Throughout 2020, we’ve heard the news about cyber-incidents.
They have been creating all sorts of havoc: Gift card schemes, ransomware emails, COVID-themed fraud (lookout for fake vaccine emails, that’s the next thing), scam calls pretending to be from “Microsoft,” fraudulent texts, bogus Facebook and Twitter accounts.
In the threat landscape, that’s the new normal.
We learned about these incidents in the small business space, with Fortune 1000 companies and state governments, especially during recent election years.
One space we do not hear about is the top echelons of our national defense agencies. That all changed this week (it is 2020, after all) by way of an attack against tech company SolarWinds, which brought a breach to the front door of the Army, Navy, Pentagon and many other critical components of the United States security. In simple terms the biggest hack of the year.
According to CNN, Theresa Payton, former White House Chief Information Officer for President George W. Bush, said: “I woke up in the middle of the night last night just sick to my stomach. “On a scale of 1 to 10, I’m at a 9 — and it’s not because of what I know; it’s because of what we still don’t know.”
Who is SolarWinds? They are a $6 billion a year company from Austin, Texas. They make tools, not just for the government, but also a full line of products that you and I use in businesses here in Florida. Including backup and spam filtering technologies.
Yesterday, I reached out to get some clarification on the impacted tools; they shared the following statement from their President, John Pagliuca:
“We have just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 through 2020.2.1.
“We have been advised this attack was likely conducted by an outside nation-state and intended to be a narrow, extremely targeted, and manually executed incident, as opposed to a broad, systemwide attack.
“At this time, we are not aware of an impact to our SolarWinds MSP products, including RMM and N-central.”
The SolarWinds team also shared with me their latest statement posted Wednesday evening.
What is Orion? (Not to be confused with the Metallica song by the same name.)
It is a tool made by SolarWinds, and these entities use them to monitor network outages. Various reports coming out made it appears the breach affected up to 18,000 clients. Unlike the rookie attacks mentioned earlier, this is seemingly a highly skilled and targeted attack backed by the usual suspects — the Russians.
What happened? Hackers disguised the breach as a legitimate Orion software update. Once an update runs, it embeds the software.
Experts estimate the threat was in place for up to six months. It’s called a supply chain attack — hackers were not going straight after the FBI, Department of Veterans Affairs, etc.
They went after someone working with those organizations.
Our various friends in IT (like me) taught users to run updates, making this particular threat even more disturbing. Again, this is not something some hacker cooked up in their basement or some tool kit picked up on the dark web. This is an extremely high-level attack and the resources required to pull it off indeed point to a nation-state.
Not surprisingly, the Russians deny any involvement.
SolarWinds has done their part and removed the update, and the United States told all users of Orion software to stop using it. This is what has to happen, but the damage is already done.
For six months, “someone” has been collecting data, reading emails and files at the highest level; we as a nation will feel this for years to come.
Also, Payton (former White House CIO) was on target with her earlier statement as I am sure they will uncover more compromises as the investigation (and clean up) continues.
It is a massive win for the bad guys and a wake-up call for anyone unaware of the cyberwar our nation has been fighting for years.
I would love to say we are winning this war, but that might sound very much like Charlie Sheen when booted from the highest-paid network TV gig of all time.
The bottom line is this: We might not be losing the fight, but we are certainly not winning either. To be fair, we stop thousands of hacks each day in the U.S., but this was a big miss.
Will we see more dominoes fall on this breach in Florida? Only time will tell.
Blake Dowling is CEO of Aegis Business Busines Technologies. He can be reached at [email protected].