Reports of widespread cyberattacks on several U.S. government agency websites have sent shockwaves throughout the country and the world, raising concerns about the ability of any institution to protect its vital and confidential data.
The thinking goes that if the U.S. Treasury and Commerce departments are unable to protect their digital databases, lesser organizations would be seemingly hard-pressed to prevent similar security breaches.
“This is a big deal, and given what we now know about where breaches happened, I’m expecting the scope to grow as more logs are reviewed,” said John Scott-Railton, a senior researcher at Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy, in response to the Washington Post’s report that Russian government hackers were behind a broad espionage campaign. “When an aggressive group like this gets an ‘open sesame’ to many desirable systems, they are going to use it widely.”
The FBI is currently investigating the attacks, and the federal Cybersecurity and Infrastructure Security Agency (CISA) issued a warning Sunday about an “active exploitation” that involved SolarWinds’ Orion Platform software. That software was released earlier this year, between March and June.
The Russian embassy in Washington has denied any involvement in the attacks and called the allegations “unfounded.”
SolarWinds Clients
SolarWinds’ customer list on its website reads like a Who’s Who of American government, industry and academia. It includes all five branches of the U.S. military, along with the U.S. Justice Department, National Security Agency and the White House.
SolarWinds also works with 85 percent of Fortune 500 companies, all 10 of the largest telecom companies, the top five accounting firms and hundreds of colleges and universities worldwide.
In a press statement, SolarWinds acknowledged that it’s aware of the attacks and has instructed clients to upgrade their security software to the latest version as soon as possible.
“We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted and manually-executed attack, as opposed to a broad, system-wide attack,” SolarWinds’ statement said.
Two Major Attacks In One Week
The latest attack follows a similar and possibly related assault on another cybersecurity firm less than a week ago, California-based FireEye.
In response to the latest incident, FireEye released an updated advisory that warned users of a “highly evasive attack” that’s part of a “global intrusion campaign” targeting supply-chain business software.
“The attacker’s post-compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection,” FireEye said, adding that the campaign was widespread and “affecting public and private organizations around the world.”
While the latest attacks have been notable for their sophistication and high-profile targets, they are far from isolated incidents. They also come at a time of increased digital traffic brought on by the coronavirus, as well as a commensurate rise in fraud and other digital schemes to steal valuable data or money.
Security experts have advised individuals to be extra vigilant during the busy holiday shopping season, and also warned corporate users working remotely to be aware of a rise in business email compromise (BEC) scams that target players in the COVID-19 vaccine supply chain.
The U.S. Chamber of Commerce has been an active advocate on the subject, from its calls for increased cybersecurity coordination within the recent U.S. defense spending bill to a roundtable meeting of members earlier this month on how best to defend business from cyberthreats.
“Cyberattacks on business have dramatically increased this year, and small businesses are often prime targets for dangerous hackers,” the chamber said in releasing a “blueprint” for defending businesses. The group advised businesses of all sizes on ways to defend themselves against phishing schemes, malware attacks and other intrusions.