[ad_1]
The list of prominent victims of what is surely the most spectacular hacking attack of the year grows by the day. At first, it only appeared to be about computer security company FireEye, which was compromised by a tainted update to SolarWinds’ Orion software. But then it gradually emerged that the Treasury, Commerce, Homeland Security, the State Department, and parts of the United States Pentagon had also captured sophisticated spyware in this way. More recently, it emerged that even the US Department of Energy and its subordinate National Nuclear Security Administration (NNSA) are affected. The NNSA manages the US nuclear arsenal.
Microsoft, which has also discovered the malware on its systems, speaks of a “widespread and successful attack on sensitive US government information and the technical tools that are supposed to protect it.”
It is currently not completely clear what sensitive information this could have been. But, according to previous analysis, the perpetrators had extensive access rights within the infiltrated systems and months to look around and seize them. All those affected must assume that the perpetrators behind whom state actors are suspected have seen at least parts of their email communications and other data. However, it may take months before they find out what was secretly leaking. So far, nothing speaks in favor of a criminal act of enrichment or an attempted sabotage, but everything in favor of an espionage operation.
For IT security expert Dmitri Alperovitch, the fact that there are too many victims is the best news about the incident: “No attacker has enough human resources for each of the potential victims,” wrote the company’s former chief technology officer. IT security CrowdStrike. On twitter. “You have to focus on those who matter most to you.”
“According to current knowledge,” few people affected in Germany
The scale of the operation is truly staggering: since at least this March, thousands of authorities, companies and critical infrastructure operators have been seriously compromised. There are victims mainly in North America, but also in Europe, the Middle East and Asia.
Germany hasn’t been spared either, but the extent of the damage is still unclear here. According to its own statement on Friday, the Federal Office for Information Security (BSI) is aware that companies and authorities in Germany are using SolarWinds software. According to the current state of knowledge, the number of affected is low. “
No reaction from Donald Trump
One thing is clear: there was more than one route of infection, but the first known has it all. The perpetrators hijacked and tampered with an update to Orion network management software from Texas company SolarWinds. More than 17,000 organizations downloaded the update, unknowingly breaking a back door in their computer systems.
The US cybersecurity agency CISA claims it has found evidence of other methods by which perpetrators infiltrated foreign systems, but is not yet ready for a detailed decision. “This actor has shown patience, caution, and complex espionage skills,” CISA said. “We assume that it will be very difficult and challenging for the organizations involved to get the perpetrators out of their systems.”
Besides the scale of the action, Donald Trump’s reaction is astonishing, or better: no reaction. Because the current president hasn’t said a word about the incident. Some American politicians are already wondering if Trump is simply no longer interested in his authorities, which have been expertly dismantled by hackers. Republican senator and former presidential candidate Mitt Romney, for example, asked the White House to respond to the events with aggressive announcements. “This is almost like a Russian bomber flying over the country undetected.”
“Possibly historical event”
It’s also surprising that SolarWinds’ two majority shareholders, investment firms Silver Lake and Thoma Bravo, sold shares worth a total of $ 286 million six days before the hack was known. The reason for the sale is still open.
So far, it is difficult to foresee what technical and security consequences the incident will have. Sven Herpig, Head of International Cybersecurity Policy at the New Responsibility Foundation, says: “While the full extent of the damage is not yet clear, the framework conditions point to a possibly historic event for international cybersecurity policy.” “It will probably take months or years to clean all the systems again, secure them, and analyze the full extent of the damage.”
Unlike Romney, he does not necessarily expect aggressive announcements from politics: “The United States itself has a fundamental interest in not seeing every spy activity in cyberspace as a declaration of war, because it would like to continue its own operations undisturbed.” . The conditions of the political framework and the extraordinary seriousness of the incident, could be that the United States government does not adhere to normality.
When the supply chain distributes malware
What will the world learn from this? SolarWinds is part of an IT supply chain that large organizations and enterprises depend on, a Managed Service Provider (MSP), that is, a service provider for a customer’s IT. As an attack vector, the Texas company is extremely interesting to spies, but also to criminal hackers.
Calvin Gan, security researcher at F-Secure, says: “Months ago there were warnings that hackers were targeting MSPs. They must be seen as part of the organization that uses them and receive the same security controls as internal systems. “
A spokesperson for ITZBund, the IT service provider of the German federal administration, also sees it this way: “To protect yourself effectively against such attacks, you basically have to check all components of the entire supply chain for your IT security and possible attack options. This is sometimes very labor intensive because you basically have to disassemble every update and every delivery from the manufacturer to the installation. Small and medium-sized authorities or companies in particular could alternatively be satisfied, for example, with safety statements from suppliers. It’s about the relationship between effort and profit.
Or the relationship between effort and potential harm.
[ad_2]
