Tag Archive for: cybercrime

SolarWinds Hack: What Vladimir Putin Wants Every Business To Ignore

Summary of the SolarWinds Hack

Russian hackers inserted malicious code into a ubiquitous piece of network-management software (SolarWinds and other companies) used by a majority of governmental agencies, Fortune 500 companies and many cloud providers. The software potentially gives Russia an all-access pass into the data of breached organizations and their customers.

Immediate Steps to Protect Your Network

I would recommend having a conversation with your IT provider or security team about the following items, as much for future attacks as for the SolarWinds hack:

  • After reading through this summary, take a deeper dive into this WSJ white-paper: The SolarWinds Hack – What Businesses Need to Know
  • For small businesses, it is important that you check with any cloud software providers to make sure they have resolved any problems with affected software.
  • Patch all instances of SolarWinds network management software and all network management, security and operational software in your environment.
  • Make sure your security team keeps up with the latest fixes for the Sunspot virus.
  • Configure your network assets to be as isolated as possible so that your most confidential data caches are separate from less confidential data.
  • Review the security settings of every category of user on the system to tighten user-level access.
  • Make sure employees know the proper procedures for connecting remotely to your network. Verify that they aren’t using a free personal VPN to connect.
  • If you utilize Microsoft products, keep up to date with their Investigation Updates.
  • If there is a chance you have been affected, have a full security audit done of your network.

Details of the SolarWinds Hack

During the worst possible time – a contentious presidential transition and a global pandemic – dozens of federal government agencies, among them the Defense, Treasury and Commerce, were breached by a cyber espionage campaign launched by the Russian foreign-intelligence service (SVR). The SVR is also linked to hacks on government agencies during the Obama Administration.

Senator Angus King said Putin “doesn’t have the resources to compete with us using conventional weapons, but he can hire about 8,000 hackers for the price of one jet fighter.”

In addition to internal communications being stolen, the operation exposed hundreds of thousands of government and corporate networks to potential risk. The hackers infiltrated the systems through a malicious software update introduced in a product from SolarWinds Inc., a U.S. network-management company. This allowed unsuspecting customers of their software to download a corrupted version of the software with a hidden back door allowing hackers to access their networks from “inside the house”. SolarWinds has more than 300,000 customers world-wide, including 425 of the U.S. Fortune 500 companies. Some of those customers include: the Secret Service, the Defense Department, the Federal Reserve, Microsoft, Lockheed Martin Corp, PricewaterhouseCoopers LLP, and the National Security Agency. (Note: more recently, it has been discovered that SolarWinds wasn’t the only primary software infected.)

A Solar Winds spokesperson said the company knew of a vulnerability related to updates of its Orion technology management software and that the hack was the result of a highly sophisticated, targeted and manual supply chain attack by a nation state. Like the FireEye breach, this was not a broad attack of many systems at once, but a stealthy, patiently-conducted campaign that required “meticulous planning and manual interaction.”

SolarWinds Hack was a Supply Chain Attack

These supply-chain attacks reflect a trend by hackers in which they search for a vulnerability in a common product or service used widely by multiple companies. Once breached, it spreads widely across the internet and across dozens or even hundreds of companies before the compromises are detected. Many companies have increased their level of cyber-protections, but they do not scrutinize the software that their suppliers provide. This is a concern because corporations typically have dozens of software suppliers. For example, in the banking industry, the average number of direct software suppliers is 83. In IT services, it’s 55.

To understand the severity and national-security concerns of this breach, think of this as a “10 on a scale of one to 10”. The Cybersecurity and Infrastructure Agency ordered the immediate shut down of use of SolarWinds Orion products. Chris Krebs, the top cybersecurity official at the Department of Homeland Security until his recent firing by Trump, stressed any Orion users should assume they have been compromised. Other investigators say that merely uninstalling SolarWinds will not solve the threat and that recovery will be an uphill battle unlike any we have ever seen. While the hackers may not have gained complete control of all companies, all experts agree that it will take years to know for certain which networks the Russians control and which ones they just occupy and to be assured that foreign control has been negated. Because they will be watching whatever moves we make—from the inside.

John Sileo is a cybersecurity expert, privacy advocate, award-winning author and media personality as seen on 60 Minutes, Anderson Cooper and Fox & Friends. He keynotes conferences virtually and in person around the world. John is the CEO of The Sileo Group, a business think tank based in Colorado.

Data Integrity Attacks: How Cybercriminals Manipulate Rather Than Steal Your Info

You’re rushed to the hospital after a serious car accident. Doing her job, the admitting physician verifies your blood type prior to giving you a life-saving transfusion. But no one knows the hospital’s medical records have been hacked — but not stolen. In this case, your records have been changed, reflecting a blood type that if transfused, would likely kill or seriously harm you. Welcome to the age of data manipulation.

Manipulating data is the latest trend in cybercrime, and it’s on the rise. The most recent study by Ponemon Institute and Accenture warned that attacking data integrity is the “next frontier.” To understand how we got to this point, we need to take a look at the evolution of cybercrime over the past two decades and how hackers seek a variety of hacking outcomes.

An approximate cybercrime timeline

Early on, cybercriminals were mostly looking to restrict access to your data availability, using malware to launch Denial of Service attacks, where legitimate users are kept from accessing a network, information or devices. Their motivation was twofold: to test their hacking tools for larger campaigns and to disrupt business operations of predetermined targets. 

Next, hackers expanded their exploits to steal data out of large databases — such as the Equifax breach that compromised the personal information of 143 million Americans — and sell it for a profit on the dark web. The cybercriminals’ primary motivation was good old fashioned greed. 

Simultaneously, cybercrime expanded into espionage, using malware and other methods to obtain secret files from U.S. defense contractors, including plans for the F-35 jet from Lockheed Martin. 

Then came cyberextortion, like when Sony Pictures was hacked just before it released the anti–Kim Jong-un movie, “The Interview.” At the time, the FBI said North Korea was responsible for the attack, but five years later questions about the perpetrators and motives remain, which just goes to show how hard it is to identify cybercriminals. 

On the heels of cyberextortion came disinformation and influence campaigns, like those used with Brexit and the 2016 U.S. presidential election. 

The point of this brief history lesson is to demonstrate how quickly sinister actors migrate time-tested tools of crime (fraud, extortion, disinformation, etc.) into cyberspace.

Data manipulation is mostly unique to cyberspace

The old fashioned alteration of checks, IDs and airplane tickets aside, data manipulation is a crime that grew exponentially in cyberspace. Former U.S. Cyber Command and NSA head admiral Michael Rogers said his worst-case attack scenario would involve data manipulation “on a massive scale.” 

Despite Rogers’ warning, the U.S. government continues to drag its feet on combating cybercrime, including data manipulation, which is now being discovered only after the fact by security teams. And I’m expecting that data alteration attacks will quickly become one of the most pernicious and undetectable threats for nation-states and corporations around the world. 

To expand on my previous example, it’s no longer just your blood type at risk. It’s the blood type, address and information on the family members of every soldier, spy and diplomat serving the United States. The potential to inflict great harm is enormous.  

Cybercrime is like a virus altering your DNA

Data manipulation is unique among cybercrimes because it’s not about taking the information — it’s about altering the data. The information generally never leaves the owner’s servers, so the criminal raises no red flags that something is amiss. This makes it much harder to catch, and it can be much more destructive. Think maliciously altering flight plans with air traffic controllers, altering bank account balances, or appending your criminal record with fictitious arrests. 

Think of data manipulation as a virus that invades the body and alters its fundamental DNA. The damage is done quietly, and you may never know it happened.

The integrity of our data is at stake

In 2017, a Michigan man hacked the IT system of the Washtenaw County Jail and altered the release date of a friend who was serving a sentence there. The hacker used a social engineering campaign to trick workers at the jail into downloading malware on their computers and was then able to access and change the data. Luckily, staff noticed something was amiss and used paper records to verify the sentence But the scheme cost Washtenaw more than $230,000, and the criminal got access to the personal information of over 1,600 people.

Getting a friend out of jail is one creative use of data manipulation, but there are far more nefarious uses, such as altering operating procedures on nuclear facility instruction manuals, modifying software code in driverless vehicles, and changing the temperature threshold on refrigeration equipment or power turbines. And of course, as we’ve already experienced, altering votes or voter eligibility.

The stock market is another place that’s ripe for data manipulation. As the Wall Street Journal reported last year, 85% of stock market trades happen “on autopilot — controlled by machines, models, or passive investing formulas.” Consequently, if the underlying data that feeds the algorithms is altered by hackers, it could create widespread chaos in the markets and ultimately destabilize the global economy.

The biggest threat may be to the healthcare industry, which has become a prime target in ransomware attacks, and where the effects of data manipulation can be deadly. To underscore this point, researchers in Israel created malware that can add realistic but fake malignant growths to CT or MRI scans before they’re reviewed by doctors or radiologists. Likewise, the malware can remove cancerous nodules or lesions from patients’ scans. 

In April, The Washington Post reported on the malware and revealed that a blind study conducted by researchers at Ben-Gurion University Cyber Security Research Center had devastating results. “In the case of scans with fabricated cancerous nodules, the radiologists diagnosed cancer 99 percent of the time. In cases where the malware removed real cancerous nodules from scans, the radiologists said those patients were healthy 94 percent of the time.”

When it comes to cybercrime, the best defense is a good offense

Because the defense of data integrity is in its early stages, there is very little that organizations can do to defend against manipulation once the cybercriminals have cracked into critical databases. Few organizations possess the tools to accurately detect and eliminate data manipulation, and those tools are more than a year away. 

In the meantime, your solution is to keep criminals out of your data in the first place, using the tools that I talk about in every one of my presentations. When it comes to data integrity, prevention beats recovery every time.

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on data integrity, cybersecurity and tech/life balance.