SolarWinds cyber attack: How worried should I be, and what do I do now?
Security teams across the world are on high alert as more details emerge of the widespread SolarWinds ‘Sunburst’ attack. What do defenders need to do next?
Share this item with your network: By Published: 15 Dec 2020 13:08
As the scale of the compromise of SolarWinds’ Orion platform – which is so far known to have struck multiple US government departmentsand cyber security firm FireEye – continues to grow, security teams at thousands of other SolarWinds customers are on high alert.
The supply chain attack, dubbed Sunburst, involved the insertion of malicious code into Orion, giving the attacker a foothold in the network that they use to obtain elevated credentials, which in turn means they can gain access to more data and largely do as they please. The initial backdoor seems to have been distributed via legitimate automatic update platforms since March 2020.
The U.S. Treasury. (Sealy J. via Wikipedia/CC)
Network intrusions at the U.S. Commerce Department, the U.S. Treasury, FireEye and more all appear to be linked to subverted software updates for a network monitoring product called Orion, made by SolarWinds.
On Sunday, the U.S. Commerce Department confirmed it had been targeted by hackers, and the U.S. Treasury has also reportedly been struck. On Monday, new victims were added to the list: the Department of Homeland Security, State Department and National Institutes of Health, The Washington Post reports.
Reuters first reported the incidents, with the Post suggesting that a Russian hacking group known as Cozy Bear, aka APT29, is the source.
The U.S. Treasury. (Sealy J. via Wikipedia/CC)
Network intrusions at the U.S. Commerce Department, the U.S. Treasury, FireEye and more all appear to be linked to subverted software updates for a network monitoring product called Orion, made by SolarWinds.
On Sunday, the U.S. Commerce Department confirmed it had been targeted by hackers, and the U.S. Treasury has also reportedly been struck. On Monday, new victims were added to the list: the Department of Homeland Security, State Department and National Institutes of Health, The Washington Post reports.
Reuters first reported the incidents, with the Post suggesting that a Russian hacking group known as Cozy Bear, aka APT29, is the source.
Governors Wind Energy Coalition
Major hack hits energy companies, U.S. agencies Source: By Blake Sobczak, E&E News reporter • Posted: Tuesday, December 15, 2020
A massive hack of IT service provider SolarWinds led to cybersecurity compromises at multiple federal agencies. At least two of the Energy Department’s national labs use SolarWinds software and may have been affected by the hack, among thousands of other potential victims. Claudine Hellmuth/E&E News (illustration); Francis Chung/E&E News (photo); Freepik (binary code)
Top cybersecurity officials are scrambling to assess the fallout from a far-reaching hack of U.S. federal agencies and global companies, with electric power utilities, at least two Energy Department national labs and thousands of other organizations potentially breached.