Security software vendor Check Point has labelled last month’s SolarWinds hacking incident that targeted government and organization across the globe as one of the most “sophisticated and severe attacks” ever seen.

“This is reflected in the attack’s technical complexity, the patience of the threat actors behind crafting this attack end-to-end, their high operational security awareness, and its broad and precise set of victims,” it said in a recent advisory.

“This high-profile attack represents additional evidence of the emergence of Generation V of sophisticated cyber-attacks. Researchers, who have named the hack Sunburst, say it could take years to fully comprehend the severity of this large-scale attack.

On Dec. 13, it added, the U.S. government offices disclosed it was targeted by a series of mega cyber attacks, allegedly related to state-sponsored threat organizations.

“This series of attacks was made possible when hackers were able to embed a backdoor into SolarWinds software updates. Over 18,000 companies and government offices downloaded what seemed to be a regular software update on their computers, but was actually a Trojan horse.

“By leveraging a common IT practice of software updates, the attackers utilized the backdoor to compromise the organization’s assets, both cloud and on premises, enabling them to spy on the organization and access its data.

Check Point Research, the company’s intelligence and research division indicated that SolarWinds was exploited to craft a sophisticated supply chain attack.

“Our researchers are constantly monitoring the situation and have already issued the following advice for organizations to protect themselves:

  • Back to basics – In these sorts of circumstances, the core security practices of least privilege and segmentation make it harder for adversaries to access critical assets
  • Defense-in-depth – Ensure that multiple protections operate in parallel to identify and prevent different attack vectors in real-time, such as blocking command and control traffic as well as exploits of vulnerable elements
  • Make sure your security solutions are up to date, in order to benefit from the ongoing investigation
  • Set your security solutions to Prevent – as the attackers remove their traces, by the time you detect and analyze their actions, it would be too late
  • The attack shows specific attention to cloud assets – make sure to look into those for suspicious, abnormal, activity.

“We believe this is one of the most sophisticated and severe attacks seen in the wild,” Check Point said. “This is reflected in the attack’s technical complexity, the patience of the threat actors behind crafting this attack end-to-end, their high operational security awareness, and its broad and precise set of victims.”

Paul Barker
Share: