By now you have probably seen all of the stories and opinions by many as to what happened, how, why and who did the hacking of Solarwinds. If you want to catch up, check out the Wired Round Up https://www.wired.com/story/russia-solarwinds-hack-roundup/
Basically, it seems like Russia pulled off the biggest hack on the planet (to date). A sign of things to come as cyber attacks continue to escalate. Beyond the obvious that the hackers got into many Government departments and thousands of major corporations, the most disturbing fact is that they used a supply chain tool (Solarwinds) to gain entry.
This is the worst fear and worst case scenario because breaking in through any supply chain tool means access to everyone using that tool to protect their business. This is not the first time that this has happened and it clearly demonstrates that there is no barrier that state hackers cannot penetrate.
Worst, it seems like this breach happened many months ago and if it was not for some automated system message, it may have gone undetected for a lot longer. Yikes!
No one is safe is the big take away.
No doubt all of the security experts are currently on high alert figuring out how to mediate this crisis and are busy triple checking everything else. Honestly, I have no clue how this will end or how it will escalate.
After talking with my community of cyber security experts on this topic, I can tell you that the fear is real and the unknown is blowing this up beyond everyone’s worst case scenario!
What the pandemic is to 2020, this breach is to the Cyber Security world. The only difference is that the probability of such a hack was actually known. Even so, it stunned the community.
The world is dealing with a Pandemic that is killing too many people every day. We just got some hope with a vaccine. The infections rates are increasing with a new strain of the virus that is easier to transmit. While we deal with all this, hacking is still going on, with bigger breaches than ever?
There is a story about how the British, French and German soldiers made a truce during the war in 1914 on Christmas Day. They put down their weapons and crossed the trenches to meet, talk and exchange food. This was frowned upon by the leaders, but the troops decided that maybe a little break was needed to live and let live. Even if was just for a day.
Can we all just have a truce for at least until the world gets the pandemic under control?
I guess not! This means that there will never be a time for every channel partner and vendor to let their guard down in the security business!
This is yet another big wake up call to all channel partners to check those digital locks on your gates again as this is YOUR worst nightmare. When the tools that you use to manage your customers’ IT infrastructure get compromised, then you have become the weakest link.
What happens when these latest supply-chain hacker skills trickle down to the wider hacker community? Will we have a tsunami of hacking attacks?
Before you put all of the blame on Solarwinds, you may want to consider that they were just the first big supply player to go down to this degree. This is a taste of what is most likely to come for other supply chain vendors. Yes, Solarwinds will take a big hit for this, but others may follow.
How does anyone know if other supply chain vendors are not already breached?
Another disturbing piece of information that’s being reported is the sell off of over $280 million in shares by two of Solarwinds biggest investors just days before the breach was announced. We will see what the investigation uncovers, but what does it say when investors may have done this? I hope there is an innocent explanation of coincidence, but I am afraid it may just be best explained by Occam’s razor.
For all of the brain power and resources that hackers possess, I have to believe (hope) that the cyber counter intelligence folks are at least equal. This cyber chess game will go on and on for a long time so the good guys will need to come up with some new moves. The Russians have made their move, now it’s your turn.