SolarWinds Cyberattack & The Insurrection at The Capitol – How They Compare20 January, 2021
By now, you’ve likely heard at least something about the cyberattack that Austin, Texas-based company SolarWinds suffered at the beginning of this year. If you haven’t, keep reading, because although many of us tend to drift off when we hear the words “cybersecurity”, “hack” and “data breach” this attack has broad-reaching consequences not just for companies and individuals, but for a multitude of government agencies and the security of our nation. The meticulously crafted attack has been compared to the attack on Pearl Harbor and described as “extremely powerful” and a breach that “gives hackers broad reach into impacted systems.”
Russia, we now know, used SolarWinds' hacked program to infiltrate at least 18,000 government and private networks. The data within these networks—user IDs, passwords, financial records, source code, you name it—can now be presumed to be in the hands of Russian intelligence agents.
Steven J. Vaughan-Nichols, a writer for Zero Day, said in a January 4th blog post, “Personally, I'd assume that if my company had been using SolarWinds Orion software during 2020, I've been hacked.”
As time goes by, more and more government agencies and companies have been shown to have been affected. This includes the Department of State; the Department of Homeland Security; the National Institutes of Health; the Pentagon; the Department of the Treasury; the Department of Commerce; and the Department of Energy, including the National Nuclear Security Administration. Now do we have your attention?
Senator Mark Warner (D-Virginia), ranking member on the Senate Intelligence Committee, told the New York Times the hack looked "much, much worse" than first feared. "The size of it keeps expanding."
SolarWinds sells software that lets an organization see what's happening on its computer networks. To affect the breach, hackers inserted malicious code into an update of that software, which is called Orion. Around 18,000 SolarWinds’ customers installed the tainted update onto their systems, the company said. The compromised update has had a sweeping impact, the scale of which keeps growing as new information emerges.
New research into the malware that set the stage for the megabreach shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. The research further suggests that the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software providers, and may already have been.
It was a meticulous, calculated, tested, patient attack that took years to execute and from which the ongoing ramifications are still unknown.
At almost the same time we were learning of the SolarWinds attack, the US capitol was breached by a huge mob of angry insurrectionists bent on subverting one of our most hallowed institutions: a democratic election. During the attack, laptops, potentially containing sensitive information, were stolen from congressional offices. Following the attack, the Justice Department warned in a briefing that stolen items from lawmakers, including electronics, could pose national security risks and would potentially have enormous value to hostile foreign powers, cybercriminals and other bad actors.
If any congressional devices or networks were breached, either amid the attack or via, say, a USB drive surreptitiously inserted into a computer, that could mean not only theft of information but also the potential to insert malicious code for future exploitation or mischief.
And while there’s no evidence that any of the people who stormed the Capitol were there as cyberspies, even the small risk of congressional networks being breached is seriously troubling, say experts.
These two events are very different, and yet they share a common message. One was a calculated, well-planned cyberattack by a sophisticated nation-state that went undetected for months with still unknown national security ramifications. The other was a less-calculated brute force attack by a riotous mob that nevertheless resulted in unknown national security ramifications.
Data breaches and cybercrime will get worse before getting better. Data shows that there’s an upward trend in all areas; the number of data breaches, the severity of data breaches, and the average cost of each breach. Despite all the efforts white-hat hackers, IT professionals, and major institutions are taking to improve cybersecurity, data breaches are on a trajectory to get worse before they get better.
This is due to several factors, but foremost among them is that there is an increasing diversity of options available to hackers to commit cybercrime. This is coupled with the reality that the value of personal records and sensitive information is becoming increasingly valuable.
There may be a future where cybercrime is less common and less costly, but it’s a distant future. Until then, a keen eye toward comprehensive information security infrastructure is critically important.
At ShareVault, we provide a solution that can assist in mitigating risks like the two above and many others. We provide a cloud-based document sharing solution which is helpful for sharing confidential info with external parties.
In addition, Dynamic Native File Protection or DNFP, can be added as a powerful feature providing an invisible layer of security and protection. Rest assured, whether documents are in transit, being shared outside of a firewall, or stored on a member's computer at home, they are protected.
We're happy to confidentially discuss any concerns you may have.
ShareVault hosts a cloud-based document-sharing repository where documents can be shared both simply and securely. It is commonly used for M&A transactions, Life Science partnering, fundraising, boardroom communications, legal processes and any other applications where documents need to be shared with the utmost security.