While the U.S. reels from the massive SolarWinds hack, which compromised government agencies and private tech companies, cybersecurity experts predict that more attacks on high-value targets are likely to occur. 

“There is a high probability that we will continue to see other wide-scale attacks like those targeting Microsoft, SolarWinds, UK, and U.S. government agencies and their customers in the foreseeable future as the size of this breach is massive," said Lior Div, CEO of Cybereason, the technology company behind a popular cybersecurity defense platform. 

The Washington Post reported last week that the Russian hacker group APT29, or Cozy Bear, was behind the attack, though its sources were unnamed. Div said he shares this belief based on the group's history and the resources required to organize a hack of this scale.  

"The amount of resources and time needed to prepare, and the accuracy required by the threat actors, make it very difficult to achieve success," he said. 

The hackers gained access to government agencies, including the U.S. Homeland Security, State, Energy, and Treasury departments, as well as IT companies in the supply chain, including Intel, Deloitte, and Cisco, among others. 

They did this by inserting malicious code into the network monitoring software of a third-party vendor. Texas-based SolarWinds sold the tainted software to at least 24 organizations, according to a Wall Street Journal report.  

Experts agree this is the worst incident since the NotPetya attack in 2017, considered by some the most sweeping cyberattack in history

Div said the hack highlights the vulnerability of IT supply chains to cyberattacks and how they can have far-reaching ripple effects. He also pointed to the presidential transition and the demands of fighting misinformation around COVID as contributing to officials perhaps taking their eyes off the ball.

"Adversaries like Russia and China look for this kind of instability and distraction to exploit for their benefit," he said. "If SolarWinds, a company with a stellar reputation, is hacked, then no hygiene in the world will prevent future attacks if companies don't have a robust, post-breach mindset and around-the-clock threat-hunters on the job.”

While supply chain attacks of this kind have so far been rare, they present a significant opportunity to hackers willing to put in the time because once they're inside a trusted network, they can essentially roam free. 

"The biggest concern here is that the success of this attack may lead to more threat actors looking to repeat the success that the SolarWinds compromise has had thus far," said Kate Kuehn, senior vice president at vArmour, a cybersecurity software company. "If supply chain hacks become more commonplace, the focus on visibility within an environment and app-to-app/user-to-app communications in a real-time, dynamic way, will become critical to prevent additional widespread breaches."

This means more real-time monitoring of behavioral changes by privileged accounts and systems, which played a key role in slipping past security measures up and down the supply chain that SolarWinds was a part of. 

The long-term consequences of this kind of attack is an erosion of trust between partners, particularly those at the borderline of private and public organizations, she added. 

"Software testing and code review will also come under massive scrutiny from a security perspective, more so than has ever been seen in the past," she said. "Companies will have to quickly put measures in place to address both of these issues."

Share:
More In Business
Rare Dom Pérignon champagne from Charles and Diana’s wedding fails to sell during Denmark auction
A rare magnum of Dom Pérignon Vintage 1961 champagne that was specially produced for the 1981 wedding of Prince Charles and Lady Diana has failed to sell during an auction. Danish auction house Bruun Rasmussen handled the bidding Thursday. The auction's house website lists the bottle as not sold. It was expected to fetch up to around $93,000. It is one of 12 bottles made to celebrate the royal wedding. Little was revealed about the seller. The auction house says the bids did not receive the desired minimum price.
New York Times, after Trump post, says it won’t be deterred from writing about his health
The New York Times and President Donald Trump are fighting again. The news outlet said Wednesday it won't be deterred by Trump's “false and inflammatory language” from writing about the 79-year-old president's health. The Times has done a handful of stories on that topic recently, including an opinion column that said Trump is “starting to give President Joe Biden vibes.” In a Truth Social post, Trump said it might be treasonous for outlets like the Times to do “FAKE” reports about his health and "we should do something about it.” The Republican president already has a pending lawsuit against the newspaper for its past reports on his finances.
OpenAI names Slack CEO Dresser as first chief of revenue
OpenAI has appointed Slack CEO Denise Dresser as its first chief of revenue. Dresser will oversee global revenue strategy and help businesses integrate AI into daily operations. OpenAI CEO Sam Altman recently emphasized improving ChatGPT, which now has over 800 million weekly users. Despite its success, OpenAI faces competition from companies like Google and concerns about profitability. The company earns money from premium ChatGPT subscriptions but hasn't ventured into advertising. Altman had recently announced delays in developing new products like AI agents and a personal assistant.
Trump approves sale of more advanced Nvidia computer chips used in AI to China
President Donald Trump says he will allow Nvidia to sell its H200 computer chip used in the development of artificial intelligence to “approved customers” in China. Trump said Monday on his social media site that he had informed China’s leader Xi Jinping and “President Xi responded positively!” There had been concerns about allowing advanced computer chips into China as it could help them to compete against the U.S. in building out AI capabilities. But there has also been a desire to develop the AI ecosystem with American companies such as chipmaker Nvidia.
Load More