US Cybersecurity Agency Discovers Long-Haul Russian Hacking Campaign

If you had to come up with some type of a “nightmare scenario” in terms of large scale, long-term cyber attacks in the United States, it would probably go a little something like this:

In early March of 2020 as the COVID-19 pandemic was beginning to take hold around the world, Russian intelligence actors gained access – without detection – to the unclassified networks of not only several United States government agencies, but also hundreds of different companies as well.  Those companies would involve not only tech giants like Cisco Systems and Intel, but also educational institutions like the California Department of State Hospitals and Kent State University as well.

Victims would also include government agencies like the United States Treasury, the State Department, the National Institute of Health and the Department of Homeland Security – the latter of which is literally tasked with protecting the government in this country from cyber attacks.

It’s a nightmare scenario because the potential damage that can be caused from it is catastrophic… and unfortunately, that’s literally what we’re living through right now. Experts have said that the attackers – who likely have ties to the Russian government – used tactics that were so skilled and creative that it became worrisome of what the motives were.


The SolarWinds Orion Hack: What Happened?

The thing that connects all of these organizations, federal agencies and educational institutions together is that they were all customers of a software firm called SolarWinds, a U.S.-based company that makes network management tools. At some point, hackers had gained access to SolarWinds’ network and planted a backdoor in its popular network monitoring tool Orion. Then, that rogue software was pushed directly to customer networks in the form of a compromised software update.

It has been estimated that more than 18,000 SolarWinds customers had been impacted by the rogue software update, essentially giving hackers unrestricted access to their networks and every last kilobyte of data contained on them.

The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) responded to the breach on December 13, 2020 with the issuance of Emergency Directive 21-01 – only the fifth such emergency directive issued by CISA under the Cybersecurity Act of 2015. It was intended to “mitigate potential compromises within federal civilian networks”, and urges all public and private sector partners to “assess their exposure to this compromise and secure their networks against any exploitation.” The directive gave all federal agencies operating with SolarWinds products until noon on the following day, Monday, December 14, to complete this report – which is why there is still a lot of breaking news on the subject as experts try to sift through the (virtual) wreckage.


Where Do We Go From Here?

The element that takes an already bad situation and makes it even worse is that thanks to COVID-19, so many employees – including those working for the federal government – are currently working from home for the foreseeable future. It’s always difficult to adequately protect a large network, but it becomes exponentially more complicated when countless people are dialing in remotely from systems that administrators don’t have 100% control over.

At a bare minimum, those working from home should always use a VPN when accessing remote networks to help make sure that the connection itself – and the data transmitted over that connection – is secure. Likewise, people need to prepare themselves for a rise in not only targeted malware attacks but also phishing schemes and ransomware moving forward. They need to be educated on not only how to identify one of these schemes before they fall victim to them, but also exactly what they will be expected to do in the event that they get a suspicious message in their email inbox.

As stated – the full extent of the damage of this particular hack is still not well known, and we’re finding out about more victims on what seems like an hourly basis. Regardless, one thing is certain: the worst is yet to come and it is in our own best interest to pay close, close attention to this story moving forward.

Computer Data Hacker flickr photo by Visual Content shared under a Creative Commons (BY) license