Brad Smith calls it a cybsersecurity moment of reckoning, but really what the Sunburst supply-chain hack of SolarWinds Clients is, is a declaration of war in cybersecurity by Russia.
While FireEye must be praised for the transparency of the original blog, the hackers have had access to U.S. infrastructure for between 6 to 9 months in the worst cybersecurity supply-chain attack in internet history.
I wrote about this on LinkedIn, but it got barely any traffic since the hack impacts Microsoft (which led us to write this article), the owners of LinkedIn. Such is the new world we live in, where data breaches can be so sophisticated the U.S. is falling behind Russia in cybersecurity.
An Inside Job of Full Back Door Penetration
SolarWinds has over 17,000 enterprise clients impacted by Sunburst, including the Pentagon. Microsoft Azure’s clients that intersect are also vulnerable. So far we think the culprits are a Russian hacking group (Cozy Bear or APT29) that used a compromised vendor platform to exploit networks across the U.S. Government and possibly the private sector. They have backdoors now to all of these infrastructures. A patch is unlikely to suffice.
The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged. The extent of the breach is only slowly being uncovered now but includes some of the most sensitive Government data and American IP possible.
Like with the cyberattack of SolarWinds, hackers infiltrated Microsoft products and then went after others. Russia just basically made the U.S. vulnerable when it’s already most vulnerable in health, economy and civil unrest.
The scope of the attack is brutal because it’s likely been since March that Russia has had complete access.
- As many as 18,000 Orion customers downloaded the updates that contained a back door.
- Attackers might have installed additional ways of maintaining access in what some have called the biggest hack in a decade.
- This latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms. In many ways it’s a declaration of war in cyberspace.
Private Sector Infrastructure Vulnerability
Microsoft’s President Brad Smith said at least 40 of Microsoft’s customers (think Azure) were also hit by the breach because they had the SolarWinds software targeted by suspected Russian hackers. At least 80% of customers were in the U.S., but the rest were in Canada, Mexico, Belgium, Spain, the U.K., Israel and the United Arab Emirates. He said he expects the number of victims to grow.
FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware they call SUNBURST.
Since it was a back door supply chain attack there is no trace and no real way of knowing how far infrastructures have been compromised. It’s a troubling look for Microsoft, which has been beefing up its own security offerings, including in its Office 365 productivity software suite.
FireEye, Microsoft, Cisco and Government agencies are just the beginning of who we know were compromised. The sheer scale of the cyber attack remains unknown, although the US Treasury, Department of Homeland Security, Department of Commerce and parts of the Pentagon are all believed to have been impacted.
- Russia’s hack of IT management company SolarWinds began as far back as March, with likely 6-9 months of sensitive data and IP theft occurring. That’s plenty of time to install more back doors.
- The FBI, CISA, and ODNI have formed a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to this significant cyber incident. However the U.S. has literally been hacked at a scale never seen before on Trump’s watch.
- A cascading number of victims have been identified, including the US Departments of State, Homeland Security, Commerce and the Treasury, as well as the National Institutes of Health.
Sunburst is Like a “Huawei Moment”
Think about it, CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal and territorial governments, as well as critical infrastructure entities and other private sector organizations. The amount of IP theft in the private sector could also be considerable. They had a private key to everything in these infrastructures.
The attack is on-going because there’s no way to resolve the attack. The SolarWinds hack is a devastating breach of U.S. networks and the President downplaying it means he may be complicit with Russia. It’s very suspicious how Covid-19 and this cybersecurity breach have been downplayed by the White House.
This is more than just an act of espionage, this was a massive infiltration of U.S. Government and private infrastructure. The U.S. Nuclear Weapons agency was completely compromised.
The U.S. has no way of knowing if classified information was accessed. All the emails of these departments is a gold mine for state enemies of the U.S. Over the past several years, the U.S. has invested billions of dollars in Einstein, a system designed to detect digital intrusions.
But because the SolarWinds hack was what’s known as a “supply chain” attack, in which Russia compromised a trusted tool rather than using known malware to break in, Einstein failed spectacularly. This isn’t just the hack of the decade, it shows how the U.S. is vulnerable to being disrupted in cybersecurity, innovation and militarization of data.
The sophistication of this attack by Russia has breached critical infrastructure. SolarWinds stock has plummeted since the headlines were released and this breach is on-going.
It could take years or we may never know how serious this breach has become. Orion’s software is widely used across the public and private sectors. This just adds to Trump’s legacy of how America has been compromised during his term. Civil war? How about the threat of nuclear war? The data breach means some of the most critical networks of America are now effectively completely compromised.
What’s the Big Picture?
The attack infected the world from U.S. IP addresses, that is, an inside attack on SolarWinds’ Orion product. The U.S.’s information security vulnerability has never been so incapable and as vulnerable. Russia in the cybersecurity realm and China in the economic realm could sneak attack and gang up on the U.S., where the dollar is likely to plummet in 2021.
This breach has to be seen in a context of a new world order, where the U.S. is on the border of entering a dark age. Donald Trump has remained completely silent about the Sunburst breach.
In Trump’s term America is losing the war in innovation and technology vs. China, and America has lost the war with Russia in terms of this cybersecurity breach of unprecedented scope and scale. Will we see America lose the battle in 2021 in the economy?
It’s entirely possible this cybersecurity event could sabotage the cold-chain logistics of the vaccine as well and a falling U.S. dollar is highly probable in the coming year.
Coupled with a more contagious strain of Covid-19, it’s not looking good. With Moderna’s Vaccine efficacy in question and Pfizer’s supply chain issues, the light at the other end of the tunnel is looking mighty dim.
Sunburst is a sign of America’s great decline in technology vs. its nation state rivals at a time in history when civil unrest and public health have never been more frantic. Meanwhile, the U.S. continues to fall further behind China in innovation each year as we go further into the 2020s.