The hack of the U.S. Treasury and Commerce Departments, first reported Sunday to involve Russian state-sponsored hackers, today was officially attributed to the compromise of software from SolarWinds Worldwide LLC.
As previously reported by SiliconANGLE, SolarWinds software is used by large parts of the U.S. government including the U.S. military, the Pentagon, the State Department, the Justice Department, the National Aeronautics and Space Administration, the Executive Office of the President and the National Security Agency.
SolarWinds provided more details on the hack, saying that up to 18,000 of its customers downloaded a “compromised software update” that allowed hackers to spy unnoticed on businesses and agencies for nine months. Previously, SolarWinds said that its monitoring products released in March and June may have been tampered with — as long as nine months ago.
Although large parts of the U.S. government getting hacked is bad, SolarWinds has complied with the California Consumer Privacy Act, releasing a formal advisory stating that its “systems experienced a highly sophisticated, manual supply chain attack.”
Mark Carrigan, chief operating officer at PAS Global LLC, told SiliconANGLE that given the massive global scale of installations, the stakes are high with the SolarWinds hack. “Many of these installations are across highly sensitive industrial operations where network visibility is traditionally weaker,” he said. “In fact, just today the ESCC, whose members include some of the largest U.S. power utility companies, gathered to discuss the emerging threat and how to respond.”
He added that organizations across every industry must react by first identifying where SolarWinds software is installed across their environments. “From there, they must further hone in on their inventory by determining the versions that are running to evaluate the vulnerability risk that may or may not be present,” he said. “Without doing so, these risks get scaled in tandem with the vulnerabilities, and from the industrial perspective, this jeopardizes critical functions that impact everyday life.”
Brandon Hoffman, chief information security officer at cybersecurity firm Netenrich Inc., noted that a link to the FireEye hack early this month might be a coincidence but nothing more.
“It’s natural to think that just after the FireEye breach, adversaries turned their tools to use and perpetrated this breach of the Commerce Department,” Hoffman said. “However, careful examination of this seems to lead us to the conclusion that this has been going on much longer. The type of attack described to date involves several low and slow techniques. The very term advanced persistent threat was coined to describe an attack just like this.”
The key takeaway, while the damage is being examined, is to determine if the organization is at risk, Hoffman added. “For any customer of SolarWinds Orion, it is worth digging as deep as possible to understand the implications,” he said.
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.