In the last week, we’ve seen two major successful attacks on critical US IT management and Cyber security tools.
The first we learned about was on FireEye, which is one of the leading and most trusted cyber security tools, used by much of the Fortune 500. https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html
The second one that we read about was Solarwinds ‘Orion’ – a well-known and commonly used network Management tool from Solarwinds. Most IT businesses including ourselves use Solarwinds products, albeit we don’t use their Orion software, so are unaffected by this hack. Orion hack exposed vast number of targets – impact may not be known for a while | Espionage | The Guardian
By attacking the tools that organisations use, the hackers have managed to compromise a number of these organisations including giants such as the US Energy Dept (https://www.bbc.com/news/world-us-canada-55358332) in what seems to be named ‘Sunburst’ hacks.
Who is affected?
The media are not underplaying the seriousness of this breach. Russian state actors appear to have used a supply chain hack via Solarwinds’ Orion software to infiltrate US departments of State and Homeland security. It’s reported that around the world 18,000 companies and government organisations use the hacked version of the software. It’s believed that around 40 were actively targeted.
Kinetics use Solarwinds’ N-central product. Orion and N-central do not share infrastructure or services. Within Solarwinds these are separate business units. Because Orion is used by the US government, the FBI, Homeland Security and other US government various agencies are assisting Solarwinds. There is no indication that any product other than Orion has been breached. To be safe, Solarwinds has released an update to N-central. This update resets a key digital security feature making previous versions invalid. Kinetics will be deploying this updated version this week. The update will have no impact on any clients.
This is being called the gravest cyber-intrusion in US history
All of these businesses are reputable, careful and well-protected. The hacks are being reported as ‘state-sponsored’ with fingers being pointed at Russia, although we noted the White House named China according to one report.
It seems that the hackers chipped away slowly over many months, getting a little access here, adding to it there, combining various cracks in the armour until eventually they gained access.
In our interconnected world, it is likely that we will use software that unwittingly, relies on one of these as some of the tools are in the ‘supply chain’ – a cloud system might rely on a hosting partner that uses one of these tools, or a key supplier who, in turn relies on software that is used by one of these.
If even the best can be compromised, what hope is there for the rest of us?
This is a timely reminder that everyone is under attack all the time. The breach of a $5billion company makes headlines, whereas most intrusions get no attention outside the victim company.
The fundamental point we’d make is anyone can be a target, and no one can guarantee to prevent a cyber incident. What we can do is reduce risk. That is what KARE for Security does, with some technology and some human education. We must keep reminding people how to be alert, how to act and how to check anything that is suspicious.
Coming early in the New Year will be an extended Kare for Security offering that, amongst other protections, will include a tool for detecting ‘shadow IT’. We are each responsible for the data we keep, whether we keep it on our own platform, or on a cloud system or SAAS system we use. The level of responsibility keeps increasing alongside the heightened risk.
If you want to know more about our innovative, practical security solutions (more than just software) – then contact us now!