I’m pretty confused as to why there is so little written in the mainstream news on the scale and implications of this latest, and by far the largest, one of many attacks on our network infrastructure, and by a state actor.
Maybe it’s just not being explained broadly and simply enough, so I’ll have my go at it.
And if anyone can pass this on to the leader of the country to the south of me, the USA that would be great.
Lets start with what Solarwinds does, taken from their description metatags from Google:
“SolarWinds IT monitoring and management tools are built for SysAdmins and network engineers who need powerful and affordable tools. Get a free trial today.”
Solarwinds provide a tool ( think software / app) that the vast majority of larger companies, government departments and NGOs in western countries use to monitor and manage whats going on in their networks, and it’s far from affordable so is not used by smaller organizations.
What happened to the SolarWinds application, is often described as a supply chain attack, which it was, but in this case the target was not some part of the supply chain that had minimal access to the rest of the real intended victims. The target was a component which had full access to the victims network infrastructure, due to the actual task Solarwinds was designed to do. Specifically to monitor and manage the network, and would have to be installed with highly privileged access.
This allowed the bad actors to spy on the targets and anything they may be doing on their internal networks, as well as install any other hacking tools that they wanted to.
(At this point, there is no indication that they have done anything so far, beyond installing tools that give them persistent access and stealing data.)
Reports from various sources in the US are saying that all government agencies, at this point apart from the pentagon have been infiltrated or as we in the industry like to call it “Pwned” (owned).
Impact in the UK is being reported as fairly minimal, with no Government agencies disclosing a breach, and only one major unnamed company affected.
As for Canada, very little is being reported, this from the CBC, the state broadcaster does not discuss any potential domestic threat. CTV does cover it some what better, and gives us a taste of whats to come.
While roughly 80 percent of these (Solarwinds) customers are located in the United States, this work so far has also identified victims in seven additional countries,” Microsoft president Brad Smith said in a blog post.
Smith said the victims were also found in Canada, Mexico, Belgium, Spain, Britain, Israel and the United Arab Emirates.
“It’s certain that the number and location of victims will keep growing,” Smith said, echoing concerns voiced this week by US officials on the grave threat from the attack.
“This is not ‘espionage as usual,’ even in the digital age,”
Lawfare, a fairly left leaning news source does cover “The Strategic Implications of SolarWinds” from a US perspective very well, expressing the gravity of the attack and of future implications.
The best source of evidence of the attack and required mitigation methods are coming from CISA (Cybersecurity and Infrastructure Security Agency), who have quite clearly stated how serious this attack is.
CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.
Despite the claims by President Trump, there is no evidence this attack originated in China, I don’t doubt for a second they would have if they could, but all cyber security experts are pointing their fingers at Russia this time. China has plenty to answer for already, specifically this most recently “No ‘Negative’ News: How China Censored the Coronavirus” if you don’t have access to the NYT paywall you can read a summary here.
In terms of the impact of the SolarWinds attack, I deal with a product that would be considered supply chain. the Firewall product we provide, inspects all traffic to many hundreds of thousands of websites. If a bad actor got into our systems that had access to that traffic, the impact would be significant, they would see credit card details, private health data, social insurance numbers, as well as a large number of government departments using our system. So I can envisage the impact, and I know in this case Solarwinds client list includes higher and more sensitive targets.
The impact will linger for years, clients are pulling an essential tool from their networks while they survey the damage, ironically unable to use a tool they would have previously relied on to assist exactly with such forensics (monitoring). The actual theft of all this data, well we just don’t know, but as is repeated in many of the articles I have shared, adding additional cost to doing business itself is part of the reason for this attack. Much research was stolen which will affect commercial competitiveness.
As for the scale, I do agree this is the largest and most significant cyber attack to date, I am not keen on the comparison of Pearl Harbour, a kinetic attack which saw a large number of deaths.
I’d agree though, it’s just as sneaky, and should be considered as an act of war, but really this war has been ongoing for at least a decade, and I have no idea if we in the West have carried out any similar actions. Maybe our adversaries are also covering up significant attacks on them, even more so than I feel this is being covered up on “our” side.
Personally I see the novel 1984 as a warning not an instruction manual:
“Ignorance is strength”
1984 – George Orwell 1948