In December 2020, news broke of a massive cyberattack that compromised multiple US federal agencies, including the Department of Homeland Security, the Department of State, and the Treasury Department. The attack was later linked to the SolarWinds Orion software, which had been compromised by state-sponsored hackers. As investigations into the attack continue, it has become clear that the attackers were highly skilled and sophisticated, and had been working on the breach for many months.
One of the key players in the investigation has been Secureworks, a cybersecurity company that has been working closely with US government agencies and other organizations to identify the extent of the breach and to help secure affected systems. In this article, we will explore the role that Secureworks has played in the SolarWinds breach, as well as the broader implications of the attack for cybersecurity.
Secureworks’ Role in the SolarWinds Breach
Secureworks has been one of the key players in the investigation of the SolarWinds breach, working closely with US government agencies and other organizations to identify the extent of the attack and to help secure affected systems. In particular, the company has been closely monitoring the activities of the state-sponsored hackers behind the attack, who are believed to be based in Russia.
One of the key insights that Secureworks has provided into the SolarWinds breach is the role of a second malware strain, known as “Sunburst”. While the SolarWinds Orion software was the initial point of entry for the attackers, it was the Sunburst malware that allowed them to move laterally through compromised networks and to steal sensitive data. According to Secureworks, the Sunburst malware was specifically designed to avoid detection, using a variety of techniques to hide its presence on compromised systems.
In addition to tracking the activities of the state-sponsored hackers behind the SolarWinds breach, Secureworks has also been working closely with organizations affected by the attack to help them identify and secure compromised systems. The company has provided a range of services to help organizations respond to the breach, including incident response, threat hunting, and vulnerability assessments.
Implications for Cybersecurity
The SolarWinds breach has significant implications for cybersecurity, both in terms of the specific vulnerabilities that were exploited and the broader geopolitical context of the attack. One of the key lessons from the breach is the importance of supply chain security, which refers to the security of the software and hardware components that make up complex technology systems. In the SolarWinds case, the attackers were able to compromise the Orion software by infiltrating the company’s software supply chain, highlighting the need for greater vigilance in this area.
Another important lesson from the SolarWinds breach is the need for greater collaboration between private companies, government agencies, and cybersecurity experts. The attack was only uncovered because of the efforts of a range of different organizations, including Secureworks, and highlights the importance of sharing threat intelligence and working together to address cybersecurity threats.
Finally, the SolarWinds breach underscores the growing importance of cybersecurity in global geopolitics. The attack has been widely attributed to state-sponsored hackers based in Russia, and has been seen as part of a broader campaign of cyberattacks by the Russian government. This highlights the need for greater international cooperation on cybersecurity issues, as well as the need for clear norms and rules around state behavior in cyberspace.
Conclusion
The SolarWinds breach has been one of the most significant cyberattacks in recent years, with far-reaching implications for cybersecurity and international relations. Secureworks has played a key role in the investigation of the breach, providing insights into the activities of the state-sponsored hackers behind the attack and helping affected organizations respond to the breach. Looking ahead, it is clear that the SolarWinds breach will have a lasting impact on cybersecurity, highlighting the need for greater supply chain security, collaboration between different organizations, and international cooperation on