Even though it could take months to estimate the extent of damage, what do we know so far about the biggest cybersecurity attack in years on SolarWinds? 1/n
SolarWinds' security practices seem to have been lacking for some time. https://www.reuters.com/article/global-cyber-solarwinds/hackers-used-solarwinds-dominance-against-it-in-sprawling-spy-campaign-idUSKBN28Q07P 2/n
By hacking SolarWinds, Russia's Foreign Intelligence Service (SVR) slipped malware into automatic updates that got installed in the networks of the federal government and various organizations -- close to 198 organizations fell victim to this hack. https://thehill.com/policy/technology/531013-massachusetts-cybersecurity-firm-detects-at-least-198-organizations-victims 3/n
Einstein, the U.S. government multibillion-dollar malware detection system, was not useful in detecting this hack because it was a 'supply chain' attack aimed at compromising a trusted tool. 4/n
Einstein, instead, detects known malware. https://www.washingtonpost.com/national-security/ruusian-hackers-outsmarted-us-defenses/2020/12/15/3deed840-3f11-11eb-9453-fc36ba051781_story.html 5/n
What was the motive? The range of targets -- oil and gas companies, telecom, technology, the departments of Treasury, State, Commerce, and Homeland Security -- suggests a range of motives. https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
What were the responses? Senate Minority Whip Dick Durbin (D-Ill.) said, “This is virtually a declaration of war by Russia on the United States and we should take that seriously.” But President Trump downplayed the hack: https://thehill.com/policy/cybersecurity/530784-lawmakers-ask-whether-massive-hack-amounted-to-act-of-war
What can be done? @TomBossert outlines a number of steps that the current and future administrations can take: https://www.nytimes.com/2020/12/16/opinion/fireeye-solarwinds-russia-hack.html