According to Charl van der Walt, head of security research at Orange Cyberdefense, the recent SolarWinds hack has offered valuable insight into the actual cost of such a cyberattack. Van der Walt addressed the issue at the ITWeb Security Summit 2021 in his opening keynote address.
US network monitoring software company SolarWinds had around 300,000 customers, and in 2020 it was compromised through a backdoor inserted in its software. Because of the cyberattack, about 18,000 customers downloaded software with a backdoor installed. Confirmed victims include nine government agencies and around 100 commercial entities.
“The number is probably even higher now, and it’s certainly much higher than we think it is,” noted van der Walt.
The cyberattack has been attributed to Russian government-backed individuals. These perpetrators slipped the malicious code into the software update of Orion, the company’s software for infrastructure monitoring and management, laying the groundwork for a massive cyberattack against US entities. However, it’s suspected that the hackers had access to the company’s internal systems as early as September 2019, allowing them to plan this supply chain attack.
“I want to touch on systemic issues. We know we should all be thinking about the security of our hardware and software supply chains, but the supply chain, in this case, was really a symptom rather than the cause of the problem,” van der Walt said.
He identified three factors that contribute to such attacks occurring: security debt, interdependence, and investment by foreign governments in organized hacking operations.
“What you see in the case of SolarWinds is that when a component is compromised, then you end up with a list of potential victims. I want to note the delta between the 18,000 potential victims and the 109 confirmed victims in this case. Those 17,891 represent a very interesting theme. In a way, they are the lucky ones. They know they’ve got a problem, and can get on with the business of triage, response, and recovery. It’s the 17,891 that aren’t sure, because until you find evidence of a compromise, you can’t prove there is no compromise.”
The burden of not knowing whether or not you’re operating on a system that has potentially been compromised can cause uncertainty, especially in highly interconnected environments. Finding the best and most secure network monitoring software for your organization is imperative and can save you from potential financial losses.