It has been proven that nowadays, one of the mega threats that our society possesses is espionage due to competition. The advanced technologies and digitization of records exhibit that the cyber-espionage has been used to keep an eye on users, clients, and competitors. Different tools and techniques are used for cyber-espionage performed by hackers. One of the major incidents reported in 2020 was cyberespionage prevailing through SolarWinds, which almost affected 18000 of its customers worldwide, including many top-secret organizations like the pentagon.
In March 2020 during the initial days of the pandemic when most of the organization employees were working from home, the users of Orin software powered by SolarWinds were notified of an update, but that update was a malicious update, and unfortunately, none of them was aware of that. As the software was developed by a well reputable cybersecurity firm, around 18000 people worldwide updated their system, but that update was injected with a malicious script that resulted in a vulnerability known as “SUNBURST”.
The Target
Orin is a server management software of SolarWinds used by many large organizations. The malware target was the U.S government because many departments of the U.S government are using Orin software such as treasury and commerce departments, Homeland Security, Pentagon, FBI, and CIA. The malware was working in stealth mode and give remote access to the developers of malware. The cyberespionage attack was successful because attacks were able to be in dark mode until nine months and undetectable.
The Attack
The certificate signing authority server of SolarWinds was compromised and a malicious script injected in a software update was authenticated for installing this malicious update. Update installed on systems automatically created a back door, resulting in gaining access for their attackers’ actors. The backdoor associated with the target was used to compromise the organizational infrastructure and data available on systems. The back door available in the targeted system was used for communication and data transmission between the targeted system and the attacker server.
The Protection
An organization can protect itself by creating its Intrusion detection systems without the support of 3rd party plugins or anomaly-based Intrusion detection systems that can be installed on organizational servers to detect any abnormal behaviour within the system and report it to the network administrator or take decision-based on its artificial intelligence.
Opinion
I have been working in cybersecurity. After performing an analysis of cyber-attacks and cyber espionage, I have found out that no organization on earth is safe to cyber-attacks. If a well reputable cyber-Security firm like FireEye and Solar winds can be compromised, any organization can. We must think about the mitigation of cyber-attack threats and create a plan that will be our standard procedure in case of cyber-attacks and data breaches. The right strategy for risk mitigation of cybersecurity attack is to assume an attack on the system and search for it and regularly perform security audits.
