The current case of SolarWinds shows the targeted and long-planned deception techniques used by hackers.
This is a so-called “supply-chain compromise”, in which a targeted attack on SolarWinds provided its software with a backdoor. This software was downloaded by thousands of customers and thus the attackers had access to the productive systems of these SolarWinds customers via the backdoor. Russian hackers are suspected to be behind this attack.
The attack on SolarWinds took place from March to May 2020 and it can be assumed that the attackers were able to exploit this backdoor for their own purposes from June to December 2020 and most likely installed other accesses and no longer needed this SolarWinds backdoor.
This attack has also affected Microsoft and due to its worldwide significance, Microsoft SVP Brad Smith has made three demands in a recent blog post:
First, we need to take a major step forward in the sharing and analysis of threat intelligence.
Second, we need to strengthen international rules to put reckless nation-state behaviour out of bounds and ensure that domestic laws thwart the rise of the cyberattack ecosystem
Finally, we need stronger steps to hold nation-states accountable for cyberattacks
In a Reuters article, Jason Healey, a cyber-conflict researcher at Columbia University and former White House security adviser in the George W. Bush administration, put it succinctly:
“The attacker has the advantage over the defenders. For decades, money, patents and effort have done nothing to change this, and now we learn through the SolarWinds hack that if anything, the defenders are falling further behind. The top priority must be to reverse this so that defenders have it easier.”
IT-Security leaders around the world are currently asking themselves the following questions:
I also have SolarWinds products in use, what can I do to find out everything the attackers have done in my system? How long were they in my systems?
I don’t use SolarWinds products, but this can also happen with products from other software vendors that I use. How do I find out?
What cybersecurity products can I use to turn the attackers’ advantage around to quickly detect these targeted attacks?
In order to turn around this advantage that the attackers currently have, one must also resort to deception techniques. Deception solutions, such as those from CYBERTRAP, are currently the only ones in the large spectrum of cybersecurity software solutions that offer this possibility. Therefore, every IT-Security manager should deal with this topic and include deception technology in his/her security strategy as an indispensable component.
As we have seen with the SolarWinds hack, the question “Why should I be attacked?” no longer arises. It can happen to anyone and for a variety of reasons. In a digitalised world where companies and authorities are digitally connected and conduct digital transactions, there is a huge “playing field” for such targeted attacks. Let’s help together so that we can finally move from a reactive to a proactive defense against targeted attacks.
About the author
Recommended reading: What is Deception Technology?