SolarWinds Supply Chain Cyberattack – Experts Insight

SolarWinds supply chain attack, in which hackers (believed to be working for Russia) have tampered with software updates released by the company. Known victims of the attack so far include the US treasury, the US NTIA and FireEye itself. 

Experts Comments

Global cooperation in cybercrime prosecution is vital to break the impasse and make computer crime investigable.

Supply chain attacks have surged in 2020: they offer rapid and inexpensive access to valuable the data held by VIP victims. The victims, like has happened in the SolarWinds case, usually have no technical means to detect intrusion in a timely manner unless the breached supplier informs them. Most of the suppliers cannot afford the same level of incident detection and response (IDR) as their clien…..Read More

Supply chain attacks have surged in 2020: they offer rapid and inexpensive access to valuable the data held by VIP victims. The victims, like has happened in the SolarWinds case, usually have no technical means to detect intrusion in a timely manner unless the breached supplier informs them. Most of the suppliers cannot afford the same level of incident detection and response (IDR) as their clients for financial and organizational reasons. Eventually, hackers and nation-state threat actors deliberately target the weakest link, get fast results, frequently remain undetected and unpunished. Attribution of sophisticated APT attacks, as reportedly affected SolarWinds and subsequently its customers, remain a highly complicated, time-consuming and costly task. Global cooperation in cybercrime prosecution is vital to break the impasse and make computer crime investigable.  Read Less

A holistic approach to cyber-security is vital to ensure defences are as effective as possible.

A successful, nation-state supply-chain attack isn’t a surprise, but it should be a serious wake-up call. Many organisations have fortified their own cybersecurity defences, but as we have seen, a single partner or supplier being breached can undermine any positive action already taken. The fact that a supplier was so successfully breached, putting core US government organisations at risk, highl…..Read More

A successful, nation-state supply-chain attack isn’t a surprise, but it should be a serious wake-up call. Many organisations have fortified their own cybersecurity defences, but as we have seen, a single partner or supplier being breached can undermine any positive action already taken. The fact that a supplier was so successfully breached, putting core US government organisations at risk, highlights the huge importance of a secure supply chain. A holistic approach to cyber-security is vital to ensure defences are as effective as possible. Having the latest and greatest technologies to secure your own network is only a partial solution if your suppliers are not doing the same. Businesses often carry out due diligence on the financial viability of core partners to ensure they are not a risk. The same has to be true for cybersecurity. Regular assessment or monitoring of all partners’ and suppliers’ cybersecurity practices must become commonplace, alongside a robust cybersecurity program to minimise the risk of falling victim to similar attacks. There is no doubt that as this attack is investigated we will see many more victims come to light. Organisations must act now if they aren’t sure their supply-chain is secure, as waiting will just increase the chances of becoming the next headline.  Read Less

VP Security Strategy & Threat Intelligence

Venafi

Adversaries are quickly moving to attack not just one computer but entire networks.

It should come as no surprise that sophisticated hackers like those from Russia are seeking to infiltrate the US government. What is shocking is that adversaries are now abusing the trust that powers software updates to attack broad swaths of the US government and economy. These attacks will escape detection from state-of-the-art defense because they come with trusted machine identities that give …..Read More

It should come as no surprise that sophisticated hackers like those from Russia are seeking to infiltrate the US government. What is shocking is that adversaries are now abusing the trust that powers software updates to attack broad swaths of the US government and economy. These attacks will escape detection from state-of-the-art defense because they come with trusted machine identities that give them extreme trust. It’s the same method that powered Stuxnet. What hackers have known – and many security teams not been aware of – is that developers must use machine identities to sign their code. But developers are easy prey. Once compromised these machine identities convey trust for every software update. This was the secret weapon in the Stuxnet attack and subsequently against Microsoft, Carbon Black, Asus, and many others. And this is the same technology that’s used in the US Treasury makes sure Boeing and Airbus planes get trusted software updates just like your iPhone. Adversaries are quickly moving to attack not just one computer but entire networks. Instead of small, tedious attacks these supply chain hacks catapult the opportunity for success. All of this is typically powered by a single identity of a machine – a code signing certificate – to say if the software is trusted or not. This is the future of attacks on the cloud and IoT that’s here today. Without machine identity management to protect them, code signing developers will remain easy prey, and attacks on tens of thousands of businesses and governments will only get worse.  Read Less

You may also like