As far as the internet security space is concerned, 2020 has seen a proliferation of cyberattacks and threats. The latest security breach resulted in a high-profile victim and it is none other than a major US government contractor. Cybersecurity firm FireEye and the United States Department of Homeland Security both made statements confirming that hackers had compromised an IT monitoring and management tool known as Orion, which is used by a number of Fortune 500 companies. According to a report by FireEye the tool was developed by SolarWinds, a software company based in Oklahoma, and it is in regular use by businesses and governments in the Middle East, North America, Asia, and Europe.
According to FireEye, it appeared that the hack had first been initiated back in early Spring this year, when the software updates of the tool were injected with malware. SolarWinds is used by a number of government agencies, which include the National Telecommunications and Information Administration (NTIA), the Department of Commerce and the Homeland Security Department. Kim Zetter, a cybersecurity journalist further explained that the Orion’s software had been infected by hackers with malicious code without the consent of SolarWinds. Eventually, this malicious code was distributed to customers.
Zetter further said that once customer systems were infected by the malicious code, it ended up opening a backdoor within these systems. The hackers were then able to use this backdoor for entering the systems and start stealing confidential and sensitive data present on those networks. According to Zetter, as they had only recently discovered the activity, the hackers had been spying on government workers and officials without anyone knowing about it. SolarWinds also made a statement about the incident and disclosed that they had only recently become aware of the threat. They confirmed that versions of the Orion software in which they had discovered vulnerabilities were the ones that were released between the months of March and July.
SolarWinds also added that they were collaborating with the FBI and cybersecurity firms on investigations and were looking to find a way to move forward soon. A number of other news sources have tried to unearth who was behind the attack. It was suggested by a Reuters report that the hackers could have been sponsored by the Kremlin, as part of a broader campaign of espionage against the United States. The incident also occurred only a month after Homeland Security Department’s cybersecurity chief, Chris Krebs, was fired.
However, as the reports have confirmed now, this campaign has been ongoing for months. In addition, it could actually be a precursor for what could happen Kaspersky Lab, a cybersecurity firm forecasted last month that there would be an uptick in security attacks in the economic recovery period after the coronavirus pandemic. The company had said that more people would have to face extreme poverty in the post-COVID-19 era and they would only get desperate to make ends meet. Hence, this will eventually lead them to cybercrime, resulting in an increase in breaches.