Whilst government departments from the Treasury to the Department of Defense have undoubtedly suffered as a result of the SolarWinds breach allegedly perpetrated by Russian hackers, private organisations are scrambling to determine if they’ve been hit and to what extent.
Networking giant Cisco joined Microsoft in confirming a breach, though like its Redmond counterpart it believes the impact is limited, though investigations continue.
Showing the breadth of verticals likely hit in the widespread attacks, which are believed to have started with tampered downloads of SolarWinds Orion software, credit score company Equifax and energy giant General Electric (GE) have both been going through their logs looking for signs of compromise.
“Following the announcement of the SolarWinds Orion Platform software attack, the Cisco Security team immediately began our established incident response processes to address the issue quickly and thoroughly, a Cisco spokesperson said. “While Cisco does not use SolarWinds for its enterprise network management or monitoring, we have identified and mitigated affected software in a small number of lab environments and a limited number of employee endpoints. At this time, there is no known impact to Cisco offers or products. We continue to investigate all aspects of this evolving situation with the highest priority.”
Equifax is continuing to investigate but it hasn’t seen any unauthorized behaviour on its networks, according to a source familiar with the probe. They added that the company was very confident that, though the malware was on its servers, no data was stolen.
A GE spokesperson said the company was aware of a security incident experienced by SolarWinds and was engaging with the supplier to understand the scope of the issue. It’s also conducting its own review.
Signs of vulnerability
The attacks show that the hackers were able to find a glaring loophole affecting both private and public sectors, and they had access to potentially exploit a huge number of companies and government departments. But they also indicate that, whoever the attackers were, they only chose to steal data from a selection of thousands of victims, even where they had the chance to steal data from some of the world’s biggest businesses.
SolarWinds said the number of customers who might be affected by the attacks could be as high as 18,000. Reuters reported on Friday that Cox Communications had been hit by the malicious version of the SolarWinds tool, but had not seen any major impact.
The government bodies that were hit include the departments of Defense, Energy, Treasury and Commerce. As Forbes previously reported, the DOJ is also a user of SolarWinds Orion, but it has declined to comment on whether or not it was a victim.
Microsoft said on Thursday that it has been in touch with 40 customers who were breached and their data potentially exposed. Most were based in the U.S. but others were based across the world, from Mexico to the U.K.
Russia has denied involvement in the attacks, even as Mike Pompeo and other sources have blamed the Putin regime.
National security threat
Whilst there’s plenty of anxiety around the sensitivity of the data already stolen from victims’ networks, there’s extra concern about any compromise of the critical infrastructure industry, of which GE is one of the biggest companies in world.
“In the world of industrial infrastructure our most sensitive networks… are often connected to many integrators, vendors and others for maintenance and support. Some of those vendors were using SolarWinds with or without the industrial company’s knowledge. There are numerous customers we have that claimed to not have SolarWinds to find out over the next few days that they did, and the compromised version was present in their environment,” said Rob Lee, founder of Dragos Security, which helps protect industrial control and critical infrastructure networks.
“The risk of course is that the adversary gained access and, without monitoring, those companies won’t have any knowledge of if the adversary was or is still present. That’s a scary prospect for national security.”