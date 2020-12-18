iStock/towfiqu ahamed

As if it weren’t bad enough that suspected Russian hackers had been roaming the networks of the National Nuclear Security Administration and other federal agencies undetected and unimpeded for months, concerns grew this week that the compromised SolarWinds Orion software platform could allow access to private-sector supply chain data, as well.

Already, Microsoft has reported that “ongoing” investigations “detected malicious SolarWinds binaries in our environment, which we isolated and removed.” Lest it sound like the problem was nipped in the bud, Microsoft President Brad Smith yesterday blogged that “the recent attackers used a technique that has put at risk the technology supply chain for the broader economy.” He called for a “strong and coordinated global cybersecurity response” led by the U.S. government.

“This latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms,” Smith wrote. “It illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous. As much as anything, this attack provides a moment of reckoning.”

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding the “Advanced Persistent Threat [APT] Compromise of Government Agencies, Critical Infrastructure and Private Sector Organizations.” CISA provided details on detection and mitigation methods.

The agency said key takeaways based on what it knew so far were:

“This is a patient, well-resourced and focused adversary that has sustained long duration activity on victim networks.

“The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged.

“Not all organizations that have the backdoor delivered through SolarWinds Orion have been targeted by the adversary with follow-on actions.

“Organizations with suspected compromises need to be highly conscious of operational security, including when engaging in incident response activities and planning and implementing remediation plans.”

Companies would be wise to double- and triple-check the security of their own networks, particularly in light of the threat posed by weaknesses in supply chain partners’ own platforms.

“It is very important to review the security of your vendors before you engage them, to make sure they are capable of meeting your needs or otherwise enhancing their controls before they are onboarded,” said Phil Venables, a Goldman Sachs senior advisor on risk and cybersecurity, who was quoted in a report released earlier in 2020 on third-party threats. “But, it is equally important to establish an approach of continuous monitoring to help assure that such control continues to be in place over the life of the engagement.”