Month: December 2020

SolarWinds Orion: The Biggest Hack of the Year

Federal agencies faced one of their worst nightmares this past week when they were informed of a massive compromise by foreign hackers within their network management software. An emergency directive from the Cybersecurity and Infrastructure Security Agency (CISA) instructed all agencies using SolarWinds products to review their networks and disconnect or power down the company’s Orion software. 

Orion has been used by the government for years and the software operates at the heart of some crucial federal systems. SolarWinds has been supplying agencies for some-time as well, developing tools to understand how their servers were operating, and later branching into network and infrastructure monitoring. Orion is the structure binding all of those things together. According to a preliminary search of the Federal Procurement Data System – Next Generation (FPDS-NG), at least 32 federal agencies bought SolarWinds Orion software since 2006.

Listed below are some of the agencies and departments within the government that contracts for SolarWinds Orion products have been awarded to. Even though all them bought SolarWinds Orion products, that doesn’t mean they were using them between March and June, when the vulnerability was introduced during updates. Agencies that have ongoing contracts for SolarWinds Orion products include the Army, DOE, FLETC, ICE, IRS, and VA. SolarWinds estimates that less than 18,000 users installed products with the vulnerability during that time.

  • Bureaus of Land Management, Ocean Energy Management, and Safety and Environmental Enforcement, as well as the National Park Service and Office of Policy, Budget, and Administration within the Department of the Interior
  • Air Force, Army, Defense Logistics Agency, Defense Threat Reduction Agency, and Navy within the Department of Defense
  • Department of Energy
  • Departmental Administration and Farm Service Agency within the U.S. Department of Agriculture
  • Federal Acquisition Service within the General Services Administration
  • FBI within the Department of Justice
  • Federal Highway Administration and Immediate Office of the Secretary within the Department of Transportation
  • Federal Law Enforcement Training Center, Transportation Security Administration, Immigration and Customs Enforcement, and Office of Procurement Operations within the Department of Homeland Security
  • Food and Drug Administration, National Institutes of Health, and Office of the Assistant Secretary for Administration within the Department of Health and Human Services
  • IRS and Office of the Comptroller of the Currency within the Department of the Treasury
  • NASA
  • National Oceanic and Atmospheric Administration within the Department of Commerce
  • National Science Foundation
  • Peace Corps
  • State Department
  • Department of Veterans Affairs

YOU CAN READ THE JOINT STATEMENT BY THE FEDERAL BUREAU OF INVESTIGATION (FBI), THE CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA), AND THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI) HERE.

How the Attack was Discovered

When Cyber security firm FireEye Inc. discovered that it was the victim of a malicious cyber-attack, the company’s investigators began trying to figure out exactly how attackers got past its secured defenses. They quickly found out,  they were not the only victims of the attack. Investigators uncovered a weakness in a product made by one of its software providers, SolarWinds Corp. After looking through 50,000 lines of source code, they were able to conclude there was a backdoor within SolarWinds. FireEye contacted SolarWinds and law enforcement immediately after the backdoor vulnerability was found.

Hackers, believed to be part of an elite Russian group, took advantage of the vulnerability to insert malware, which found its way into the systems of SolarWinds customers with software updates. So far, as many as 18,000 entities may have downloaded the malware. The hackers who attacked FireEye stole sensitive tools that the company uses to find vulnerabilities in clients’ computer networks. The investigation by FireEye discovered that the hack on itself was part of a global campaign by a highly complex attacker that also targeted government, consulting, technology, telecom and extractive entities in North America, Europe, Asia, and the Middle East.

The hackers that implemented the attack were sophisticated unlike any seen before. They took innovative steps to conceal their actions, operating from servers based in the same city as an employee they were pretending to be. The hackers were able to breach U.S. government entities by first attacking the SolarWinds IT provider. By compromising the software used by government entities and corporations to monitor their network, hackers were able to gain a position into their network and dig deeper all while appearing as legitimate traffic.

Read how Microsoft and US Cyber Command joined forces to stop a vicious malware attack earlier this year.

How Can the Attack Be Stopped?

Technology firms are stopping some of the hackers’ key infrastructure as the U.S. government works to control a hacking campaign that relies on software in technology from SolarWinds. FireEye is working with Microsoft and the domain registrar GoDaddy to take over one of the domains that attackers had used to send malicious code to its victims. The move is not a cure-all for stopping the cyber-attack, but it should help stem the surge of victims, which includes the departments of Treasury and Homeland Security.

 

According to FireEye, the seized domain, known as a “killswitch,” will affect new and previous infections of the malicious code coming from that particular domain. Depending on the IP address returned under certain conditions, the malware would terminate itself and prevent further execution. The “killswitch” will make it harder for the attackers to use the malware that they have already deployed. Although, FireEye warned that hackers still have other ways of keeping access to networks. With the sample of invasions FireEye has seen, the hacker moved quickly to establish additional persistent mechanisms to access to victim networks.

