On US Election Day, General Paul M. Nakasone, the nations' top cyber warrior, reported that the war against Russian interference in the presidential campaign had been a major success and exposed the other sides online weapons and tactics.
Eight weeks later the General and other American officials responsible for the cybersecurity are now consumed by what they missed at least nine months ago; over 250 federal agencies and businesses hacked.
Microsoft confirmed the hackers compromised SolarWinds' Orion monitoring and management software allowing the hackers to impersonate any of the organizations existing users and access highly privileged accounts and going unnoticed for over nine months! An ongoing investigation into the attack has found that companies that were focusing resources on the election's online security like Microsoft and FireEye were also breached during the attack as part of a larger assault on the supply chain.
Interviews with current and former employees of SolarWinds would suggest the company was slow to make security priority. The employees stated that in 2019 every part of the business was examined for cost-saving opportunities which did help the company triple its profits to over $453 million. However, some of the measures the company made may be deemed questionable and put the clients at greater risk of cyberattack.
SolarWinds has only stated that the manipulation of its software was the work of human hackers rather than a computer programme. They are yet to address if this was the work of an insider.
Three weeks after the intrusion came to light it is still unclear whether what the Russians pulled off was simply an espionage operation inside the systems of American bureaucracy or if it was something more sinister inserting 'backdoor' access into government agencies from the electrical grid to laboratories developing and transporting new nuclear weapons.
2021 is the year to put your cybersecurity first, get in touch with our expert team today on 01642 248 750