An article about the FireEye hack in de Volkskrant re-terrified me about cybercrime/cyberwarfare. I say re-terrified, because I was already aware, but keep being surprised by the increase in frequency and scale, as well as the sophistication of cyberattacks over the past few years.
Specialists investigating the FireEye hack have come to the conclusion that Russian hackers have had access for many months to, among many others, the US department of Homeland Security, the US department of Finance and the US department of Trade.
Over here in the Netherlands, our national cyber security task force (NCSC) believes that this will surely also affect our country, and has issued the highest alert level warning to our government.
Not too long ago, FireEye, a large US cyber security company discovered that they themselves had become the victim of a hack.
FireEye discovered that the hackers had gained entry through so called supply-chain attack: Infect a product that is used as part of larger system in many computer networks.
The product in question, Orion, is made by SolarWinds, a US company which is used by many countries' government departments, and by many large companies around the world.
The malware responsible was injected into the parent systems' networks through SolarWind software updates.
The infection is intricate enough to allow complete and full access to the parent systems, from running unknown code to having access to sensitive data. For example, at the US departments of Finance and Trade, the attackers had complete access to all e-mails.
Frank Groenewegen, partner Cyber Risk at Deloitte, tells the Volkskrant that the impact can be huge for the Netherlands as well.
"Solar Winds has 300000 customers worldwide, just to name a few: Siemens, ING bank, and many government departments, from state to city level.
About 18000 of those customers are believed to be at risk.
"You can count on it that many Dutch organisations are amongst those 18000", says Groenewegen.
Groenewegen says it will be interesting to see how SolarWinds and other companies are going to map out exactly who are at risk.
"Which party has that specific version of SolarWinds? What role does it play in the chain? Is that party actively investigating the matter?"
These are all questions he would like to see answered.
Also relevant is, what will the NCSC,(which is in charge of national digital security) do to get companies to acknowledge the problem, and update their systems to minimize further damages?
Yesterday, the NCSC gave out advice to our government in which both risk and impact are rated high/high.
'Through as of yet unknown means, between march 2020 and july 2020, a version of Orion was distributed that is now known to carry a Trojan [...] Infrastructures compromised by this Trojan are under full control of malicious parties, who are capable of executing any random code, or accessing sensitive information.'
Critics blame the NCSC for being very bad at sharing information. The NCSC only warns organisations that are specifically labelled vital for society, a select small group of Dutch organisations.
Large companies, medium companies, but also city-level government organisations are not part of this select group.
Yet, non-vital ICT-suppliers are at risk to, and they do supply services to the vital parties.
What complicates matters is that is not possible like it is with leaks in VPN services or Citrix, to scan the internet in order to find out who are vulnerable.
It comes down to individual system administrators's alertness to pick up on the warning issued by the NCSC and see if action needs to be taken.
Groenewegen: "with previous hacks, we saw that for many companies, it took months for them to even realize they were vulnerable. And then there's companies that haven't even got the faintest clue what the name is of the software they are using, those will never respond or investigate if not actively approached and warned".
I think it's terrifying to ponder the many possibilities of societal disruption and death an multiple-system takeover of this scale can bring about, especially if you realize how completely unprepared most targets are.
Author
Topic: Things that made you absolutely terrified today (Read 2022000 times)