The DigitalBank Vault
Adam Adler: Russians outsmarted DHS cyberattack detection program in hack
Adam Adler (Miami, Florida): www.DigitalBankVault.com .The March 2020 attack by Russian cyber soldiers using advanced malware that was delivered indiscriminately to 18,000 private and U.S. government computer networks via a software security update – including the agency that protects and transports the U.S. nuclear arsenal – is being called the largest, most sophisticated software hack ever by the president of tech giant Microsoft.
The attack was hidden deep inside an update for SolarWinds Orion, a piece of advanced information technology software used by organizations worldwide to connect, manage and monitor their computer networks. To date, no one is sure how the hackers got into SolarWinds, or if it is the only vector of attack. By the time Smith learned of the breach at Microsoft last November, the intruder had already gained access to the source code for some Microsoft products. "I think from a software engineering perspective, it's probably fair to say that this is the largest and most sophisticated attack the world has ever seen," Smith tells Whitaker.
"One of the really disconcerting aspects of this attack was the widespread and indiscriminate nature of it. What this attacker did was identify network management software from a company called SolarWinds. They installed malware into an update for a SolarWinds product. When that update went out to 18,000 organizations around the world, so did this malware," says the Microsoft president.
The attack, attributed by the U.S. government to Russia, was detected by FireEye, a cyber security firm that unravelled the mystery and alerted the world, after losing some of its own proprietary data. But detection doesn't mean the attack is over. "It's still ongoing," says Jon Miller, the CEO of Boldend, a company that designs and sells "next generation" cyber weapons to the department of defense and U.S. intelligence agencies. "New companies are getting breached. We'll see new companies breached today that weren't breached this morning. Where it's different in a lot of ways is normally when you catch someone in the act, they stop. That's not the case with this breach," says Miller. How did Microsoft miss this? "I think that when you look at the sophistication of this attacker, there's an asymmetric advantage for somebody playing offense," Smith says. And the attackers had huge resources he says. "When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000."