While the U.S. reels from the massive SolarWinds hack, which compromised government agencies and private tech companies, cybersecurity experts predict that more attacks on high-value targets are likely to occur. 

“There is a high probability that we will continue to see other wide-scale attacks like those targeting Microsoft, SolarWinds, UK, and U.S. government agencies and their customers in the foreseeable future as the size of this breach is massive," said Lior Div, CEO of Cybereason, the technology company behind a popular cybersecurity defense platform. 

The Washington Post reported last week that the Russian hacker group APT29, or Cozy Bear, was behind the attack, though its sources were unnamed. Div said he shares this belief based on the group's history and the resources required to organize a hack of this scale.  

"The amount of resources and time needed to prepare, and the accuracy required by the threat actors, make it very difficult to achieve success," he said. 

The hackers gained access to government agencies, including the U.S. Homeland Security, State, Energy, and Treasury departments, as well as IT companies in the supply chain, including Intel, Deloitte, and Cisco, among others. 

They did this by inserting malicious code into the network monitoring software of a third-party vendor. Texas-based SolarWinds sold the tainted software to at least 24 organizations, according to a Wall Street Journal report.  

Experts agree this is the worst incident since the NotPetya attack in 2017, considered by some the most sweeping cyberattack in history

Div said the hack highlights the vulnerability of IT supply chains to cyberattacks and how they can have far-reaching ripple effects. He also pointed to the presidential transition and the demands of fighting misinformation around COVID as contributing to officials perhaps taking their eyes off the ball.

"Adversaries like Russia and China look for this kind of instability and distraction to exploit for their benefit," he said. "If SolarWinds, a company with a stellar reputation, is hacked, then no hygiene in the world will prevent future attacks if companies don't have a robust, post-breach mindset and around-the-clock threat-hunters on the job.”

While supply chain attacks of this kind have so far been rare, they present a significant opportunity to hackers willing to put in the time because once they're inside a trusted network, they can essentially roam free. 

"The biggest concern here is that the success of this attack may lead to more threat actors looking to repeat the success that the SolarWinds compromise has had thus far," said Kate Kuehn, senior vice president at vArmour, a cybersecurity software company. "If supply chain hacks become more commonplace, the focus on visibility within an environment and app-to-app/user-to-app communications in a real-time, dynamic way, will become critical to prevent additional widespread breaches."

This means more real-time monitoring of behavioral changes by privileged accounts and systems, which played a key role in slipping past security measures up and down the supply chain that SolarWinds was a part of. 

The long-term consequences of this kind of attack is an erosion of trust between partners, particularly those at the borderline of private and public organizations, she added. 

"Software testing and code review will also come under massive scrutiny from a security perspective, more so than has ever been seen in the past," she said. "Companies will have to quickly put measures in place to address both of these issues."

Share:
More In Business
Michigan Judge Sentences Walmart Shoplifters to Wash Parking Lot Cars
A Michigan judge is putting sponges in the hands of shoplifters and ordering them to wash cars in a Walmart parking lot when spring weather arrives. Genesee County Judge Jeffrey Clothier hopes the unusual form of community service discourages people from stealing from Walmart. The judge also wants to reward shoppers with free car washes. Clothier says he began ordering “Walmart wash” sentences this week for shoplifting at the store in Grand Blanc Township. He believes 75 to 100 people eventually will be ordered to wash cars this spring. Clothier says he will be washing cars alongside them when the time comes.
State Department Halts Plan to buy $400M of Armored Tesla Vehicles
The State Department had been in talks with Elon Musk’s Tesla company to buy armored electric vehicles, but the plans have been put on hold by the Trump administration after reports emerged about a potential $400 million purchase. A State Department spokesperson said the electric car company owned by Musk was the only one that expressed interest back in May 2024. The deal with Tesla was only in its planning phases but it was forecast to be the largest contract of the year. It shows how some of his wealth has come and was still expected to come from taxpayers.
Goodyear Blimp at 100: ‘Floating Piece of Americana’ Still Thriving
At 100 years old, the Goodyear Blimp is an ageless star in the sky. The 246-foot-long airship will be in the background of the Daytona 500 — flying roughly 1,500 feet above Daytona International Speedway, actually — to celebrate its greatest anniversary tour. Even though remote camera technologies are improving regularly and changing the landscape of aerial footage, the blimp continues to carve out a niche. At Daytona, with the usual 40-car field racing around a 2½-mile superspeedway, views from the blimp aptly provide the scope of the event.
Load More