A Real Life Cyber Nightmare - The Solarwinds Attack

In the Spring of 2021, Solarwinds, a network monitoring software was found to be the source of one of the biggest cyber security breaches in history (Temple-Raston, 2021). Hackers believed to be backed by the Russian Intelligence service took full advantage of the software update release cycle to hide a snippet of code inside of the “factory sealed,” released code. From here the simple piece of code was delivered to companies such as Microsoft, Intel, Cisco, and multiple federal agencies such as the Treasury, the Justice and Energy departments, and even the Pentagon.

This tiny piece of code at first simply captured the IP address and a thumbnail profile of the potential target and created a backdoor within the system. For this attack to work the target must be attached to the internet. It did not work on targets that were stand alone, or with no internet connection. Once installed, the backdoor would wait up to two weeks before it would actually become active in the infected host (Temple-Raston, 2021). According to Christopher Krebs, who’s in charge of the office responsible for protecting government networks, said that 90 to 95% of cyber stacks are based off of previously known techniques but this attack was so successful because it was a new type of attack.

The extent of the damage from this attack is still somewhat unknown. The hackers had open access to American computer networks for 9 months before being detected and halted (Temple-Raston, 2021). It has not been determined if the hackers were simply reading emails during that time, or if they were planning something more sinister for use in the future. It is also estimated that approximately 100 companies and around a dozen government agencies were compromised during this time, including CISA, the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security whose job it is to protect federal computer networks from cyber-attacks (Temple-Raston, 2021).

The code took advantage of the normal software development process to inject a tainted temporary update file into the Solarwinds software update while the known good code was compiling. It was during the software compiling phase when the malicious code told the machine to swap the Solarwinds temporary file with theirs. The hackers used a bait-and-switch method to make this a successful hack. Understanding that companies like Solarwinds audit their code before building a software update to make sure everything is genuine, the hackers waited until the last possible second when the code went from human readable source code to computer readable executable code (Temple-Raston, 2021). There are many counter measures that will be put into place after this case has been thoroughly studied and further understood. Anne Neuberger, the Deputy national security advisor for cyber and emerging technology in charge of the Solarwinds attack is already working on an order that implements many new measures such as: requiring companies that do business with the U.S. to adhere to certain software standards, requiring data encryption across their system, and even implementing an air-gap to their “build-systems” and build processes to keep them from ever touching the internet.

I don’t believe that there were actual known gaps in the enterprise security plan that were missed in this case. This was a new, unknown, intelligent code that hasn’t been seen before, and because of that, I believe enterprise security plans will be updated to protect against this type of attack in the future. The scariest aspect of this attack is that it is still very much unknown what data might have been stolen, what additional backdoors may have been opened, or what orphaned malicious code might still be lingering on these systems. It is hard for cyber-security experts to believe an attack as beautifully orchestrated like this one would have been deployed with little intent to do further harm. The fear is that in the future, the true extent of this attack will be made clear and the impacts will be felt for a long time.

References

Temple-Raston, D. (2021, April 16). A 'worst nightmare' cyberattack: The untold story of the solarwinds hack. NPR. Retrieved December 16, 2021, from https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack