Cybersecurity has become a growing problem this year, and cyber criminals have been taking advantage of strained infrastructure in the government sector as a result of the pandemic and other factors. Cyberattacks are not only increasing in number, but also in complexity and reach.
This appears to be just the beginning. Last week, cybersecurity firm FireEye revealed that it had been hacked and its clients, which include the United States government, had been placed at risk. Now there are reports that Russian hackers launched a massive attack on the computer systems of multiple U.S. agencies via a vulnerability on the Orion software offered through SolarWinds.
The Austin, Texas-based company works with organizations around the world, including most Fortune 500 companies and multiple U.S. federal agencies. So far, the company has said that “fewer than 18,000” installed the version of Orion that had been compromised.
The cyber criminals were able to get in through the supply chain that SolarWinds uses to distribute software updates, which was sent to customers between March and June. The agencies impacted include the Commerce Department, Department of Homeland Security, the Pentagon, the Treasury Department, the U.S. Postal Service, and the National Institutes of Health.
Microsoft has taken control of the domain name the hackers used to communicate with the compromised systems, according to security expert Brian Krebs. The company's analysis will hopefully be able to establish the damage done to affected companies and agencies.
“The actual and perceived control of so many important networks could easily be used to undermine public and consumer trust in data, written communications and services,” said Thomas P. Bossert, the former homeland security adviser to President Trump and deputy homeland security adviser to President George W. Bush. “In the networks that the Russians control, they have the power to destroy or alter data, and impersonate legitimate people. Domestic and geopolitical tensions could escalate quite easily if they use their access for malign influence and misinformation — both hallmarks of Russian behavior.”