SolarWinds Hack: Hundreds of Billions USD Needed to Repair Damage

The biggest and most serious cyber-espionage campaign in US history affected 18,000 organizations.

  • 18,000 clients of the US SolarWinds software compromised
  • The massive cyber-espionage disclosed after 9 months of damage
  • Malicious code links to the Russian government

One of the biggest cyber espionage campaigns in recent history – SolarWinds hack – could require over $100 billion to fix the damage.

SolarWinds is a Texas-based major IT software provider with a base of high-profile clients.
The exploited software damaged thousands of clients, including the United States government institutions and the private sector.

Sponsored

At least four US government departments (including Commerce, Treasury, Homeland Security, and Justice), federal agencies, critical infrastructure entities, and multiple Fortune 500 companies were affected by the attack that was disclosed last December.

Russian FSB trails

The US intelligence and FBI reported links to โ€œlikely Russian-originโ€ hackers that used malware to gather intelligence data from high-profile victims.

Russian-based sources with cybersecurity background confirmed Reuters, malware resembling the one used by โ€œTurlaโ€. It is a hacking group that operates on behalf of the Russian FSB security service.

The distinct similarities included methods of victims identification, ways to hide from security analysts and formulas of calculating time frames when viruses were โ€œsleepingโ€ in order to avoid detection.

How was it done?

As the Department of Homeland Security reports, hackers broke into SolarWinds infrastructure in March 2020. They added malicious code into the company’s software platform, Orion.

The code was later unintentionally sent to more than 33,000 Orion users together with the regular software update. Malicious code created a backdoor for cybercriminals to add spying malware.

Over 18,000 Orion users installed the Orion updates and opened a door to attackers to monitor their data continuously for nine months before the detection in December 2020.

According to experts the attackers gained access to the organization’s identity provider. Their identification tools like multi-factor identity authentication systems were compromised. Thus hackers were able to impersonate legitimate users to spy on them.

SolarWinds developers use the software from JetBrains, a Czech tech company founded by three Russian engineers. The investigators now examine the role of JetBrains as it could have created a pathway for hackers.

The damage

As WSJ analytics reported, the sensitive information of the US government institutions including the Pentagon, Department of Homeland Security, Department of Treasury and State Department, Nuclear Security Administration was breached.

At least one hospital and university installed the malicious code. As well as numbers of private entities like tech giants Microsoft, Cisco Systems, Intel, Deloitte, and Nvidia.

Reportedly, the primal intent of the attackers could be spying on government secrets and internal communications. The hackers also breached sensitive files of new technologies and emails of executives.

On the flipside

  • Vulnerabilities in the supply chain is a huge problem for enterprise-level IT and software companies.
  • There is a lack of regulation on software improvements.
  • The governments fail to bring a higher strategic focus to cybersecurity.

The SolarWinds attack is already called the biggest and most serious espionage campaign. It went undetected for months and highly possibly spread into multiple directions.

As cybersecurity expert and former NSA hacker, Jake Williams says, eliminating the malicious infection and fixing the damage might take months and cost hundreds of billions of dollars.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Milko Trajcevski

Milko Trajcevski is a DailyCoin news reporter, mainly focused on Ethereum (ETH), Cardano (ADA), and their founders (Vitalik Buterin and Charles Hoskinson). Milko is an avid follower of crypto and blockchain technology and has written thousands of articles on the subjects. He finds joy in transforming complex issues into written content that anyone can understand. Milko has used and analyzed numerous exchanges, such as Coinbase, FTX, and Binance. He also closely follows all of the latest news around the largest decentralized exchanges (DEXs). Location: Skopje, Macedonia

Read more