From December 2020 to early this year, the SolarWinds Orion hack that made the world's security world (especially the U.S.) buzzwords is known as the Solorigate. A gate is like a suffix attached when cheating or a large-scale event causes a great wave in society. This means that the SolarWinds Orion hacking incident has a wider and more serious damage range than any other hacking or data breach incident.
It started with FireEye. On December 8th, cybersecurity company FireEye released all of the tools themselves when announcing that their red team's attack tools had been stolen. Until then, security experts praised the groaning of even FireEye', the lesson that 'no one can stop them', and FireEye's quick response. He said that only one more security company was hacked, and tried to alleviate the shock.
'Everyone can be hacked' FireEye hacking accident and what companies should be concerned about but the FireEye hacking case was only the beginning. SolarWinds Orion hacking incident revealed while tracking and investigating the intrusion path, Solo Regate, was opened.
Security researchers at FireEye and Microsoft said, "A sophisticated state-led attacker planted a Trojan horse in SolarWinds' Orion network monitoring and management software update, allowing access to a variety of government, public and private networks." According to FireEye, the attack began as early as spring 2020 and is currently underway. In short, the attacker was able to invade all institutions and businesses using SolarWinds Orion for at least half a year.
SolarWinds said less than 18,000 of its 300,000 customers have downloaded Trojans. Victims include government agencies in North America, Europe, Asia, and the Middle East, consulting, technology, telecommunications, oil and gas companies. Became known.
The U.S. government's Cybersecurity Administration further strengthened the warning by instructing U.S. federal agencies to immediately disconnect or power off the Solarwinds Orion product version 2019.4 through 2020.2.1 HF1 from the network through Emergency Directive 21-01.
SolarWinds hack, known and new malicious actor SolarWinds trojan horse, hot patch and all damaged equipment need containment not all of the Solo Regate, that is, the SolarWinds hack, has been revealed, but the extent of damage revealed so far is a huge Level.
Is there no way to respond to such a state-led cyber attack? “There is no way to prevent threats with a 100% guarantee,” said Michael Daniel, president of the Cyber Threat Alliance (CTA) and cybersecurity coordinator for former US President Obama. I have advised the president several times that if there is anyone who promises to solve the cybersecurity problem or has a 100% guarantee, he should be willing to abandon it because he is a fool or lying.” In particular, 100% security cannot be achieved for a country that puts a lot of resources over a long period of time or an enemy that is supported by the state.
Despite the difficulties in preventing and detecting state-led attacks, experts argue that companies can do a lot to minimize the risks posed by attacks.
The problem with Microsoft's Windows update policy viewed as a SolarWind hack is a supply chain attack. Even if state-led attacks are sophisticated and covert and difficult to prevent, they are not able to cope with the types of supply chain attacks that have existed 10 years ago. For at least several years, security experts have voiced concern over supply chain attacks.
What is the supply chain attacks is applied, the reasons to be wary of third-party providers recession, suppliers and supply chain risk management measures five key points to protect the supply chain from cyber attacks “In 2018, the 'supply chain attack' method of bypass attacks is increasing” Kaspersky Lab's value-chain attack, also known as a third-party attack, refers to someone breaking into a system through an external partner or supplier that has access to their systems and data.
The major cyber damage caused by suppliers is endless. In 2014, Target's data breach was caused by poor security from HVAC vendors. Equifax's 2017 data breach revealed that it was a flaw in external software in use and later blamed it for a malicious download link from another vendor's website.
Not only in the United States. Most large-scale security incidents, including the 2011 Nonghyup computer network paralysis, which occurred in Korea 10 years ago, the 320 computerized disasters in 2013, and the mass leakage of personal information of three-card companies in 2014, started with the supply chain attacks.
The SolarWinds hack reveals the serious impact of supply chain attacks and the unfortunate fact that most companies aren't ready to prevent and detect these threats. In addition, it became clear that the same level of sophistication was required to deal with the supply chain threat of the SolarWinds attack level. As a result, it is expected that other types of attack groups, not just state-led attack groups, will use supply chain attacks more actively.
0 Comments