What the SolarWinds Attack Means for the Future of Cybersecurity

Why was the SolarWinds attack such a problem?

According to a report by the U.S. Security and Exchange Commission (SEC) the SolarWinds corporation, a tech company that produces a network management system called Orion, acknowledged that between March and June 2020 nearly 18,000 customers downloaded, implemented, or updated an Orion product that housed harmful malware. This malware was highly sophisticated, very hard to detect on the servers it infected, and could effectively operate in the background without notice while gaining access to secure information. While the specific targets of the attack are unclear, over 200 organizations have been confirmed as hacked, and among those suspected are the U.S. Treasury Department, other government agencies, as well as prominent U.S. corporations and cybersecurity firms. The attack may have lasted for as many as nine months, giving the hackers a seemingly perfect opportunity to gain access to whatever they were looking for.

What’s more troubling is that the nature of the attack appeared to be for espionage purposes. According to Chairman of the Senate Intelligence Committee, Marco Rubio, it was “clear that Russian intelligence conducted the gravest cyber intrusion in our history.”

This attack wasn’t just a cash grab, but a legitimate threat to national security. After learning of the attack, the U.S. Department of Homeland Security ordered all federal agencies to disconnect any device with SolarWinds’ products. Unfortunately, like a fire department extinguishing the embers of a burned down building, this measure probably came after the serious damage was already done.

This highly coordinated, advanced, state-sponsored attack will have lasting repercussions in the cybersecurity world. With cybercrime and likewise cybersecurity rapidly changing, here is what’s coming in 2021 and beyond, and why choosing cloud services who use state-of-the-art hardware and software is the best way to protect your organization.

Expect more coordinated, highly organized attacks by nation-states

As traditional warfare between superpowers has become largely non-existent, “cyberwar” may continue to rise in prominence. If nation-states can effectively use cyberwar to not only gain state secrets, but to also gain global leverage in negotiations , business transactions, and trade, then nations without the same resources and global influence as western democracies will use cyber intrusion to advance their national agendas. What’s even more concerning is that nations around the world are outsourcing cyberwar to mercenary private firms, called private sector offensive actors. Whether they’re funded by the government or privately, these firms are implicitly supported by nation-states who allow them to operate freely in their country without reprisal in order to carry out international attacks. This latest attack could be among the beginning of what some are calling a “digital cold war. Despite the international backlash, attacks like this are notoriously hard to pinpoint and even more difficult to directly attribute to nation-state actors. CPA firms are not expected to be part of the global espionage target, but Cetrom is taking all necessary steps and precautions to protect our clients from any and all cyberthreats – whether they’re from nation-state actors or individuals.

Supply chain and other unconventional attacks may become more common

Like raiders disrupting and stealing an army’s food during wartime, hackers attack software supply chains to infiltrate their real goal. The hackers compromised SolarWinds’ Orion product not because they necessarily wanted Orion or the individual people who used it, but because it was a way into systems and organizations they truly coveted. Supply chain attacks have been relatively uncommon, which is good because they are hard to defend against. Software supply chains are complex with many different points of vulnerability. We should expect the next attack, even if not on a supply chain, to be ingenious, creative, and supported with resources and manpower at the governmental level. This is why Cetrom stays 100% focused on CPA firms in order to be the best at understanding and preventing attacks that would specifically target CPA firms. At Cetrom we have a senior level support team staffed with level 3 engineers that are available 24/7/365 to solve any technical problem and react immediately to security threats like a supply chain attack.

How are these threats being combatted at a national level?

To ward off widespread, coordinated attacks like the one Russian hackers used against SolarWinds, there is more incentive for the potential victims to collaborate. Western, wealthy democratic governments like those in the European Union and the United States along with their private tech firms will be pushed to share information, technology, and resources. Part of this collaboration will probably focus on joint counter-espionage projects to take down entire networks of hackers. Another aspect will be technology development to stay one step ahead in the cyberwar.

There will also likely be a push for stronger international laws, similar to those that govern warfare like the Geneva Convention, along with strengthening the United Nations’ Cybersecurity initiative. It’s not outside the realm of possibility to see global pressure for nation-states to cooperate with United Nations cybersecurity investigators similar to the expectations of cooperation for UN weapons of mass destruction investigators. Some corporations and governments have pushed to make supply chain attacks that don’t target just an individual or an organization but thousands at once, an international crime. Regardless of what happens nationally, there are real, effective steps you can take to protect your organization and your clients.

What’s the best way to protect my organization and clients?

Unfortunately, these attacks are only going to get more sophisticated. Now is the time to maximize your team’s security posture. If you haven’t already, we highly recommend you take the following critical steps to help protect your team and your data.

• Install AI AV Products - Standard Antivirus isn't good enough anymore. AI learns user's habits and daily activities so that it can identify when an anomaly may be present within a user's environment.
• Patch all Machines – Make sure you run all windows updates to ensure your devices are fully patched with the latest security updates.
• Lock Down Local Admin Rights - If you have local admin rights on any workstations, where you can install programs on your local computer, this should be changed immediately. With admin rights you are more vulnerable to your corporate network, not just your individual workstation. If you have all the keys to the network and get hacked, the attacker now has all your keys. Keep in mind, this applies to all computers - both home and work.
• Review your Disaster Recovery Plan – Facilitate frequent disaster recovery drills with your team to ensure everyone is prepared should an unexpected outage occur. Make sure you have your DR plan printed and stored off the network. Include all your important contacts and company information, should you lose temporary access to your data.

Security firms will need to stay vigilant and do whatever is necessary to protect their clients. Cybersecurity firms will need to commit more fully to advanced hardware and software along with capable engineers and security professionals. As an example, at Cetrom our cloud services are among the best and most secure options because of our multi-layered enterprise level security systems. We understand that cyberattacks like those that targeted SolarWinds are getting smarter every day, so we make sure our clients are using a platform that is heavily invested in state-of-the-art hardware and software including advanced artificial intelligence (AI) security technology that runs non-stop.

At Cetrom, we believe strongly in our team of highly skilled engineers who not only select and develop the most cutting-edge security systems, but who are also trained to identify and help prevent the spread of a potentially malicious threat. One of the best precautions you can take is for a cloud service provider like Cetrom to train your CPA firm on cybersecurity best practices for CPA organizations. The reality is that with the advanced security platform that Cetrom runs, errors by CPA staff are often the most vulnerable aspect of the system.

Cetrom is bracing for more supply chain attacks and our security experts are working to protect our clients from any similar type of attack. The best cybersecurity firms will also continue to innovate by continuing to improve their technology and potentially using more artificial intelligence software. At Cetrom we already use AI software along with triple layer backup protection. Considering the SolarWinds attack, our team continues to invest in the most advanced products and best human talent to ensure we can continue to offer premier protection for organizations in the CPA industry.