THE SOLARWINDS HACK: SECURING THE FUTURE
Name______________________
Topic: SolarWinds Hack
Issue: Zero-Day Security and Potential Implications for US National Security
Paper Title: The SolarWinds Hack: Securing the Future
The implication for US National Security includes foreign actors ability to disrupt essential infrastructure assets within the United States. These assets include oil and gas pipelines, electrical grids, and the defense sector. Foreign actors can misuse personal data through malware, spyware, and other advances, resulting in extortion and ransomware. These implications are both tangible and intangible. Tangible elements include interruptions of infrastructure (e.g., communication, food distribution, power grids, and transportation), industry (e.g., aerospace, bio-medical, healthcare, and waste management), and utilities (e.g., gas, electric, sewage, and water) within the nation. Intangible implications include the erosion of consumer confidence in everything from online retail to election integrity.
Background
The SolarWinds hack was major because it affected thousands of organizations, including the United States government[footnoteRef:1]. SolarWinds is a software company based in Tulsa, Oklahoma, that offers system management tools for infrastructure and network monitoring. One of the companys performance monitoring systems is called Orion. Orion had privileged access to IT systems obtaining their system logs and performance data. The privileged position held by Orion and its deployment across the network made it an attractive target for hackers[footnoteRef:2]. Using the Orion system, hackers managed to gain access to thousands of SolarWinds customers systems, networks, and data. The attack is one of the largest of its kind ever recorded. Over 30,000 private and public organizations use the Orion network management system to manage their IT resources. The public organizations include local, state, and federal agencies. [1: Datta, P. (2021). Hannibal at the gates: Cyberwarfare & the Solarwinds sunburst hack. Journal of Information Technology Teaching Cases, 2043886921993126. ] [2: FireEye. (2020). Highly evasive attacker leverages SolarWinds supply chain to compromise multiple global victims with SUNBURST backdoor. ]
How the Attack Took Place
The attack took place at the beginning of 2020, but it was not discovered till almost the end of 2020[footnoteRef:3]. The attackers were patient, and they seemed to target multiple entities by the nature of the attack they launched. SolarWinds Orion had advised its customers to exclude the software from anti-virus and End-Point Detection and Response monitoring. Due to the exclusion, the attackers managed to access the network and data of its victims without detection since their attack relied upon and behaved like an Orion system. There were multiple lines of access, control, and communication launched by the attackers from the Orion monitoring system. [3: Datta, P. (2021). Hannibal at the gates: Cyberwarfare & the Solarwinds sunburst hack. Journal of Information Technology Teaching Cases, 2043886921993126. ]
The hack might have been originated from a GitHub misconfiguration error[footnoteRef:4]. Server credentials were released in a public repository, which set the stage for the attack. Once the hackers had the credentials, they managed to add their malicious code to the Orion software code and waited for SolarWinds to push the update to its customers. The attackers created a digital signature and certification similar to the one used by Orion to mask their Trojan malware. The hackers relied on waiting before initiating the attack. After the code was installed on the victims computer, it stayed dormant for two weeks before it began scanning the environment to establish there were no monitoring systems for malware[footnoteRef:5]. Once it is established the coast is clear, the malware makes the initial connection to the remote server masking itself as genuine network traffic. The malware was hiding in plain sight, and no one recognized or flagged the traffic originating from the malware. The code allowed the hackers to open more backdoors and gain access...
