With the massive SolarWinds breach that happened in early December, experts claim that companies and government agencies can start investing in sophisticated security practices.
Further investigations on the cyberattack that happened on December 13 suggest that the SolarWinds incident was conducted by a highly-planned hacking. The extent of the breach provides information that this attack is nothing that amateurs can do.
In fact, according to a report by Reuters, this incident was carried out by a sophisticated hacking group backed by some foreign government. This poses a threat as the hackers stole information from U.S. government agencies, including email traffic.
It appears that this incident has affected every level of government plus hundreds of private companies. About 18,000 SolarWinds customers are reportedly affected, those accessing the company’s software.
Hackers were able to penetrate various networks containing vulnerabilities of high shot companies and even governmental offices. The investigation suggests high-profile targets of the attack, including the U.S. Department of Treasury, Homeland Security, Department of Energy, and Microsoft.
While there’s still no clear footprint from the hacking attack, an unnamed source claims that the Russian government is responsible. Hackers with nicknames like APT29 or Cozy Bear are part of the Russian government’s foreign intelligence service.
Experts like Daniel Ives of Wedbush Securities said that the SolarWinds breach is among the largest breaches in U.S. history and could take years to fully understand the full extent.
“This scale, the scope of this attack is jaw-dropping. I think how pervasive potentially [the hackers] got within the confines of the government and enterprises is a major wake up call,” added Ives.
Ives said that SolarWinds alone, with massive supply chains, is a reason for a cyber hacking attack. Being big in the business, a competitor can easily create a dent to destroy the image of the company and take over crucial information.
SolarWinds itself has its own network and management software and with more than 3,000 global employees. The hackers used a number of sophisticated techniques to get into SolarWinds’ systems, tampering with the network management, and updating the server.
Experts looking at how the hackers worked claim this isn’t an ordinary attack. Threat actors were able to gain remote access and inserted a malicious code that would ride on the software update.
As a result, SolarWinds was urged to update the software patch problem and worked with third-party cybersecurity experts to understand the attack better.