Table of Contents
It’s bad, and is only going to get worse
Who is Responsible For The SolarWinds Attack?
It was definitely a state-sponsored attack, and the call-backs went back to Russia, The Czech Republic, Ukraine, and Romania, so looks like it was actually the Russians this time
Russia’s attack on SolarWinds actually started way back in March, while the entire world was distracted by the onset of the currently ongoing coronavirus pandemic. It was only noticed when the hackers used their recently obtained access to get into the IT-security firm FireEye.
It also highlights the risk of hiring many vendors to complete projects. They suspect that a vendor injected the code and there were so many vendors that were working on it Noone saw the whole code and no one knew it was there
SolarWinds didn’t find out until someone that uses their services had their security tools leaked, their investigation uncovered the code in the updates platform.
Funny thing is, SolarWinds’ stocks soared as the market predicted an increased need for their security services.
We Still Really Have No Idea How Bad The SolarWinds Hack is
When it comes down to it, this was a special kind of exploit. This is not just another hack. Although there are many elements that distinguish this situation from prior ones, we can really just focus on one:
The Sheer Scale of The Solar Winds Hack
In fact, a cybersecurity expert commented that on a scale from 1 to 10, the Russian SolarWinds hack is “probably an 11.”
The U.S. DHS (Department of Homeland Security) said that users of SolarWinds should disable the software. Considering just how many organizations and governments use this software, that’s quite a serious request.
QUOTE: It’s been said on a scale of one to 10 this is probably an 11 for the type of attack, the magnitude and the potential damage it’s done,” cybersecurity analyst Mark Wright, the chief security adviser at California-based cybersecurity startup Sentinel One, told Fox News on Monday morning. “Not from an infrastructure standpoint like going after the energy grid or taking things down. But simply from the loss of information, the stealing of secrets, especially very sensitive information and the fact that this was going on for months. CITATION: Mark Wright – Cybersecurity Analyst