…making it easy for hackers to launch their attack. Other organizations could have ignored the case for Fireeye discovering the SolarWinds hack as a false positive. However, the organization decided to investigate why there is an alert for an employee registering a new phone and the employee in question does not have a new phone. Their investigation uncovered the hack resulting in its reporting to SolarWinds for action. Such should be the case for government agencies. Any false positive detected should be investigated to confirm it is a genuine false positive[footnoteRef:15]. Even the National Security Agency did not manage to detect the attack, which indicates the prioritization placed on software from third-party companies. All software should be tested and investigated for at least one month before being deployed across the organization[footnoteRef:16]. Security patches and software updates should undergo the same testing to ensure they do not contain any malicious code. Process reengineering should take place where code repositories are investigated, and vulnerabilities reported[footnoteRef:17]. Another recommendation is to look at software from the mindset of the attacker. The invade and evade strategy worked for the Sunburst attack because no one was looking for such an attack. Most tests check when the software is delivered or when patches are released. Exploiting the waiting game, the attackers managed to bypass even the most sophisticated and advanced detection systems. Therefore, without a game change, hackers will continue gaining access to sensitive systems, and we will be playing catch up trying to fix the existing vulnerabilities instead of preventing future attacks. [15: Shlapentokh-Rothman, M., Kelly, J., Baral, A., Hemberg, E., & O'Reilly, U.-M. (2021). Coevolutionary modeling of cyber attack patterns and mitigations using public datasets. Proceedings of the Genetic and Evolutionary Computation Conference, ] [16: FireEye. (2020). Highly evasive attacker leverages SolarWinds supply chain to compromis…
References
Datta, P. (2021). Hannibal at the gates: Cyberwarfare & the Solarwinds sunburst hack. Journal of Information Technology Teaching Cases, 2043886921993126.
FireEye. (2020). Highly evasive attacker leverages SolarWinds supply chain to compromise multiple global victims with SUNBURST backdoor.
Mar, S. (2021). THE AFTERMATH OF SOLARWINDS. The Internal Auditor, 18-18.
Massacci, F., Jaeger, T., & Peisert, S. (2021). SolarWinds and the Challenges of Patching: Can We Ever Stop Dancing With the Devil? IEEE Security & Privacy, 19(02), 14-19.
Shlapentokh-Rothman, M., Kelly, J., Baral, A., Hemberg, E., & O'Reilly, U.-M. (2021). Coevolutionary modeling of cyber attack patterns and mitigations using public datasets. Proceedings of the Genetic and Evolutionary Computation Conference,Wolff, E. D., GroWlEy, K. M., & GruDEn, M. G. (2021). Navigating the SolarWinds Supply Chain Attack.
The other components of DNI office operate under the guidance of heads of independent departments. The apparent organizational chart of DNI office is grounded on a middle link between confederated model and the intelligence department with line managers over different functions. This services resources with and not daily guidelines of the subordinate structures. This design was introduced by the 2004 Act that formed the office of DNI (United States,
National Security Implications of Transnational Organized Crime The paper deals with three important aspects, one the National Security, second the crime -- organized in many ways, and the third rogue nations that pose a threat. National security is to be understood in multiple contexts. Firstly the physical security of the nation from alien threats, and intrusions, secondly damages to vital infrastructure and thirdly anti-national activities by organizations that may lead to
National Security Council or NSC was created and established by the National Security Act of 1947 (The White House 2006). Later, it incorporated the National Security Act Amendments of 1949 and placed in the Executive Office of the President as part of the Reorganization Plan in the same year. Its chairman is the President and its regular attendees are the Vice President, the Secretary of State, the Secretary of the
This demonstrates that the state of heightened awareness can lead to quick decisions that are not necessarily misguided even if they ultimately turn out to be somewhat laughable and wholly necessary. 4) Values The Boston Police Department's value of neighborhood policing is strongly related to SLU's value of community, as the concept of both is that there is greater strength in the community as a whole through the more active involvement
National Security Policies Concerning the President In this post-911 world, the President of the United States has more concerns than ever regarding national security. Not only are we at war with terrorists, but recent events have shown this to be a much more dangerous world than was previously thought. In this paper we will address the two major national security issues on which the President should be focused. The first policy the
Therefore, in the context of contemporary threats, forward defence is not an oxymoron but an absolute necessity. Military Security, Australian Defence Policy, and the War on Terror: At the simplest level, the participation of ADF in the ongoing wars in Iraq and Afghanistan has increased the risk of terrorism against Australian military forces and civilian targets. On a more complex level, the Commonwealth's participation in the global war on terror is
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now