Back to Insights

Biggest US Cyber Attack

Cyber security 01/05/2021 - 02:00 by Swami Nathan

The Biggest US Cyber Attack

The US Department of Energy states that it has been struck by the Sunburst hack

In what is described as the worst-ever hack on the US government, the US Energy Department is the latest agency to confirm it has been breached.

The department is responsible for the management of U.S. nuclear weapons but said the security of the arsenal was not compromised.

On 17th December, tech giant Microsoft also said it had found malicious software in its systems.

Many suspect that the Russian government is liable. Any involvement has been denied.

Among the other targets of the sophisticated, months-long hack, which was first confirmed by officials on 13th December, are the US Treasury and Commerce departments.

Who was impacted, and how bad is that?

The size of the hack is potentially global and potentially catastrophic for companies because the affected software affects several areas of a business.

SolarWinds, of Austin, Texas, provides hundreds of thousands of organizations around the world, including several Fortune 500 corporations and government agencies in North America, Europe, Asia, and the Middle East, with network control and other technological services.

Its compromised product, Orion, accounts for almost half of the annual sales of SolarWinds (this year the company has taken in more than $750m). The centralized control of Orion searches for issues in the computer networks of a company, which means that breaking in gave such networks a "God view" to the attackers.

SolarWinds said it sent an alert to around 33,000 of its Orion customers who may have been impacted, although it reported that the compromised product update had already been installed earlier this year by a smaller number of customers, less than 18,000.

Neither SolarWinds nor the United States cybersecurity authorities have publicly reported can organizations have been violated. Just because SolarWinds is used by a corporation or organization as a supplier does not necessarily indicate that it is prone to hacking.

Who's behind the hack?

SolarWinds said it was told that its networks were compromised with malware by an "outside nation-state". Neither the US government nor the businesses impacted have publicly declared which nation-state they believe is accountable.

On December 14th, an American official, speaking on condition of anonymity due to an ongoing investigation, told the Associated Press that Russian hackers were suspected. Russia said it had "nothing to do" with the hacking.

The infiltration tactic involved, referred to as the "supply-chain" process, recalled the Russian military hacker technique used in 2016 to infect businesses in Ukraine with the hard-drive-wiping NotPetya virus, the most destructive cyber-attack to date, to infect businesses in Ukraine.

What's next?

Moving forward, the EINSTEIN system of the Department of Homeland Security, which is designed to avoid intrusions and track malicious traffic on federal computer networks, is likely to be subject to increased scrutiny.

According to a former senior DHS official, the framework is focused on detecting known malicious activity and performs well if it knows what it's looking for.

"If you don't know what you're looking for, it's a problem", the official said, adding that it is likely to raise questions among lawmakers who have allocated billions of dollars to the program. The incoming Biden administration, the former official said, would need to take a "hard look at Einstein".

The Government Accountability Office, which acts as the watchdog for Congress, concluded in 2018 that, despite some changes, there were still drawbacks to the structure that handles EINSTEIN.

It is unclear, however, whether the existing systems in place would have caught the new hack.

Even if it was highly effective in the cybersecurity of the country, it is quite possible that this infringement would not have been caught, “Even if everything was highly effective in the government's cybersecurity, it's quite likely this breach wouldn't have been caught", An objective review has not been performed by GAO yet.

"Agencies are going to have to continue to do more to build all the pieces of the puzzle, so if they do get hacked — how do they figure out what happened and clean up afterward in the event they can't catch something".

D'Souza said agencies lack their skills for "logging"— the ability to go back and look at a network and find out what happened in the aftermath of a breach.

Neither SolarWinds nor the United States cybersecurity authorities have publicly reported can organizations have been violated. Just because SolarWinds is used by a corporation or organization as a supplier that it was prone to hacking.