Why Russia's massive cyberattack is especially insidious
President Donald Trump on Saturday downplayed the importance of a massive Russian cyberattack that continues to spread, affecting everything from Cox Communications to a county in Arizona to the U.S. agency overseeing the country's nuclear arsenal.
“The cyber hack is far greater in the fake news media than it is in reality. I was fully informed and everything is well under control, "tweeted Trump.
However, experts say more victims are likely to emerge. Perhaps the most amazing part of the attack is that it was carried out with the very services that are primarily intended to keep computer networks secure: system updates. The hackers did this by secretly implanting malicious code in software updates and then activating the code to launch the attacks weeks later and further cover their tracks.
"To be clear, based on all of the initial data and speaking to our Beltway contacts, we believe that given the targeted and cyber-espionage nature of this attack, this cyber attack is likely to be one of the worst in the last decade," Wedbush Securities’s Dan Ives wrote in a recent note.
A brilliant, dangerous attack
Secretary of State Mike Pompeo told a conservative radio station on Friday night that behind the hack we "can pretty clearly say it was the Russians," despite Trump denying that point. Initial investigation into the attack suggests that a company called Solarwinds (SWI) is the first to offer network monitoring and management software that is used by more than 300,000 companies and government agencies worldwide.
According to Solarwinds, attackers injected malicious code, now called Sunburst, into software updates for the company's Orion platform. When customers downloaded the updates, they unknowingly put the sunburst code on their own servers. From there, the hackers targeted dozen of Solwarwinds customers.
Solarwinds estimates that 18,000 customers worldwide have downloaded the update with Sunburst. Microsoft (MSFT), which is helping respond to the attack, says the hackers then targeted around 40 organizations from those customers.
Hackers got into computers at the US Treasury Department and possibly other federal agencies and sparked a government response that included the National Security Council. (AP Photo / Patrick Semansky, File)
According to Justin Cappos, a professor at NYU Tandon School of Engineering, this type of attack is particularly insidious as it takes advantage of something you should be doing to prevent hacks: updating your software.
“When nation states want to attack, they usually attack via software updates, as the advantage is that you can apply a software update, for example. If you don't apply software updates you are absolutely, definitely, vulnerable. Because old software is vulnerable software, ”Cappos, a cybersecurity expert, told Yahoo Finance.
That is the genius of this attack. Using old, outdated software is dangerous because the longer a software is available, the greater the chance that someone has found a way to hack it, which can lead to any number of unforeseen attacks.
One of the best ways businesses, governments, and consumers can protect themselves from these types of attacks is to keep their software up to date. However, this attack came after the updates that Solarwinds customers downloaded to protect them in the first place.
The software was on a victim's systems for weeks before activating and starting to read, steal, or interfere with available data.
It should be noted that companies do not always trust the software updates installed on their systems and do some update checks to avoid such situations.
From solar winds to finance and beyond
The Solarwinds attack first emerged when cybersecurity firm FireEye (FEYE) announced that it had been hacked into a nation-state, likely Russia, on December 8th. It was news that a large cybersecurity company like FireEye was attacked. Following that announcement, an avalanche of government agencies and private companies revealed that the same attack had hit them.
The Treasury and Commerce Departments were the next victims, followed by the Ministry of Homeland Security and Foreign Affairs, and the National Nuclear Safety Agency. Microsoft announced that the hack was also affected, but the attackers were unable to access customer data.
Cybersecurity FireEye was one of the first to report a victim of the cyber attack. (Image: Reuters / Beck Diefenbach)
And on Friday, Reuters reported that Cox Communications was affected by the hack, as was the government of Pima County, Arizona.
What can such hacks mean?
The Solarwinds attack is likely just one of several attacks we haven't heard of, according to Jonathan Katz, a professor of computer science at the University of Maryland.
"I think countries are constantly trying to examine other countries' defenses and sometimes they are successful and sometimes we hear about them and sometimes when they are successful we don't hear about them," he told Yahoo Finance. "And often they are unsuccessful and of course we never hear about them."
But what kind of damage could hacks cause in large government agencies? Using a fictional attack on the Social Security Agency as an example, Katz said hackers could disrupt payments to Americans or wipe the database of information about who is receiving payments, creating havoc for the millions of citizens who depend on their social security benefits.
In a more dangerous scenario, hackers could attack the Department of Defense's systems and potentially disrupt communications between the troops on the ground.
While the ultimate targets of the solar wind attacks are still unknown, this is far from the last we will learn about them.
Editor's Note: This story was originally published December 18 and updated on December 19 with comments from Secretary of State Mike Pompeo and President Donald Trump.
Sign up for the Yahoo Finance Tech newsletter
Yahoo Finance Tech
Do you have a tip? Email Daniel Howley at firstname.lastname@example.org via encrypted email to email@example.com and follow him on Twitter at @DanielHowley.
More from Dan:
Google struck with a third antitrust case - this time from 38 attorneys general
Apple and Facebook are in an "epic" battle for privacy
Google has been sued by Texas and 9 other states on charges of “antitrust evils”.
Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, SmartNews, LinkedIn, YouTube and reddit.
In this article
Mention your own website in this post for Advertisement
Klopp rips Leeds, Neville's Super League reactions
Prince Harry prepares to return to LA after funeral
AnnaLynne McCord Reveals Her Dissociative Identity Disorder Diagnosis: I'm 'Uninterested in Shame'
Sen. Schumer to introduce COVID-19 Hate Crimes Act
Amy Klobuchar and Lindsey Graham call on Biden to resettle Yazidi women enslaved by ISIS
Los Angeles Has 5 Current Covid-19 Outbreaks Involving Schools — All Associated With Youth Sports