In the IT sector, the year 2020 ended with a huge computer attack that is considered to be the most dangerous and impactful of the last 10 years.
These include the computer attack on Orion management software, supplied by Texane SolarWinds. As a result, thousands of companies have faced a huge vulnerability in their security system.
This article will also interest you: SolarWinds: Neglects and Consequences
Experts say the impact of the computer attack could still be visible for several years.
It all starts in September 2019, the servers of the Texan company SolarWinds are affected by a computer attack. Unfortunately for them the attack was not detected at this time. In this way, hackers were able to gain access to the Orion management software production system. The main software provided by the Texan company is used worldwide by thousands of companies and public and private organizations.
"Orion is software that works in the background and manages large computer networks. It is a widespread software, used by various governments, organizations and private companies. "Says Brandon Valeriano, a researcher at Marine Corps University in Virginia, who is also an expert in cyber defence.
Hackers took advantage of their access to install in the orion app's update system, a malware. Nearly 18,000 customers of the Texan company were subsequently infected after installing the corrupt update. This allowed them to easily access thousands of computer systems around the world without even being able to be detected.
While nearly 18,000 U.S. company customers have been infected with the malware inserted into the update system, only 250 organizations, not insignificant, have been directly affected. This includes government agencies in Spain, Israel, the United Kingdom, the United Arab Emirates, Belgium and Mexico, not to mention the United States.
According to some experts, the attack was much more aimed at the United States. Among the organizations affected by large U.S. companies are microsoft, the tech giant, but also some U.S. government departments, such as the Commerce Department, the Department of Energy, the Treasury Department is the State Department. In addition, another very important organization was also affected by the cyberattack, the National Nuclear Security Administration.
On the Canadian side, no computer attacks were observed to be directly affiliated with the SolarWinds attack. Yet many Canadian organizations use Orion software.
According to the US authorities, Russia is involved in some way in the cyberattack. In particular, a group of hackers that would be directly linked to the russian state's foreign intelligence service. This group 2 cybercriminals is known as Cozy Bear. In the past, the group had been accused of initiating a computer attack on the Democratic National Committee, trying to hack and email them.
The filtration of the SolarWinds system was unfortunately discovered only from December 2020. Which means that the pirate it is almost 1 years to carry out their activities.
"Today, we know what happened, and we try to clean up and see the extent of the damage. The problem, of course, is that preventing illegal access and repairing networks depends on the quality of your IT team, or your cybersecurity team. It is a bit like the distribution of vaccines against COVID-19: it is not done everywhere in a uniform way. With SolarWinds attacks, it's the same thing. explains Brandon Valeriano.
In addition, another risk is pervasive. The ability for hackers to install backdoors on servers they would have had access to during the year. "While we feel like we've stopped illegal access, we're not sure. It's like a thief leaving your house, but leaving a window unlocked. It's a possibility. It's going to take time to see how we learn to control systems to make sure that people can't infiltrate them again. stresses the expert.
When asked what data might have stolen from businesses, experts point out how impossible or difficult it is to know exactly, for Brandon Valeriano: "If you don't have a good inventory of what you have, and who can access it, you may never know what was taken. It's unique to cybersecurity: often there are things you can't know. You have to live with that, and it's not easy. ».
Now access an unlimited number of passwords: