Pages

1 February 2021

The massive SolarWinds hack and the future of cyber espionage

Brad Howard

In December, cybersecurity firm FireEye discovered that it had been compromised by a sophisticated hack. SolarWinds, an IT firm that FireEye used, was the victim of a supply-chain attack that gave hackers access to potentially thousands of targets, including FireEye.

“The SolarWinds hack was and really is and continues to be one of the biggest espionage campaigns recently discovered,” said Thomas Rid, a professor of strategic studies at Johns Hopkins University.

Microsoft, Google and several U.S. government agencies were among those compromised by the intrusion.

“What’s unique about this or special about this particular intrusion is that they use the access they got by compromising SolarWinds itself to insert malware into the build process,” said Jacob Williams, founder of Rendition InfoSec. ”This then allowed them to target SolarWinds [and] customers that deployed this back door update.”

The repercussions of the SolarWinds hack are still being unraveled. As the Biden administration settles in, it will have to contend with the aftermath of this hack, and work to prevent future security lapses that can endanger national security.

No comments:

Post a Comment