SolarWinds the most significant Cybert Attack in History

The year was 2020, and the target was the U.S. Where the most proficient cyber attack allowed criminals access to massive amounts of information from the U.S. and private organizations.

The attack was recognized by FireEye, a cyber security company that provides service to many companies, including the U.S. The main target was the U.S. government to obtain secret information from their intelligence.

FireEye realized that criminals gained access to their system using the Solarwind build platform system to spread their malicious code into multiple companies' networks and system environments. FireEye identified the malware in a customer system infected by a SolarWinds update labeled "UNC2452". This malware was intentioned deployed to open backdoor access to gain entry to its system through SolarWinds as "Sunburst" by using a method called supply chain attack. For instance, emails from DHS — the Department of Homeland Security were observed by hackers.

The hackers found a way to gain access to the system using the SolarWinds Orion network monitoring component, which many companies use. At that time, SolarWinds claimed to have more than 300.000 clients. Thus, it could be the potential number of targets for this attack. This attack took a long time to be revealed, giving access to sensitive information for about 14 months or more, reported later in December 2020. And it remained undetected for a long time because the piece of code existed only in their production environment.

After several months of running and installing compromised updates and being spread undetected. Estimates showed the attack would cost organizations worldwide around U$100 billion. For example, SolarWinds reported their costs for recovery costs to the company at U$ 40 million. The remediation for the attack would be prevented by configuring their firewalls to block outbound connections from the servers running SolarWinds.

References

Brown, T. (2022, May 31). SUNBURST From The Inside — Tim Brown, CISO of SolarWinds. YouTube. Retrieved September 17, 2022, from https://www.youtube.com/watch?v=6gQ5oAWHMoU

Shakarian, P. (2021, January 4). The Sunburst Hack Was Massive and Devastating — 5 Observations from a Cybersecurity Expert. Government Technology. Retrieved September 17, 2022, from https://www.govtech.com/security/the-sunburst-hack-was-massive-and-devastating--5-observations-from-a-cybersecurity-expert.html

SolarWinds Backdoor (Sunburst) Incident Response Playbook. (2020, December 17). TrustedSec. Retrieved September 17, 2022, from https://www.trustedsec.com/blog/solarwinds-backdoor-sunburst-incident-response-playbook/

Tidy, J. (2020, December 16). SolarWinds: Why the Sunburst hack is so serious. BBC. Retrieved September 17, 2022, from https://www.bbc.com/news/technology-55321643