Not a day goes by that we don’t learn new information about the SolarWinds hack. The list of affected companies keeps growing. There are also SolarWinds customers in Europe who are affected. This is not just an American problem.
What we have learned is that the attackers took advantage of SolarWinds’ software build process. The attack was so sophisticated that this deception was not detected. More technical details can be found here.
The exact number of companies affected is not known, but all these companies are currently in the process of tracking down what else happened with an extremely large amount of manpower. This will certainly continue for a few months and even then one cannot be sure whether everything has been traced and the attackers have been completely removed from the network.
There has to be a change in thinking. If you already use deception technologies to counter this from the beginning, you have the opportunity to detect even such highly efficient attacks early on. And this already the first step of this “supply chain” attack, namely at the supplier. Then it would not have come to the delivery of this product with a built-in backdoor. But even if this had happened anyway, it would not have taken another 10 months to discover this backdoor. With the help of Deception technology, this would have been done within 1-2 days and the immense expenses for forensics that you have now would not have been incurred. Not to speak of the time of the employees involved, who have to be assigned to this, which is missing in daily operations and creates new security problems.
Furthermore, with high-interactive deception, one could also determine what the attackers are actually looking for and, in some cases, who is behind it.
More attention is needed here and also the realisation that you have to take charge again. Focusing now on how to better check software that is being updated before it is installed is good, but it does not solve the real problem, because by then the attackers already know how to bypass these checks.
Cybersecurity professionals therefore rely more and more on the deception topics from the MITRE ATT&CK Framework and MITRE Shield publications.
Recommended reading: How to use MITRE ATT&CK® for Deception Stories
About the author
