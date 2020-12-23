Earlier this month it was revealed that Russia had undertaken the largest cyberespionage campaign in American history, infiltrating government and private organizations. From the department of Homeland security to the National Institute of Health, the hack has been wide reaching.
But amidst all the techno jargon many have been left wondering what exactly this attack was, who it hurts and if they should be concerned by it?
The first thing to understand about this attack is how it happened. A suspected Russian intelligence agency carried out a sophisticated attack on multiple US agencies and private companies by injecting malware into their systems via an update. The update was for software created by a company called SolarWinds. SolarWinds makes software used by tens of thousands of organizations to monitor their computer networks.
It’s called a supply chain attack. Malicious code if secretly placed inside of an update to a program. When users run the update, it places the malware on their system. This particular malware stayed dormant for several weeks to avoid “sandboxing,” a cybersecurity technique that sections off certain code to test it for bugs or malware.
The malware, given the name SUNBURST, affected updates to SolarWinds Orion app between March-June of this year.
So that’s the how, but what about the who?
Unfortunately, it will likely be some time before we have a handle on all the federal agencies affected. And in all honestly that information might remain classified. What we do know is that Microsoft was hit, and that infected 40 of its customers, 18 percent of which were government targets. We do know that the US Cybersecurity and Infrastructure Security agency put out an advisory that urged all federal agencies to mitigate the malware stating that it is “currently being exploited.”
In the corporate world, over 18,000 business customers have been identified as potentially impacted by the attack.
Thankfully, the average home computer user does not need to worry about the attack, and Microsoft has already inoculated against the malware and updated their Defender program. This attack is expected to make general users wary of updating their software, but most cybersecurity experts are advising personal users to continue updating their software as it helps to create more stable environments.
Finally, the question on many people’s minds is “should we be concerned?” The answer is a solid “yes.” While the purpose of the malware has not been revealed to the general public (essentially, we don’t know what it is doing to these systems) one effect is becoming clear, this attack has weakened people’s faith ion the government’s critical infrastructure.
Whether this was an intended side effect or not is unclear, though it’s safe to say that any damage is good damage in the eyes of the attackers. Tom Bossert, a former US homeland security adviser, wrote in a New York Times op-ed that “the magnitude of this ongoing attack is hard to overstate,” and that it demands a response in which “all elements of national power must be placed on the table.”