Recently, multiple US government agencies and thousands of individual federal and private companies have been hit by a large-scale cyberattack, resulting in one of the most serious data breaches in recent history. While sources allege that Russian state hackers were behind the attack, government officials are still wrapping their heads around the scope of the data breach as details continue to come forth daily.
On December 13th 2020, the Cybersecurity & Infrastructure Security Agency (CISA) issued a statement revealing that tech company SolarWinds had been compromised in a data breach. SolarWinds’ security monitoring program, Orion, had been targeted in a cyberattack, resulting in numerous government and technology organizations being put at risk for potential data breaches.
Orion, though not a household name, is a program commonly used by federal agencies and technology companies. In the days following the initial statement on December 13th, multiple federal agencies have since announced that they too had been affected by the data breach, with departments such as the Departments of Homeland Security, Agriculture and Commerce, and the Treasury Department being among the list of victims.
How Was the System Breached?
As early as October 2019, the attackers had been testing the security of SolarWinds Orion by adding benign code and monitoring how the system reacted. Once they were confident with the results, it is believed that malicious code was snuck into the Orion’s updates, uploading malware to the customers’ system with every new update. By doing so, the attackers effectively exposed a backdoor to nearly 4000 lines of code, allowing them to operate freely within SolarWind’s networks.
The malware, now known as SUNBURST, is a malicious code that was added to Orion’s DLL code back in March 2020. As each update went through on Orion’s software, the malware continued to run parallel to the initial DLL, remaining undetected by SolarWind’s security system and giving the attackers a clear route to exploit Orion’s customer data.
In response to the attack, SolarWinds has since removed the affected Orion downloads from its websites and urges customers to uninstall the software from their systems as well. The company has released several patches to protect against the SUNBURST code and has reported that none of their other software appears to be similarly compromised.
Who Has Been Affected?
While it’s difficult to map the exact extent of who has been affected, SolarWinds has revealed that roughly 18,000 of its 300,000 customers have likely been affected by the attack, though other federal agencies are still unclear regarding how widespread the data breach is. According to reports, at least six US government departments, including energy, commerce, treasury and state have been breached, as well as numerous non-governmental organizations, namely those related to security and technology.
In a report from Microsoft, it appears as though many of the organizations affected are located in the US, though victims have also been identified in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
As information continues to stream forward, researchers estimate that more organizations will release statements indicating that they too were affected by the data breach, though only time will tell the true extent of the attack.
What Does this Mean for You
The recent attack has undeniably caused major panic across the federal level, with the majority of compromised data coming from federal agencies as well as an assortment of tech and security organizations. However, while the extent of data stolen has not been fully reported yet, it’s speculated that the hackers have only targeted a narrow number of organizations, namely those involved in confidential national security and defense information.
As officials continue to unravel the depth of the cyberattack, there is currently no indication that significant theft of customer or citizen data has been the aim of the attack. Unless given the ample resources and manpower necessary to review the large swaths of data at their disposal, it’s likely that the hackers have mostly been targeting government data rather than the personal information of Orion’s customers.
However, if you or an organization you’re affiliated with, use SolarWinds Orion, SolarWinds has released a guide in which you can determine whether or not you’ve been affected by the attack and the necessary steps you can take.
For more information, you can visit SolarWinds’ security page here.
Could This Happen to You?
The attack that took place is what’s known as a supply-chain attack, in which hackers target vulnerabilities in a 3rd-party program that is trusted as part of the chain of suppliers that makes up a system. It’s technically just as possible to attack an end-user supply-chain as it is a government or business one. However, hackers more frequently attack home users by exploiting known system vulnerabilities because it’s easier.
Quite frequently, researchers will run into security vulnerabilities while troubleshooting a program or application. Once noticed, the vulnerability is typically patched in an update and the program will continue to run securely. However, if a hacker were to notice the vulnerability first, they can implement malicious code to exploit the vulnerability, effectively uploading their own code to the exploited program.
As an example, Microsoft releases updates to their software every Tuesday in an effort to fix any underlying vulnerabilities and defend against exploitation. However, dated systems, such as Windows 7 and Internet Explorer, are no longer supported by Microsoft and have since stopped being updated. This means that any underlying vulnerability will no longer be updated by Microsoft, effectively leaving that system open to malware.
Other methods, such as phishing scams, malware, and even ransomware, can all affect your computer in the same way. If a hacker is able to upload malicious software onto your computer, you’re at risk of having your data stolen. Similarly, if an organization is targeted by a cyberattack, they risk losing confidential customer and client information, which can be anything from personal data to valuable financial information.
With that being said, there are numerous steps you can take to ensure your system is as secure as it can be.
Note: if you’re concerned that your information has been compromised, we always recommend checking out Have I Been Pwned, a free resource for anyone to assess if they may have been put at risk due to an online account of theirs having been compromised due to a data breach.
What You Can Do to Protect Yourself
If you’re worried about your cybersecurity, there are a number of ways you can maximize your protection.
- Update your passwords often, and keep them complex– If you’re worried about a data breach of any kind, the first thing you should is update your passwords. Regularly updating your passwords ensures that hackers can’t access your account even if your information was compromised in a data breach.
- Update your applications as often as you can – Updates exist for a reason, and they’re mostly used to patch up security vulnerabilities and fix the bugs and errors that sometimes pop up. To make sure your system isn’t vulnerable, make sure you stay up to date with your updates.
- Beware of phishing scams – Phishing scams are another way in which individuals can get a hold of your data. Typically done through email and malicious downloads, phishing scams aim to trick victims into downloading malware or providing their information to fraudulent sites.
You can check out our guide here to brush up on your scam knowledge!
- Turn on your antivirus – Use an antivirus program like McAfee Total Protection to ensure your system is protected by the latest threats and malware!