Cyber-attacks as a criminal offense are almost as old as the Internet itself. What is new, however, is that large-scale attacks that paralyze the functioning of institutions are starting to become commonplace worldwide, and are being perceived as “national threats”. So threatening, in fact, that for the first time, government leaders see the use of physical force in response to an attack as a serious option. The most prominent example so far: the USA.
“A real shooting war” – with these words on the recent series of attacks on private and public institutions in the country, U.S. President Joe Biden recently hinted at what cyber-attacks could escalate into in the future: a full-blown war between two major nations.
In late 2019, a US-based IT Management Software company – SolarWinds got hacked. The hackers gained access to its network and meticulously took about six months to inject a malicious code into Orion (a software by SolarWinds for IT performance monitoring). Orion is used by thousands of businesses worldwide. What followed the code-injection is one of the largest cyber breach incidents of the 21st century.
Around March 2020 and onwards, these organizations received a routine update package from SolarWinds for Orion, which they unsuspiciously deployed (as they would normally, because they were unaware of the compromised code). About 18,000 SolarWinds customers were impacted by installing this updated package containing malicious code (also commonly known as a Trojan Horse).
Even more alarming is the fact that the first report surfaced only in December 2020 – and the breach went almost undetected for several months.
These hackers were able to access the systems, networks, and data of these organizations – all by hiding in plain sight for months.
The peculiarity of this attack is that hackers were able to affect an astronomical number of organizations by targeting just one vendor (SolarWinds). This type of attack is also referred to as a supply chain attack. In the following, you will find some more lethal attacks:
In May 2021, a ransomware attack forced one of the largest US-based refined oil pipelines, Colonial Pipeline, to shut down operations for five days. The company was coerced to halt operations for the first time in its 57-year history. Hackers gained access to the company’s network through a VPN, which apparently didn’t have a multifactor authentication (well, this made it even easier for the hackers).
According to The New York Times report, Colonial Pipeline did pay about $4.4 million in the form of bitcoins (after receiving a ransom note) to recover the stolen data. Although BBC reported a month later that almost $2.3 million was recovered by tracing the accounts, the damage was already done.
Within a month of the Colonial Pipeline breach, another ransomware attack struck a meat-processing giant in Brazil – JBS – in June 2021. The attack crippled JBS’s operations severely. The company supplies more than 20% of the USA’s beef requirements.
As the JBS network was hacked, the company was cowed into paying $11 million in ransom as the operations in the US, Australia, and Canada were shut temporarily. JBS was only able to restore its supply chain to normalcy after paying off the demanded ransom in bitcoins.
In August 2021, a crypto platform – Poly Network, was hacked and a gigantic amount of $610 million was stolen (as reported by CNBC). What came as a surprise is that the hacker claimed to have hacked the platform for “fun”. To add to the twist, the hacker returned almost all the heist money.
Although about half of the money is still locked in the account (the key to which is apparently held by the hacker and the Poly Network), the remainder of the sum has been received by Poly Network.
SolarWinds spent a whopping $18-19 million in the first quarter of 2021 just to understand the breadth of the attack, and to control the damage after the breach. A report by CRN claimed that this event could have cost cyber insurance firms about $90 million.
That’s the direct cost impact valuation, but there are other alarming aspects to look at. Some of the larger companies like Microsoft, Cisco were caught completely off-guard by this breach. So, it doesn’t come as a surprise that US government institutions like the State Department, Homeland Security, Treasury, and even National Security Agency (NSA) missed it. According to a Verge report, about 250 government agencies were impacted.
The exact details of what hackers were able to lay their hands on are still unknown and being investigated. Some agencies claimed that the hackers broke into email accounts and networks, and were only able to access “unclassified” information.
This news caught the world’s attention but was still sidetracked because of the presidential transition occurring during that time (Dec 2020 – Jan 2021). The Colonial Pipeline attack was different, just a few months after Joe Biden took office.
This attack too left an impact on not just private companies, but also public ones. More than 10 states were impacted – other consequences that followed the Colonial Pipeline attack were: a gas shortage in the market, panic buying, change in flight routes, and a sudden surge in gasoline prices.
As momentous as the attack was Joe Biden’s announcement that extreme measures could be underway if these attacks were to continue. As government systems are increasingly left vulnerable, security measures are being beefed up in the USA. The process has already been kicked off with the country introducing the “Cyber Incident Notification Act” that obliges companies to inform the government in an event of a cyber-attack.
The recent events have proved that public institutions and government agencies are equally susceptible to cyber-attacks. Such attacks aren’t just restricted to the USA, but have become global phenomena.
One of the many examples is the recent distributed denial of service (DDoS) attack on more than 200 organizations in Belgium (government, universities, parliament, and more). No data theft was reported apparently, but such attacks do expose vulnerabilities.
It is evident that the attitude of public players is changing as IT security continues to become a focus area. For example, Saarland is the first German state to introduce a BSI-compliant encryption solution for the exchange of classified information across its entire territory. This solution features site-to-site encryption that enables documents and e-mails to be exchanged within the state’s data network without being intercepted by unauthorized persons, while retaining full performance and speed.
In cooperation with T-Systems and the security company Rohde & Schwarz Cybersecurity GmbH, Saarland was the first German state to implement modern, flexible, and comprehensive encryption for the state authorities in accordance with the BSI’s high classified information requirements.
With its cybersecurity mindset, Saarland has created a blueprint for other public institutions to follow. As Ammar Alkassar, CIO of Saarland, explained, “With this solution, Saarland is not only consistently implementing its “’Cybersecurity First” digitalization strategy. It also provides a template for Germany and shows how comprehensive encryption can be implemented across all authorities in the state.”
“Nevertheless, there is still a lot to do: cybersecurity is more than just encryption and the challenges for public IT will continue to increase,” said the state CIO.
You can find out more about the solution here.
To that end, advanced security solutions are helping organizations to march ahead in their digitalization journey without having to be on the edge 24x7. As the awareness levels are rising, cybersecurity is being strengthened and response mechanisms are formulated by organizations – which is a good sign.