The SolarWinds hack — the debate and recriminations rages on…
With the rise of more Ransomware attacks — the most recent hitting Silicon Valley VC firms, I decided to re-post this reminder.
I wrote this a few months ago as the recrimination and finger pointing continued centred on the Solarwinds hack that showed why we need to move beyond Passwords, as subsequent hacks show — the Colonial Pipeline hack on the eastern seaboard, JBA stopping much of US beef production, a Florida water treatment plant under water, the list is now endless as we enter the realms of Ransomeware-as-a-Service.
Whilst we have (APT) Advanced Persistent Threat teams working away, it is far easer to just blame Russia, North Korea, China and Iran. Then case closed. Are we really surprised these types of hacks take place? The average hack remains undetected for 220 days or more…with the first signs of abuse when the organisations data becomes available for sale on the Dark Web — often sold through data brokers. I also suggest those intent on stealing your information assets are already on the inside — the enemy within, like a sleeper agent, waiting to burst into polynomial life.
Whilst the precise details of the SolarWinds attack may never be know it is clear a catastrophic event happened. A critical collapse at every level of security. Or was it? Given the lessons from Sandworm attacks on US national infrastructure were themselves simple in approach and execution. The plan is always to create a beachhead, then press the button on a cascade strategy — get further inside, hide, gather and distribute, then spread the infectious malware far and wide, and keep repeating.
It is always interesting to me to witness how large businesses, government agencies and national infrastructure work with cyber security firms. In this case the compromise (a sunburst) was directed against the Orion development environment, highlights the sheer scale of the vulnerability, and how inadequate any cyber security systems really is.