 

The FBI is investigating the compromise of SolarWinds’ software updates, which was linked with a Russian intelligence service. SolarWinds’ software is used throughout Fortune 500 companies, and in critical sectors such as electricity. The “killswitch” action highlights the power that major technology companies have to throw up roadblocks to well-resourced hackers. This is very similar to Microsoft teaming up with the US Cyber Command to disrupt a powerful Trickbot botnet in October.

5 Cyber Security Trends from 2020 and What We Can Look Forward to Next Year

Today’s cybersecurity landscape is changing a faster rate than we’ve ever experienced before. Hackers are inventing new ways to attack businesses and cybersecurity experts are relentlessly trying to find new ways to protect them. Cost businesses approximately $45 billion, cyber-attacks can be disastrous for businesses, causing adverse financial and non-financial effects. Cyber-attacks can also result in loss of sensitive data, never-ending lawsuits, and a smeared reputation. 

 

With cyber-attack rates on the rise, companies need to up their defenses. Businesses should take the time to brush up on cybersecurity trends for the upcoming year, as this information could help them prepare and avoid becoming another victim of a malicious attack. Given the importance of cyber security in the current world, we’ve gathered a list of the top trends seen in cybersecurity this year and what you can expect in 2021.

INCREASE IN SPENDING

 

It’s no secret that cybersecurity spending is on the rise. It has to be in order to keep up with rapidly changing technology landscape we live in. For example, in 2019 alone, the global cyber security spending was estimated to be around $103 billion, a 9.4% increase from 2018. This year the US government spent $17.4 billion on cybersecurity, a 5% increase from 2019. Even more alarming is the fact that cybercrime is projected to exceed $6 trillion annually by 2021 up from $3 trillion in 2015. The most significant factor driving this increase is the improved efficiency of cybercriminals. The dark web has become a booming black market where criminals can launch complex cyberattacks.  With lower barriers to entry and massive financial payoffs, we can expect cybercrime to grow well into the future.

 

Learn more about how Microsoft is teaming up with US National Security to defeat threatening malware bot.

COMPANIES CONTINUE TO LEARN

 

Demand for cybersecurity experts continued to surpass the supply in 2020. We don’t see this changing anytime soon either. Amidst this trend, security experts contend with considerably more threats than ever before. Currently, more than 4 million professionals in the cybersecurity field are being tasked with closing the skills gap. Since the cybersecurity learning curve won’t be slowing anytime soon, companies must come to grips with strategies that help stop the shortage of talent. Options include cross-training existing IT staff, recruiting professionals from other areas, or even setting the job qualifications at appropriate levels in order to attract more candidates. 

 

Most organizations are starting to realize that cybersecurity intelligence is a critical piece to growth Understanding the behavior of their attackers and their tendencies can help in anticipating and reacting quickly after an attack happens. A significant problem that also exists is the volume of data available from multiple sources. Add to this the fact that security and planning technologies typically do not mix well. In the future, expect continued emphasis on developing the next generation of cyber security professionals.

THE INFLUENCE OF MACHINE INTELLIGENCE DEVELOPS

 

Artificial Intelligence (AI) and Machine Learning (ML) are progressively becoming necessary for cybersecurity. Integrating AI with cybersecurity solutions can have positive outcomes, such as improving threat and malicious activity detection and supporting fast responses to cyber-attacks. The market for AI in cybersecurity is growing at a drastic pace. In 2019, the demand for AI in cybersecurity surpassed $8.8 billion, with the market is projected to grow to 38.2 billion by 2026. 

 

Find out how the US military is integrating AI and ML into keeping our country safe.

MORE SMALL BUSINESSES INVEST IN CYBER PROTECTION

 

When we think of a cyber-attack occurring, we tend to envision a multibillion-dollar conglomerate that easily has the funds to pay the ransom for data retrieval and boost its security the next time around. Surprisingly, 43% of cyber-attacks happen to small businesses, costing them an average of $200,000. Sadly, when small businesses fall victim to these attacks, 60% of them go out of business within six months.

 

Hackers go after small businesses because they know that they have poor or even no preventative measures in place. A large number of small businesses even think that they’re too small to be victims of cyber-attacks. Tech savvy small businesses are increasingly taking a preventative approach to cybersecurity. Understanding that like big organizations, they are targets for cybercrimes, and therefore adapting effective cybersecurity strategies. As a result, a number of small businesses are planning on increasing their spending on cybersecurity and investing in information security training.

