![]() ![]() ![]() Those credentials, depending on whom they belong to and how much access that individual has, can be very effective ways to gain a toehold in a protected computer system, but they’re also very easy to change or reset when the compromise is discovered. Many cyberespionage activities begin with phishing campaigns or stolen credentials, which are then used to deliver malware to targeted systems. Another element adding to the challenge of trying to clean up this mess will be the thoroughness of the compromise of each individual system. All of that will require time to sort out and trace and investigate, but it’s not the only reason that coming back from this will be hard. Some of that longevity will come from the scale of the attack and the number of different companies, like Microsoft, that were then used as platforms for further attacks on new victims. The actual, active theft of information from protected networks due to this breach will last years. ![]() So when I say the SolarWinds cyberespionage campaign will last years, I don’t just mean, as I usually do, that figuring out liability and settling costs and carrying out investigations will take years (though that is certainly true here). This means that the set of potential victims is not just (just!) the 18,000 SolarWinds customers who may have downloaded the compromised updates, but also all of those 18,000 organizations’ customers, and potentially the clients of those second-order organizations as well-and so on. That whole time, government and private sector systems will continue to actively be breached because of the malware that was surreptitiously included in updates to the SolarWinds Orion products. In the coming year, we won’t just be fighting about who was responsible or figuring out how this happened or assessing the fallout or repairing affected systems. But the SolarWinds compromise is different. I study the aftermath of cybersecurity incidents, and many large-scale breaches come with drawn-out legal battles and investigations that last for months, or even years, following the initial discovery and disclosure. It launched in the spring of this year, and it will likely last for years. The SolarWinds cyberespionage campaign has apparently targeted a dizzying number of government and private organizations: the State, Commerce, Treasury, Homeland Security, and Energy departments Microsoft the cybersecurity firm FireEye the National Institutes of Health and the city network of Austin, Texas, just to name a few. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |