The SolarWinds Hack — What Are its Implications for Global Cyber Security?

What is this world if so full of malware… for we have no time to sit back and stare.

World governments and corporations have had their fair share of run-ins with cyberattacks. However, the latest one is a no joke, considering it has shaken the global leader in software manufacturing to its core.

Microsoft’s systems were exposed to a Russia-linked malware that targeted US states and Government agencies. Even though its malicious effects haven’t so far been revealed to aggravate greatly, the statement put out by the company illustrates visible agony and appeal to develop an effective global strategy ASAP!

Let’s break down this development for you.

The Hacker and the Hacked

According to a Reuters report, a concerted Russian cyberattack campaign against US Government agencies was funnelled by using a firm called SolarWinds Corp.

SolarWinds is a software developer that does a great deal of businesses with large corporations and government agencies by managing their networks, systems and IT infrastructure. It owns a proprietary monitoring platform called Orion.

Between March and June 2020, hackers of Russian affiliation are believed to have injected malicious codes into the Orion software by embedding them onto the latter’s otherwise legitimate software updates.

These codes, thereafter, made their way into the systems of roughly 18,000 SolarWinds’ customers. 40 out of them turned out to be Microsoft’s customers as well. Most of the other victims have been accounted for as government agencies (US Departments of Defense, State, Treasury, Homeland Security and Commerce) and the only other private entities (besides Microsoft) are FireEye and Cisco.

The Technicalities in Question

The hackers managed to access the system which SolarWinds employed to organise the Orion software updates. They dumped their codes into it by packaging it inside the updates matrix. This is called a supply-chain attack, which infects softwares while they are being assembled.

Supply-chain attacks aren’t uncommon, for they target the comparatively less secure elements in the supply chain. In 2008, untraceable devices were found inserted into China-made credit-card readers in Europe which hacked account data. In 2013, the POS systems in over 1,800 Target stores were breached by the introduction of malware through theft of third-party credentials.

FYI: The Target Breach made hackers privy to over 70 million-large customer information, ultimately forcing the CEO to resign and incurring losses over $200m by the company.

Does This Mean Microsoft’s Security Apparatus is Redundant

Hopefully not. But to be fair, it’s complicated.

In an urge to cut back on operational costs, companies partner with third-party entities like manufacturers, suppliers, shippers, handlers and buyers all over the world. Even though the target company’s security system is impervious, the other links in the chain may not be sophisticated enough to adopt security measures at par. So if a hacker breaks through the protocol of even one, he gains access to a whole gamut of data.

Your security is, therefore, as strong as your weakest link.

This is actually a big tactical manoeuvre for hackers to pull off. Instead of having to trick individual targets into downloading malicious software with a phishing campaign etc., they gain targeted access into the most sensitive frameworks like government agencies by having them install one or a few software reruns.

It Goes Deeper

As early as in October 2019, the hackers have been reported to conduct test runs by emptying classes and inserting binary codes into the Orion software. It is because of this early incorporation that they went undetected before being embedded in the system and digitally signed.

SolarWinds has now opted for preventive action by masking the list of its high-profile clients from the public domain. The list includes at least 435 from among the Fortune 500 companies (AT&T, McDonald’s, Procter & Gamble, to name a few).

As far as red flags go, The Washington Post raised another by reporting that Silver Lake and Thoma Bravo (combined 70% owners of SolarWinds’ shares), dumped their shares worth $158m and $128m respectively on December 7th, six days prior to when the breach became public. Actions like that are tantamount to insider trading and could possibly open them up to investigation.

What Do We Know of Russian Involvement So Far?

The Russian intelligence service known as APT29 (‘cozy bear’) has been behind this global espionage campaign for some time. They have been transgressing into high-profile client systems for months and collecting information from their environments.

As far the latest episode is concerned, Russia denies any involvement.

However, sources from top US government echelons have implicated a Russian Intelligence Agency at the centre of this assault campaign. In fact, SolarWinds, cybersecurity firms as well as US Government statements have set their guns ablaze on “nation-state actors’’ who they believe to have perpetrated this attack, hinting aplenty in Russia’s direction.

Remedial Considerations

Although, the companies have begun quarantining the affected versions of the Orion software, no tangible information on the scale and degree of damage caused is out yet.

Microsoft President Brad Smith left no stone unturned in entreating for greater regulatory intervention in the battle against cyber assaults of this manner. Words like ‘not espionage as usual’, ‘even in the digital age’ and ‘an act of recklessness’ do not go remiss in highlighting Big Tech’s urgent appeal towards the authorities and each other to combat cybercrime together.

Perhaps, this proposed coalition will generate communal stake, interest and effort in the war against hacking.

Given the scale and frequency of cyber attacks we face these days, perhaps the best way to defend the world against them is to adopt the same binary strategy as the hackers do… one zero at a time!

(Originally published December 19th 2020 in transfin.in)