December 20, 2020 at 7:23 p.m.
- SolarWinds Orion is a popular network administration platform.
- Hackers compromised SolarWinds Orion’s build system, integrating a backdoor into its software using a supply chain attack.
- The cyberattack may compromise 18,000 organizations.
- Security experts are still not certain who waged the attack; however, they suspect state-sponsored Russian hackers.
- The SolarWinds cyberattack, still underway, is considered the worst security breach in US history.
- The average household computer user does not have to worry about infiltration of their PC or Mac by Russian hackers.
Cyber Attack Infiltrates 18,000 Global Organizations
Hackers infiltrated the popular SolarWinds Orion network management platform, enabling access to government and corporate networks worldwide. The malicious actors used a sophisticated supply-chain attack, with the payload delivered directly by software updates. By infiltrating the software build itself, hackers were able to plant their backdoor without detection.
Developers write software as code; however, this isn’t the only part of an installed app. Code libraries, assets, and other resource files are packaged along with compiled binaries to produce installable software. The process of compiling and packaging software into a finished installer is known as the “build”.
Instead of compromising millions of machines, the ingenious hackers only had to hack into one — SolarWind’s build machine. From here, they simply added the payload as part of the software update. Malware detection software, such as Windows Defender, couldn’t find the payload, as SolarWinds Orion is trusted software. It’s the ultimate trojan horse, embedded in ubiquitous network management software.
When tens of thousands of organizations installed the latest updates of SolarWinds Orion, they unwittingly installed a backdoor, allowing malicious users to infiltrate systems. The hackers breached some of our government’s most critical organizations, such as every military branch, the US Treasury, and even the Department of Homeland Security.
The good news is that the cyberattack did not compromise our most confidential secrets. Top secret information resides in privileged networks. These networks don’t have Internet gateways or deploy network management software.
Although it’s reassuring to know our nation’s top secrets are secure, many government systems are compromised. Hackers didn’t alter any data. They simply cherry-picked less than 100 networks, out of almost 20,000, looking for information. The attack is still ongoing, with cybersecurity experts warning it will take months to remediate systems.
Your Personal Computer is Likely Safe
Before you start downloading security software or formatting hard drives, it’s important to realize that your home PC or Mac is likely safe, at least from this exploit. It’s doubtful that you accidentally installed SolarWinds on your PC. Network administrators use this software to manage enterprise servers and workstations.
There’s one remote possibility for an individual’s PC to be infected. If your organization uses SolarWinds Orion, sysadmins may use it to manage your machine. The software can deploy apps and updates, among other desktop services. The payload may distribute itself to other computers on the network, including personal workstations and laptops.
Those who bring their work laptops home could potentially expose other computers on their domestic network to malware. At this point, it’s unknown whether this happens, but it’s certainly possible.
At the moment, cybersecurity experts are still learning about the SolarWinds Orion hack. So far, they’ve seen that the attackers have only been looking at files and data in a few strategic locations. In other words, they’re looking for plans for the death star, not your grandma’s blueberry muffin recipe. It’s doubtful that most people have top-secret information on their work laptops.
It never hurts to use anti-virus and anti-malware software, such as Windows Defender. macOS pushes security patches through software updates, so make sure your Mac is up-to-date. Keep in mind; Windows Defender didn’t discover this malware and, so far, it can’t detect or remove it. Microsoft President Brad Smith effectively dodged any blame for the intrusion; however, Windows Defender didn’t discover the attack.
Your insignificance is what keeps you safe. Your Dell Inspiron doesn’t store GPS coordinates for the nuclear fleet, after all. Most of the malware affecting Windows and Macs is adware — ads inserted into search results and web pages without your knowledge. It’s irritating but easily detectible, removable, and relatively innocuous.
The US Engages in Cyberattacks
All nationalism aside, the United States engages in cyberattacks and intrusions. Edward Snowden shed much light on the inner-workings of US hacking capabilities. Even our allies, such as Germany’s Angela Merkel, had her phone compromised by US surveillance.
There’s really no such thing as international law. Governments and international organizations form treaties and alliances, but they’re typically worth less than the paper they’re drafted on. The world of international relations is one of anarchy. Governments put on civil, diplomatic faces, but everyone is the enemy behind the scenes — even supposed allies like Germany.
Much of the media is outraged, portraying the US as a victim. We are, but they’re ignoring all of the cyber-warfare conducted by the United States over the past decades. We can’t expect our adversaries, made more so by our hacking, to just sit on their hands. We’ll continue to hack other nations, and they will do the same to us.