Massive US Government Hack Caused by Nation-State Hackers & Third-Party Security Risk
US Government Hack is a Cautionary Tale of Nation-State Hacking, Third-Party Risk and Phishing
The US federal government was sent reeling by a massive cybersecurity incident that sounds like it came out of a spy novel. Suspected Russian nation-state actors were not only able to hack into critical systems at a laundry list of federal agencies, they were able to hang out in them for months, conducting a massive espionage operation – and US officials were none the wiser. This tale of a US government hack featuring third-party security risk, nation-state hacking, phishing, and cybercrime should serve as a caution for every organization.
Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>
Third-Party Vendors Bring Risk
The unraveling of this cybersecurity disaster began with cybersecurity penetration testing and development heavyweight FireEye announcing that it had been breached by suspected Russia-backed nation-state hackers. The company disclosed that hackers had snatched it’s fabled Red Team tools, used to test and monitor the safety of some of the world’s most critical data. FireEye also noted in a blog post that this was an extremely uncommon type of attack, seemingly specially designed just for that purpose and using technology that had never been seen before.
The next round of revelations would turn those rumbles into an earthquake. Multiple US federal agencies began discovering that they too had experienced security breaches that could be traced to Russia-backed hackers, likely GRU operatives and cybercriminals from the notorious Cozy Bear group. All of these agencies had a common denominator that tied them together: they used security tools created by Austin-based software developer SolarWinds.
Then SolarWinds announced that it too had been breached by suspected Russian nation-state hackers. Bad actors obtained legitimate credentials allowing them to access systems undetected, likely through a variety of phishing. They then slipped snippets of malware code into a routine update to the company’s Orion software, commonly used for monitoring by government agencies, Fortune 500 companies, and other heavyweight organizations with intense security needs.
Ready to make some money? See why over 3,000 MSPs in 30+ countries have chosen ID Agent as their partner in prosperity – typically seeing ROI in 30 days! LEARN MORE >>
You See Mundane Tasks, But Bad Actors See Opportunity
Patching or updating and maintenance are routine tasks performed by IT teams every day. It’s not really something that gets a great deal of attention – making it the perfect way for these crafty hackers to get inside important organizations without raising suspicion. While patches aren’t automatic and undergo reviews to ensure that functionality is maintained, no one looks twice at the security implications of a patch from a trusted vendor like SolarWinds -and that opens companies up to supply chain risk.
But in a banner year for cybercrime, this one was anything but routine: it was laced with malware that allowed the hackers to open back doors into the systems of those who applied the patch. SolarWinds advised customers as part of an SEC filing that Orion app versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, were tainted with malware. Of the company’s 300,000 customers worldwide, they estimate that 15,000 have been impacted. CISA has released updated guidance on this issue.
Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>
The Impact Strikes Far and Wide
That list includes many major organizations, including multiple US federal government agencies and administrative operations, as well as national defense targets including:
- The US Department of Homeland Security
- The US Department of State
- The National Institutes of Health
- The US Department of Commerce
- The US Department of the Treasury
As organizations began to assess the damage from the incident, it was noted that these attacks had been carried out with great subtlety. Bad actors had been quietly exploring email accounts, copying data, reviewing records, and accessing other sensitive information and US federal agencies for months. It’s not yet clear what the full scope of the damage is or how intense the recovery may be.
In addition to US government targets, major entities including non-US government agencies, power companies, manufacturers, and defense contractors could be at risk of incursion, or may already have hackers using these techniques floating around inside their systems. The hackers involved made a habit of obtaining legitimate credentials to access systems and data whenever possible and quickly created and deleted files to reduce their digital footprint, making them harder to catch,
The fallout from this mess will reverberate throughout the cybersecurity landscape for many months, if not years, to come. One important takeaway from this incident can help businesses avoid similar pitfalls in the future: it’s time to take the risk of unanticipated disasters from third-party compromise seriously. No company can afford to just hope that their vendors and partners are taking security as seriously as they do.
Did you catch all of the growth-focused MSP tips at MSP Growthfest? Listen to the recording now to be sure. LISTEN NOW>>
Get Stronger Locks to Keep Cybercriminals Out
The first line of defense for every company is secure identity and access management. The hackers in these incidents were careful to use official credentials whenever possible, most likely gained through password cracking and phishing. Adding a secure identity and access management solution like Passly to your security stack is a must-have.
Passly provides protection against hacking in three essential ways that help keep your systems and data safe. SEE A VIDEO DEMO NOW>>
- Multifactor Authentication – Take the bite out of a stolen, phished, or cracked password by requiring a second identifier for that user to gain access to systems and data. {assly offers multiple options for token or identifier code delivery to fit every organization’s needs
- Single Sign-On LaunchPads – One great benefit of single sign-on is LaunchPads is that it makes it easy for IT teams to quarantine and remove access from compromised accounts in a flash, preventing them from doing more damage.
- Secure Shared Password Vaults – Keep your company’s most valuable passwords for critical systems and data in a central location with special security protection. Not only does this make it easy for IT teams to get to important passwords quickly in an emergency incident, but it also throws up additional roadblocks between highly privileged credentials and hackers.
Contact ID Agent today to see how Passly can protect your business. Don’t wait to put simple, affordable, protection in place that keeps cybercriminals out. Password security is a business essential, but it’s also a tremendous tangle of tools, solutions, and conflicting priorities. Passly makes it easy for you to make sure that the right people in your business have access to the right things – and only the right people.