Even the largest and powerful government agencies and companies are vulnerable to security threats. On Dec. 18, 2020 it was first reported that almost two hundred organizations, including major segments of the U.S. Government, were hacked. While large amounts of data were stolen, there is currently no evidence that any information was tampered with.
Even if your organization isn't holding on to government secrets, your data is still valuable. Shoring up your security systems with common sense measures like terminal emulation for any legacy mainframes you use can give you much-needed peace of mind.
A wide reaching hack
The exploit was initially reported Dec. 8 by the cybersecurity firm FireEye, which announced that several of its tools and data had been stolen. Within days, cybersecurity experts were able to trace the breach to a malware attached to an update from a software contractor called SolarWinds, according to The Hill. The company sent their update to about 18,000 customers, of which over 1,000 experienced some kind of adverse effect and 198 were actually hacked. Major targets included the departments of Commerce, Energy, Homeland Security, State and Treasury, as well as various subsidiary agencies like the National Institutes of Health.
SolarWinds was unaware it had been infiltrated when it sent out the update.
Upon discovering the hack, FireEye was quickly able to surmise that the attack had been conducted by a nation state, rather than a rogue actor, as the company's CEO Kevin Mandia, speaking with NPR. Soon after, sources began to report that the Russian military intelligence team called "Cozy Bear" was believed to be responsible. This line of thinking was confirmed by Secretary of State Mike Pompeo on Dec, 18.
Debate on the impact
While the scope of Russia's alleged hack is clearly massive, the ultimate impact the cyberattack will have is unclear. Experts are divided on whether the exploits constitute an act of espionage or a "attack on the U.S. and its government," as Microsoft president Brad Smith referred to it. Advocates for classifying the exploit as espionage have noted that hackers did not appear to have altered or deleted any data and that the U.S. carries out similar missions, although not to this scale.
"I don't think under anybody's definition who works in this field is this any kind of cyberattack … This is really just a very successful espionage operation. It's the kind of thing we would love to carry out. And it's sort of a wake-up call – we have got to get better," Gary Brown, a Professor of Cyber Law at National Defense University and a former cyber official at the Pentagon, said to NBC News.
Experts contrasted these recent hacks with a 2014 exploit in which North Korea infiltrated Sony Picture's system and destroyed large amounts of data.
"Obviously if somebody breaks into your systems and starts destroying stuff, as happened with Sony, well, that's an attack," said Director of National Intelligence James Clapper.
Others, including U.S. Senators Dick Durbin and Mitt Romney, felt the hack clearly passed the threshold for being classified as an attack. Durbin described the exploit as a cyberattack and called it "virtually a declaration of war by Russia on the U.S.," according to The Hill. Romney, meanwhile, compared the hacks to Russian bombers being in American airspace.
While some experts may not classify the exploits as a true cyber attack, the seriousness of the exploits is not being disputed.
Shoring up your cybersecurity
Even if you don't work at a government agency or major corporation, the newest round of hacking exploits makes clear the importance of strengthening your cybersecurity system. One of the easiest and most important ways to shore up your network is by getting rid of tools that rely heavily on unsecured, opensource Java code. While Java is a building block of many important programs, it's widespread use means that its vulnerabilities are well known by hackers and easy to exploit.