The latest cyberattack against the US is, according to Secretary of State Mike Pompeo, “…pretty clearly…” the work of Russia. The attack, dubbed ‘Sunburst’, began with a backdoor vulnerability planted into management software provided by IT company SolarWinds. As many as 18,000 organisations may have had the malicious code inserted into their networks and at least 50 have suffered major breaches, including the US Treasury and departments of Homeland Security, energy, and defence.
It appears that the hack has only been used to conduct espionage and explore inside top security systems, as opposed to being used to damage the networks infiltrated. So far it has not been possible to assess what classified information has been exposed, but it could potentially include nuclear secrets, Covid-19 vaccine data, and even details of next-generation weapon systems.
Although news of the attack has only emerged this week, it is believed it began in March and that a ‘dry run’ was carried out in October to determine if a larger-scale attack would work. All US federal agencies have now been instructed to remove SolarWinds programmes and files from their servers. Global giant Microsoft said that at least 40 of its customers had been targeted, including think tanks, NGOs and IT companies. UK agencies are also likely to be among the victims.
How did it go unnoticed?
It appears the intruders took their time and scrupulously erased all traces of their presence. Consequently, there is almost no way to discover what was accessed.
Despite decades of experience and massive investment in cybersecurity this attack is a sobering reminder that no system is impenetrable. The fact it took nine months to detect is causing a great deal of alarm. One thing increasingly apparent is that cyber attackers seem to have the upper hand in identifying vulnerabilities before defenders do. The backdoor appears to have been inserted into a routine update patch to SolarWinds’ Orion platform which monitors other IT systems – an ideal vector for an intruder.
How to protect your network
Most of us are unlikely to be the target of a cyberwarfare agency, but once a vulnerability exists there can be collateral damage – such as cybercriminals exploiting similar vulnerabilities. Here are 8 suggestions to improve your security.
- Firewalls are the first line of defence, forming a barrier between your internal traffic and the public Internet. A firewall can be software, hardware or both but it is worth reviewing the capabilities of the one you use.
- Access control means only authorising individuals to use the minimum number of files and applications they have to. Not using access control is like leaving all your doors and windows open.
- Anti-malware software protects against a wide range of problems including worms, viruses, Trojans, spyware and ransomware. The best packages can also flag suspicious activity.
- Data loss prevention technologies ensure that sensitive data is not sent outside the approved network. Backups and encryption also play a crucial part in preventing data loss.
- Application security monitors the software your organisation uses rather than the data. As in the latest attack, software vulnerabilities can be used by hackers to infiltrate your network.
- Email security is essential because attacks often begin with a fraudulent email or one with a malicious link embedded. Email security software protects your whole network by blocking suspicious emails before they even reach an inbox.
- Mobile device security is often neglected so mobiles provide easy targets for cybercriminals. You need to be strict about access from mobile devices and ensure they have up-to-date security.
- Simplify your IT architecture by consolidating Cloud services on a single platform and outsourcing routine operations to security specialists. New AI-powered network monitoring tools could finally shift the advantage in favour of the defender.