 

We have the ultimate cure to the ransomware epidemic plaguing small business.

CYBER-ATTACKS INCREASE ON CRITICAL INFRASTRUCTURES

 

Utility companies and government agencies are extremely critical the economy because they offer support to millions of people across the nation. Critical infrastructure includes public transportation systems, power grids, and large-scale constructions. These government entities store massive amounts of personal data about their citizens. such as health records, residency, and even bank details. If this personal data is not well protected, it could fall in the wrong hands resulting in breaches that could be disastrous. This is also what makes them an excellent target for a cyber-attack. 

 

Unfortunately, the trend is anticipated to continue into 2021 and beyond because most public organizations are not adequately prepared to handle an attack. While governments may be ill prepared for cyber-attacks, hackers are busy preparing for them. 

 

Curious About the Future of all Internet Connected Devices? Read Our Blog here

WHAT CAN WE LOOK FORWARD TO IN 2021?

Going forward into a new year, it’s obvious that many elements are coming together to increase cyber risk for businesses. Industry and economic growth continue to push organizations to rapid digital transformation, accelerating the use of technologies and increasing exposure to many inherent security issues. The combination of fewer cyber security experts and an increase of cyber-crime are trends that will continue for some time to come. Businesses that investment in technologies, security, and cybersecurity talent can greatly reduce their risk of a cyber-attack and  increase the likelihood that cybercriminals will look elsewhere to manipulate a less prepared target.

4G on the Moon – NASA awards Nokia $14 Million

Cellular Service That’s Out of This World

As soon as 2024, we may be seeing humans revisit the moon. Except this time, we should be able to communicate with them in real time from a cellular device. Down here on Earth, the competition between telecom providers is as intense as ever. However, Nokia may have just taken one giant leap over its competitors, with the announcement of expanding into a new market, winning a $14.1 million contract from Nasa to put a 4G network on the moon.

Why put a communications network on the moon?

Now, you may be wondering, “why would we need a telecommunications network on the mood?” According to Nokia Labs researchers, installing a 4G network on the surface of Earth’s natural satellite will help show whether it’s possible to have human habitation on the moon. By adopting a super-compact, low-power, space-hardened, wireless 4G network, it will greatly increase the US space agency’s plan to establish a long-term human presence on the moon by 2030. Astronauts will begin carrying out detailed experiments and explorations which the agency hopes will help it develop its first human mission to Mars.

Nokia’s 4G LTE network, the predecessor to 5G, will deliver key communication capabilities for many different data transmission applications, including vital command and control functions, remote control of lunar rovers, real-time navigation and streaming of high definition video. These communication applications are all vital to long-term human presence on the lunar surface. The network is perfectly capable of supplying wireless connectivity for any activity that space travelers may need to carry out, enabling voice and video communications capabilities, telemetry and biometric data exchange, and deployment and control of robotic and sensor payloads.

Learn more about “radiation-hardened” IT equipment used by NASA in our blog.

How can Nokia pull this off?

When it comes to space travel and moon landings in the past, you always hear about how so much can go wrong. Look at Apollo 13 for instance. Granted, technology has vastly improved in the past half century, but it still seems like a large feat to install a network on the moon. The network Nokia plans to implement will be designed for the moon’s distinctive climate, with the ability to withstand extreme temperatures, radiation, and even vibrations created by rocket landings and launches. The moon’s 4G network will also use much smaller cells than those on Earth, having a smaller range and require less power.

Nokia is partnering with Intuitive Machines for this mission to integrate the network into their lunar lander and deliver it to the lunar surface. The network will self-configure upon deployment and establish the first LTE communications system on the Moon. Nokia’s network equipment will be installed remotely on the moon’s surface using a lunar hopper built by Intuitive Machines in late 2022.

According to Nokia, the lunar network involves an LTE Base Station with integrated Evolved Packet Core (EPC) functionalities, LTE User Equipment, RF antennas and high-reliability operations and maintenance (O&M) control software. The same LTE technologies that have met the world’s mobile data and voice demands for the last decade are fully capable of providing mission critical and state-of-the-art connectivity and communications capabilities for the future of space exploration. Nokia plans to supply commercial LTE products and provide technology to expand the commercialization of LTE, and to pursue space applications of LTE’s successor technology, 5G.

Why did Nokia win the contract to put a network on the moon?

An industry leader in end-to-end communication technologies for service provider and enterprise customers all over the world, Nokia develops and provides networks for airports, factories, industrial, first-responders, and the harshest mining operations on Earth. Their series of networks have far proven themselves reliable for automation, data collection and dependable communications. By installing its technologies in the most extreme environment known to man, Nokia will corroborate the solution’s performance and technology readiness, enhancing it for future space missions and human inhabiting.

Scroll to top