In a cybersecurity column on ransomware last month, I mentioned Russia, where so many ransomware gangs are (allegedly) located.
Well, Russia is in national headlines again. President Joe Biden is launching economic sanctions, which some say are extremely weak. For example, NBC News writes: “With Alexei Navalny in danger, do Biden’s Russia sanctions mean anything?”
But don’t let the media make up your mind for you, me, or NBC; you can review and make your own conclusion via the U.S. Treasury website (talk about an exciting spot on the web) on actions toward our former cold war adversary, now a cyber-adversary.
These sanctions are in response to the SolarWinds breach that occurred in our nation last year. The amount of time and the level of sophistication in that attack is staggering, and experts are not sure how they even pulled it off, at least in nonclassified briefings.
In my earlier column, we examined the threat of ransomware which, in most cases, takes a once harmless communication tool (email) and turns it into a threat delivery system for hackers.
When done well, these threats look to be from sources you would trust, enticing you to click on an embedded link or attachment.
Once you do, your network is frozen and/or encrypted. Hackers then demand a payment in order to get your information back (encryption keys).
The SolarWinds hack took things much further than that, with a step that we all would consider harmless and made it into a mechanism for stealing data and spying on the U.S. government.
I refer to the simple act of running a software update.
How often have you received a request from Apple, Microsoft, QuickBooks, etc. asking you to click here to run an update?
If you run that “update,” malware was loaded into your network.
Last year, SolarWinds found that out, impacting clients in both the private sector and within our government.
Why are we not hearing more about this?
My guess is because it is on a level so bad, no one wants to talk about it.
In that earlier column on ransomware, I said we citizens are not winning the war against hackers. Well, we as a nation are not winning the cyberwar against other nations either.
What went wrong? How could a SolarWinds update be compromised and then deployed?
The complexity required (and other evidence) is why the U.S. and the U.K. are pointing fingers right at the Russian Foreign Intelligence Service (SVR) and not just some hacker on the outskirts of Tobolsk (which looks very nice for being in Siberia).
With a new President in office, each side is pushing to see the capabilities of the other.
Will we stop with the sanctions? We were about to send two warships into the Black Sea, but we turned them around.
What will the other side do? How bad was the breach? The situation can be summed up as grim and needing a laser focus.
The U.S. government needs to be thinking about hackers and devoting more money to the fight. The only reason we learned about this situation is that cybersecurity company FireEye came forward saying they were breached. None of our own internal alerting mechanisms alerted us to the situation.
Think about that for a minute. You can go back to read about that here.
All of us who came of age during the Cold War know better than to turn our backs on Moscow for too long.
As Captain Andy Tanner said in the movie “Red Dawn” about the fictitious U.S.-Soviet conflict: “Two toughest kids on the block, I guess. Sooner or later, they’re gonna fight”
We can assume the U.S. spends more than any country on earth on defense, so our superiority in aircraft carrier task forces, stealth technologies, nuclear weapons, etc. keeps us ahead of our adversaries.
Now, we are lagging behind in the cyberwar, after a huge “L” in the SolarWinds battle. When it comes to army size (if it ever comes down to that), the top 5 armies in the world have us at about a 5,000,000 to 1,000,000 disadvantage.
I knew China was at the top, but No. 4 was a shock. I bring this up because we aren’t going to be No. 1 in troop size; we have to be No. 1 in cyber-tech, as well as other strategic advantages.
Normally, I would close a cybersecurity column with advice on changing passwords, stop clicking, and install amazing tools like two-factor authentications to protect yourself from cyber threats.
But with SolarWinds, there was nothing you (or I) could have done that would have stopped it. This was an attack planted deep in the code of a major U.S. technology company, and that should be a wake-up call for everyone (if it isn’t already).
Blake Dowling is CEO of Aegis Business Technologies and can be reached at [email protected].