How The FireEye/SolarWinds Breach Affects Your Company

Posted by Joe Hannan on Feb 11, 2021 4:26:19 PM
Joe Hannan
Find me on:

GV-Blog-1

You’re probably familiar with the FireEye/SolarWinds cybersecurity breach, which rocked the entire industry, as well as the federal government, to their foundationsBut do you understand the danger this breach poses to your company? To underscore its importancethe US economy and government will contend with the aftermath of FireEye and SolarWinds for years. 

To understand the severity of the FireEye and SolarWinds breach, it helps to use an analogy. Let’s compare it to a bank robbery.  

 

A team of robbers digs beneath a bank vault, bores into that vault, and empties it without raising suspicion. For yearscybersecurity breaches have followed this rough analogy. Then came SolarWinds/FireEye. 

 

To extend this analogy, let’s say the robbers determined a way to target not just one bank, but millions—all at onceusing the same tacticsWhile carrying out this massive heist, the cunning thieves learned that they could even target the police. While breaking into banks nationwidethey simultaneously steal the very tools that the police will use to catch themThe robbers can now target any business, avoid detection, and stay one step ahead of the law 

 

Bigger than bank robbery 

 In actuality, the robbers in this story broke into a common piece of network monitoring software called Orion, made by SolarWinds. Many businesses—possibly yours—use Orion to track network performance. In the case of the FireEye/SolarWinds breach, our robbers embedded malware into an Orion software update. The malware gave them access to any company that installed the latest version of Orion.  

 

You’re probably wondering, if SolarWinds is the bank in this analogy, then who are the police? This is where FireEye comes in. FireEye has cleaned up after some of the highest-profile hacks of recent history, including Sony and ExperianThe federal government has also contracted FireEye to assist with investigations 

 

Of interest to corporations and the federal government are FireEye’s team of cybersecurity specialists. These white-hat hackers probe for network vulnerabilities in what are known as penetration tests. Penetration tests help identify cybersecurity gaps that malicious actors exploit. FireEye also developed proprietary tools to perform these penetration tests and kept those digital tools in a heavily encrypted vault.  

 

Unfortunately, FireEye also used Orion, and got robbed along with everyone else.

 

The good news is, in choosing break into FireEye, the robbers messed with the wrong company. While everybody else got robbed blind, FireEye detected the breach, pinpointed the source as Orion, and prompted SolarWinds to issue an update to close the gap in Orion’s defenses. Unfortunately, the damage had been done. The robbers were able to steal valuable penetration test tools that would have been used against them, as well as incalculable amounts of data from their other victims, which may include the federal government. 

 

The big bad 

 One thing we haven’t addressed yet in this post: Who are these bank robbers? Unfortunately, this is where our story turns dark and familiar. 

 

Top American cybersecurity officials have since acknowledged that the hack was likely an operation carried out by Russia’s S.V.R. intelligence serviceIt’s also likely that the timing of the attack was intentional. The New York Times reports that the breach went undetected by American cybersecurity officials for nine months, affecting more than 250 federal agencies and businesses.  

 

During that time, the US was occupied with the COVID-19 pandemic and the 2020 presidential election. The election is important in this story because Russia interfered with the 2016 presidential electionIn 2020, while US cybersecurity officials were focused on securing the election from foreign interference, it seems Russia may have selected less-defended targets: the US economy and federal government. 

 

One of the salient lessons from the COVID-19 pandemic has been the vulnerability of the US government, businesses, and citizens to disruption. In the case of COVID-19the country confronts a biological virus. In the case of FireEye and SolarWinds, it faces a digital one 

 

Now, imagine if a foreign power, intent on disrupting or harming America and Americans, was able to exploit a breach like FireEye/SolarWinds. With a few keystrokes, this foreign power could shut down the US economy, and possibly the government, too. 

 

So, now what? 

If you take nothing else away from this post, let it be this: If this breach can happen to FireEye, one of the leaders in cybersecurity, it can happen to anybody. There’s no need to panic, but you need to take actions to mitigate exposure. Here’s what you should do: 

 

  • Determine if your company or any company in your supply chain has used SolarWinds or Orion. Think of your supply chain as anyone with whom you do business. Even if you don’t use SolarWinds or Orion, but a company in your supply chain does, you might have been exposed. 
  • Take appropriate actions to mitigate exposure. First, if you are running any SolarWinds software, install all updates. From there, you may want to explore encrypted, cloud-based data storage. Employee training on password sophistication and security is also a wise tactic. Finally, you need data redundancy. All data should be backed up regularly on a separate encrypted network. 
  • Implement a robust information security program. It pays to be proactive. Maybe you got away from this breach unscathed. Do you want to risk another? If you don’t have a robust information security program, now is the time to develop one. You should also conduct a professional penetration test. They cost far less than an incident response. 

 

Ultimately, your cybersecurity is only as good as your cybersecurity processes. If a company with the sophistication and capabilities of FireEye can get hacked, then any company is a target. FireEye only discovered the breach and responded in a timely manner because of good security processes. On the other hand, SolarWinds, a massive company, was compromised for months without detection because of poor security processes. 

 

Which option sounds preferable? Chances are, somewhere in the dark corners of the internet, the bank robbers are plotting their next heist. 

Topics: hack, cybersecurity, darkweb, information security, malware, privacy, Data Privacy, pentesting, penetration testing

Recent Posts