treasury department were attacked.
However, very soon, it was discovered that among the victims were the United States federal government, NATO, the UK government, the European parliament, and companies such as Microsoft. Within days of discovering the data breach, hundreds of organizations worldwide reported being affected by it, too, making it one of the most successful, if not the most successful, cyberattacks ever.
While the hack was dangerous for many reasons, it did not cause any actual harm by the standards of cybersecurity experts. It was the case, especially when compared to a cyberattack called NotPetya, which was launched by the Russian military in 2017 and planted ransomware in thousands of computers.
It did paralyze many multinational companies and permanently locking people from all over the world out of thousands of computers. That attack is considered the most destructive and costly cyberattack in history, making the SolarWinds data breach seem less severe, or at least more espionage-y, compared to the pure destruction NotPetya caused.
The attack had gone undetected for months, making it especially dangerous, as, for approximately nine months, hackers had access to sensitive data of many high-profile targets. The cyberattack began at the latest during March 2020, and it was first publicly reported in December 2020.
The hackers used software and credentials from at least three big US firms – SolarWinds, Microsoft, and VMware. The flaws in the firms’ products allowed the hackers to access user data. While the main issue caused by the data breach was the data theft, the attack also caused thousands and thousands of SolarWinds customers to check whether they had been breached, having to take their systems offline and do months-long security procedures as a precaution.
The hackers used a software update on Texas-based company SolarWinds’ Orion program to slip the malicious code into Orion’s software. The users needed to download the tainted update and apply it, and afterward be connected to the internet so that the hackers could have access to their data.
Several US government officials stated that they believe that the Russian-sponsored hackers are behind the attack, which the Russian government denied. HOWEVER, former US President Donald Trump suggested (without any evidence) that China might be responsible, and not Russia.
He also tried to downplay the hack and even suggest that it might have been connected to an attack on voting machines, making him lose the election (this was recommended without any evidence too). China denied involvement in the hack.
The current US President, Joe Biden, took the hack much more seriously, saying it was an active threat even several months after its discovery. Additionally, the US government is, as of April 2021, in the process of issuing sanctions and taking different actions against several Russian companies and diplomats that might have taken a role in the hack and the 2020 US elections.
Some have claimed that the cyberattack could almost be seen as an act of war, but, luckily, it does not seem likely that there will be anything warlike regarding the consequences of the hack.
As for the rest of the world, NATO and the UK government also took the hack seriously, assessing the situation and identifying the potential risks. However, it will likely be challenging for everyone affected by the hack to discover the full extent and protect themselves from any possible consequences.
Read our previous article; Is your business too small to get hacked? Think again.
Check our web page to learn more about cyber security solutions; Watchdog.dev