What We Know & Don’t Know About the Massive Cyber Breach of the US Government

In 2020 the United States suffered a cyber breach that resulted in a security failure of enormous proportions. Over the course of the year the level and scope of this breach has been a massive wake-up call for federal agencies and companies that were targeted. As an IT support, compliance, and security company, our focus in today’s blog is to examine exactly what the breach included, what federal departments and private companies were affected, who is responsible, and what we should do now that the attack has been identified. 

DC Capitol

What Was the Breach? 

Although the cyber breach on the United States government was identified last March, security specialists are still trying to figure out exactly the damage that was caused. This hack was a highly sophisticated global campaign where hackers (presumably from Russia) attacked the software supply chain by inserting a vulnerability into the software updates in widely used software from Austin, Texas-based SolarWinds Corp. By targeting the software updates of Solar Winds, hackers were able to gain access to a broad range of targets. Unfortunately, Solar Winds sells technology products to a “Who’s Who” list of sensitive targets including the FBI, State Department, the Centers for Disease Control and Prevention, Treasury and Commerce departments, the Department of Energy, Homeland Security, the Naval Information Warfare Systems Command, all five branches of the military, and hundreds of companies on the Fortune 500 list. One of the most frightening clients may be the department that oversees the United States nuclear arsenal. They also believe that more than 18,000 customers may have been exposed to the cyber-attack, in which hackers inserted a vulnerability within its Orion monitoring products.

Who Is Responsible For the Breach? 

Solar Winds is still investigating whether, and to what extent, a vulnerability in the Orion products was successfully exploited and more specifically, by whom.  According to the Guardian, Secretary of State Mike Pompeo became the first Trump Administration official to publicly confirm the attack was linked to Russia, telling a conservative radio host: “I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”  Andrei Soldatov, an expert on Russia’s spy agencies and the author of The Red Web, told the Guardian he believes the hack was more likely a joint effort of Russia’s SVR and FSB, the domestic spy agency Vladimir Putin once led.

cyber attack sign

What We Should Do Now? 

Homeland Security experts agree that due to the fact that the hackers harvested such a vast quantity of data in this cyber breach, it will not be easy to fix the networks that have been compromised. What is most important is to take a deep dive and find out exactly what information could potentially have been stolen.  What’s important to note is that if it happened to a major provider of cyber security, it could happen to you, your business or your family. At a personal and organizational level, you should know that most cyber attacks can typically be prevented or minimized using common sense security measures in your IT environment: backups, patches, updates on security, multi-factor authentication, strong credentials, endpoint defense, network segmentation, least privileged access, vulnerability and risk assessments to name a few.  For more information on how you can continue to protect your personal and business data, contact our team and have a risk assessment completed.