- The sweeping SolarWinds cybersecurity hack hit thousands of businesses, which now must assess the damage.
- Incident response experts are advising banks, hospitals, and other businesses evaluating the intrusion into their networks.
- Many don't know where to begin, because the sheer scale of the sweeping attacks have been unfolding day by day, one report at a time.
- 'The big banks are all quiet. They want to know what the others are saying,' says a consultant about the worried financial sector.
- Visit Business Insider's homepage for more stories.
Around the world right now, businesses, government agencies, non-profit organizations, healthcare facilities, and financial institutions are asking their IT teams the same hesitant question: Were we hit by the SolarWinds breach?
For thousands of enterprises, the answer is yes. The company said earlier this week that up to 18,000 companies could have been exposed to the highly sophisticated malware planted in its ubiquitous IT-management software. Among those, the US departments of Treasury, Commerce, and Energy have been hit, as well as tech titans Microsoft and FireEye. SolarWinds said its customer base included 425 of the Fortune 500.
Some businesses aren't waiting for clarity. Mike Ortlieb, a director in the cybersecurity incident response company Protiviti's Technology's consulting group, says one chief information security officer "took down all their servers, took out all the SolarWinds software, and did a complete rebuild. He looked at me and was like, 'Did I overreact?'"
"I said, 'You may be the smartest person in the world.'"
"Everybody's spooked," says Kall Loper, also a director in Protiviti's Technology's consulting group. "They all know from the media that something big is going on. Boards are asking executives and IT, 'what are we doing?'"
Loper says his firm is hearing from financial services and capital management enterprises who want consultants to gauge the scope of the attacks in their industry.
"I would say finance is cautiously concerned. What they're really worried about is the secure financial networks" that carry private messages between institutions, he said. "The big banks are all quiet. They want to know what the others are saying."
"A lot of healthcare organizations were just dealing with a huge surge of ransomware, and now they're worried again," Ortlieb says.
Being affected by the SolarWinds breach doesn't necessarily mean your data was taken
But being touched by the malware and having apparent nation-state hackers tear into your networks are very different things.
Experts tell Business Insider that while thousands of systems were potentially made vulnerable by the subverted SolarWinds software, the attackers have been strategic about actually taking advantage of the backdoors they've made.
Stealing data from every single company, they say, would leave an unmistakable trail, so it behooves those hackers to pick their targets carefully.
"The attackers were going after very high-value targets," says Mike Hamilton, the former chief information security officer for Seattle who now holds that role for the incident-response firm CI Security. Many businesses were "collateral damage" swept up with the thousands of other SolarWinds users.
But SolarWinds customers aren't entirely off the hook
But that doesn't mean that SolarWinds customers are entirely off the hook.
The intelligence operation is over, and government agencies are digging out espionage malware – but the hacking could just be beginning for businesses, Hamilton says.
"We don't know what's coming yet. The espionage value has been exhausted. The hackers may be about to hand everything over to organized crime in Russia. This could possibly be followed by a wave of ransomware," the seizure of data and networks by cybercriminals demanding payment.
We don't know the scope of the attacks, but they are being publicly followed as any cybersecurity event since the 2016 elections, experts say.
In a 24-hour digital news cycle, the SolarWinds attack has received unprecedented attention in real-time, alarming boards and executives, but also explaining the unfolding forensics trail.
"One of the elements of this attack that makes it unique is that the scale and scope keeps expanding and thanks to its publicity, most professionals, on all levels, have an understanding that the impact is still being realized," says Frank Downs, a former NSA analyst and now director of incident response at the firm BlueVoyant.
Source: Read Full Article