In this article, the Cervello team will discuss the SolarWinds cyberattack.
If the recent SolarWinds attack has taught us anything, is that nothing and nobody is protected from today’s hackers. Particularly, if you are a government-owned or a critical infrastructure company, it is only a matter of time until you will also join the statistics.
SolarWinds which serves many federal agencies in the US, as well as a significant portion of Fortune 500 companies, was attacked in what is considered to be one of the most significant cyberattacks in history.
In a nutshell, here’s a simple explanation of how the SolarWinds hack occurred:
1. SolarWinds, a major US IT company that sells IT monitoring and management tools, was the subject of a cyberattack that spread to its clients and was undetected for months.
2. The SolarWinds Orion platform is used by companies around the globe to manage their IT resources. The company has roughly around 33,000 customers that use its software solutions.
3. Sometime around March 2020, the company unwittingly sent out software updates to its customers, that included a hacked code.
4. This code created a backdoor to the system/network in which the SolarWind system was installed, which the attackers used to install more malware, into legitimate software, that helped them to penetrate those networks.
5. Due to the stealth nature of the attack, it was undetected for months, allowing the hackers to penetrate and collect information on some of the world’s most sensitive organizations, the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury.
So what are the implications?
Now, when the attack has already taken place, it will take years and a great amount of money to secure these systems again. The attack provides a real live demonstration of why companies should be adapting to a new reality in which they understand that there are already breaches in their networks, rather than merely reacting to attacks after they are discovered. One thing will continue to be given, attackers will always look for exploitable targets to provide them with access to other, more valuable, targets.
What can Cervello do to help?
After years of working in the Israeli Defense Forces and the Israeli Defense Industries, we deeply understand the risk. We understand that in cybersecurity, especially in the critical infrastructure industries sector, trust is a vulnerability. We strongly believe that in order to protect critical systems against cyber attacks, nothing inside or outside the network perimeter can be trusted. Anything and everything trying to connect to the critical signaling systems must be verified before granting access.
This is exactly why we implemented the Zero Trust methodology in our platform: Zero Trust is one of the most effective ways for organizations to control access to their critical assets. The methodology combines a set of preventative techniques including identity verification, micro-segmentation, endpoint security, and least privilege controls to detect abnormal behaviors and cyberattacks, both from external and internal sources. The Cervello platform can help you reveal insider and external threats without relying on any learning phase, prior knowledge, assumptions, and/or third-party software, and thus even to protect your valuable assets from sophisticated attacks such as the SolarWinds attack!
Please feel free to contact us for any further information regarding our solutions and best practices to mitigate rail cyber threats using the Cervello railway cybersecurity platform.