EXECUTIVE SUMMARY:

The SolarWinds supply chain attack leveraged sophisticated mechanisms to engender unprecedented damage. In re-writing 4,032 lines of code, hackers managed to infiltrate the 18,000 organizations, including those at the highest levels of US government and a large number of Fortune 500 firms.

Microsoft estimates that as many as a thousand engineers may have collaborated in developing the attack. “I think from a software engineering perspective, it’s probably safe to say that this is the largest and most sophisticated attack the world has ever seen”, says Microsoft’s Corporate President, Brad Smith.

When asked if the attacks are ongoing, Smith replied, “Almost certainly, these attacks are continuing”.

CISOs on SolarWinds

Following the SolarWinds breach, organizations plan to increase cyber security spending by an average of 20%. Global cyber security spending totaled $43.1 billion in 2020, and is expected to hit $51.7 billion in 2021. A once under-funded aspect of business operations, stakeholders now recognize the importance of strong cyber security infrastructure.

“The impact of the breach is profound. It really turned on its head a lot of conventions about cyber security…I don’t think the threat has been exaggerated in the media,” one CISO states.

CISOs are conceptualizing their roadmaps, but there’s isn’t a single right answer in securing against supply chain attacks. Some CISOs are kicking their zero trust, IAM and PAM programs into higher gear. Two factor authentication is a new norm. Analytics, micro segmentation and cloud security are all receiving renewed attention too.  “We’re now in a situation where we have to monitor the monitors,” says another CISO.

The SolarWinds attack damage

The US Cybersecurity and Infrastructure Agency (CISA) recommends that affected devices be rebuilt from trusted sources and that usernames and passwords for platforms are reset. Affected networks may require complete replacements. Additional mitigation strategies and tactics are defined on CISA’s website.

Members of the United States Senate on SolarWinds

Experts remain deeply concerned about the attackers’ potential theft of information from the US Justice Department, The US Treasury Department, the National Institute of Health and the agency that safeguards and transports nuclear weapons.

Early last week, these concerns motivated the US Senate’s Intelligence Committee to request for the intelligence community to orchestrate a more coordinated federal-level response to the SolarWinds attacks. In the written communication, senators noted the “disjointed and disorganized” US response to the SolarWinds events. “The threat our country still faces from this incident needs clear leadership…”, expressed the law makers.

“I don’t think anyone knows for certain how all of this information will be used. But we do know this: It is in the wrong hands,” says Brad Smith.

Attack entry point insights, SolarWinds

According to Silicon Angle, experts suspect that the cyber adversaries executed a phishing attack that resulted in access into the GitHub repository. Once there, hackers are thought to have stolen usernames and password access to enable them to access SolarWinds’ supply chain.

However, much about the SolarWinds attack remains unknown. The entire series of events is still under investigation. More information is expected to be released as investigators learn more.

Is software unsafe?

We assume that our new phone or laptop purchases come with software and hardware that is secure. However, the SolarWinds breach demonstrates that we may be headed into a future where we can no longer automatically trust our software.  For more on software supply chain security, click here.

RELATED ARTICLESMORE FROM AUTHOR