While the U.S. reels from the massive SolarWinds hack, which compromised government agencies and private tech companies, cybersecurity experts predict that more attacks on high-value targets are likely to occur. 

“There is a high probability that we will continue to see other wide-scale attacks like those targeting Microsoft, SolarWinds, UK, and U.S. government agencies and their customers in the foreseeable future as the size of this breach is massive," said Lior Div, CEO of Cybereason, the technology company behind a popular cybersecurity defense platform. 

The Washington Post reported last week that the Russian hacker group APT29, or Cozy Bear, was behind the attack, though its sources were unnamed. Div said he shares this belief based on the group's history and the resources required to organize a hack of this scale.  

"The amount of resources and time needed to prepare, and the accuracy required by the threat actors, make it very difficult to achieve success," he said. 

The hackers gained access to government agencies, including the U.S. Homeland Security, State, Energy, and Treasury departments, as well as IT companies in the supply chain, including Intel, Deloitte, and Cisco, among others. 

They did this by inserting malicious code into the network monitoring software of a third-party vendor. Texas-based SolarWinds sold the tainted software to at least 24 organizations, according to a Wall Street Journal report.  

Experts agree this is the worst incident since the NotPetya attack in 2017, considered by some the most sweeping cyberattack in history

Div said the hack highlights the vulnerability of IT supply chains to cyberattacks and how they can have far-reaching ripple effects. He also pointed to the presidential transition and the demands of fighting misinformation around COVID as contributing to officials perhaps taking their eyes off the ball.

"Adversaries like Russia and China look for this kind of instability and distraction to exploit for their benefit," he said. "If SolarWinds, a company with a stellar reputation, is hacked, then no hygiene in the world will prevent future attacks if companies don't have a robust, post-breach mindset and around-the-clock threat-hunters on the job.”

While supply chain attacks of this kind have so far been rare, they present a significant opportunity to hackers willing to put in the time because once they're inside a trusted network, they can essentially roam free. 

"The biggest concern here is that the success of this attack may lead to more threat actors looking to repeat the success that the SolarWinds compromise has had thus far," said Kate Kuehn, senior vice president at vArmour, a cybersecurity software company. "If supply chain hacks become more commonplace, the focus on visibility within an environment and app-to-app/user-to-app communications in a real-time, dynamic way, will become critical to prevent additional widespread breaches."

This means more real-time monitoring of behavioral changes by privileged accounts and systems, which played a key role in slipping past security measures up and down the supply chain that SolarWinds was a part of. 

The long-term consequences of this kind of attack is an erosion of trust between partners, particularly those at the borderline of private and public organizations, she added. 

"Software testing and code review will also come under massive scrutiny from a security perspective, more so than has ever been seen in the past," she said. "Companies will have to quickly put measures in place to address both of these issues."

Share:
More In Business
‘Chainsaw Man’ anime film topples Springsteen biopic at the box office
A big-screen adaptation of the anime “Chainsaw Man” has topped the North American box office, beating a Springsteen biopic and “Black Phone 2.” The movie earned $17.25 million in the U.S. and Canada this weekend. “Black Phone 2” fell to second place with $13 million. Two new releases, the rom-com “Regretting You” and “Springsteen — Deliver Me From Nowhere,” earned $12.85 million and $9.1 million, respectively. “Chainsaw Man – The Movie: Reze Arc” is based on the manga series about a demon hunter. It's another win for Sony-owned Crunchyroll, which also released a “Demon Slayer” film last month that debuted to a record $70 million.
Flights to LAX halted due to air traffic controller shortage
The Federal Aviation Administration says flights departing for Los Angeles International Airport were halted briefly due to a staffing shortage at a Southern California air traffic facility. The FAA issued a temporary ground stop at one of the world’s busiest airports on Sunday morning soon after U.S. Transportation Secretary Sean Duffy predicted that travelers would see more flights delayed as the nation’s air traffic controllers work without pay during the federal government shutdown. The hold on planes taking off for LAX lasted an hour and 45 minutes and didn't appear to cause continued problems. The FAA said staffing shortages also delayed planes headed to Washington, Chicago and Newark, New Jersey on Sunday.
Boeing defense workers on strike in the Midwest turn down latest offer
Boeing workers at three Midwest plants where military aircraft and weapons are developed have voted to reject the company’s latest contract offer and to continue a strike that started almost three months ago. The strike by about 3,200 machinists at the plants in the Missouri cities of St. Louis and St. Charles, and in Mascoutah, Illinois, is smaller in scale than a walkout last year by 33,000 Boeing workers who assemble commercial jetliners. The president of the International Association of Machinists says Sunday's outcome shows Boeing hasn't adequately addressed wages and retirement benefits. Boeing says Sunday's vote was close with 51% of union members opposing the revised offer.
Load More