‘Be Prepared’: SolarWinds-Style Cyber Attacks Threaten Americans

In December 2020, foreign hackers penetrated major U.S. government agencies, including the Pentagon, the State Department and the Treasury Department, after breaking into SolarWinds, a major Texas-based US information technology firm, and added malicious code into the company’s widely used Orion software.

The attack went undetected for months, during which time approximately 18,000 customers downloaded the compromised software. However, fewer than 100 of these customers were actually hacked, though these victims include several Fortune 500 companies, in addition to the government agencies.

The hackers were believed to be Russian.

As the war in Ukraine intensifies, many experts believe SolarWinds-style attacks will peak in 2022. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a “Shields Up”  advisory, warning of the dangers of state-sponsored attacks against supply chains, and to critical infrastructure in the U.S. and Europe.

America’s business community is also a target, as IT retailers and technology service providers like SolarWinds can again provide cyber saboteurs with a pathway into the IT systems of their downstream customers.

As far as we know, Russian cyberattacks have so far not expanded beyond Ukraine. But complacency would be dangerous.

The same individuals behind state-sponsored attacks can replicate the strategies they employ to conduct criminal hackings for financial gain.

The federal government is reinforcing its defenses. So should the private sector.

The primary methods cyber thieves will use include stealing login credentials through simple – yet effective – tactics like password spraying, phishing, adding malicious code to vendors’ software and creating backdoors that provide access to customers’ systems.

Once inside a company’s network – either through using stolen credentials or via a secret backdoor – the cybercriminals can cause considerable harm. From disrupting company operations to stealing employees’ social security numbers, dates of birth, home addresses and other personal information, attackers can wreak serious havoc across industries (i.e., legal, financial/banking, healthcare, education and energy) and on individuals whose identities have been stolen.

Growing Attack Surfaces Lead to Vulnerability 

A major reason for concern is that companies have so many potential points of entry that bad actors can exploit in a SolarWinds-style attack.

For most organizations, these large “attack surfaces” were already growing when the pandemic expanded cloud usage and employees relied on personal devices. Reducing and hardening these attack surfaces is a top priority in preventing a successful supply chain breach.

Despite these efforts, cybercriminals are fiendishly clever.

If persistent, they will likely be successful in eventually compromising a company’s defenses. In most cases, once cyber criminals have gained access to a network, they can move freely from system to system to accomplish their goals.

They can, for example, copy employees’ personal data from an HR database.

Preventing this requires two key things. First it’s important to identify as soon as possible when one’s network and systems have been breached. Second, safeguards should be deployed to prevent malicious efforts to access data and critical systems.

Detection and Containment Are Vital

Monitoring 24/7 for cyberattacks is the optimal way to quickly determine when a successful breach occurs. However, for many organizations with tight budgets and limited IT staff, this will require help from a managed detection and response (MDR) service provider.

Immediately upon detecting a successful attack, the MDR provider will move to contain it, limiting its impact.

The number of MDR providers is growing rapidly. Many offer complementary security services to assist in reducing and hardening attack surfaces.

Additional services enable companies to choose an MDR provider ideally suited to their requirements. Secure access service edge (SASE) and zero-trust network access (ZTNA) are two such offerings. Both ensure that only validated users can access the data and systems for which they have permission, preventing bad actors from doing so despite having breached the network.

Being Prepared

 In addition to improving a company’s ability to defend against SolarWinds-style attacks, implementing these security services will dramatically bolster its overall defenses against phishing, ransomware and other cyber threats.

However, because breaches are inevitable despite the best defenses, companies should also work with their MDR provider – or other security service partners – to mitigate their impact.

These efforts should include developing incident response plans that provide detailed, step-by-step instructions for immediately and comprehensively addressing successful cyberattacks. Every second counts when an attack occurs and responding quickly can make the difference between containing a breach to a single affected laptop and an expanding malware infection spreading like wildfire.

If history has taught us anything, it’s that cyber-intrusions that meet with success are bound to be repeated.

So being prepared to defend against supply chain breaches still remains a priority after the famous SolarWinds hack’s timeline and will remain a concern after the war in Ukraine ends, and as we finally emerge into a post-pandemic future.

Vijay Viswanathan is the Product Marketing Manager for cybersecurity services at Open Systems. He has over a decade of experience in the technology sector in Europe and the Americas, in organizations ranging from early-stage start-ups to multinational corporations