A cyber attack has been detected on an unprecedented scale by the US cybersecurity firm FireEye in December of 2020. This is quite astonishing because US has premium level security with its technology. But still how can it be penetrated? What will it take to recover? This hack is known to be a supply chain attack in which hackers penetrate their target's security using a trusted third party's software. Such attacks take large-scale resources and time to pull off, indicating this has been backed by a nation. U.S. has an ongoing contentious relationship with Russia in cyberspace, having access to each other's power grid. So, Russia is suspected behind this attack by the U.S. Most of the affected networks detected so far is traced to a Texas-based company, SolarWinds. Their flagship software, called Orion, is used by over 33,000 companies. So by installing malware into an update of Orion software, all the clients using this software will get affected. Solarwinds identified 18,000 networks installing the update. The breach was undetected for months, giving hackers enough time to delete their initial entry points, creating new ones and take full control of networks. Affected networks have still not been identified. Reading the malware affected systems is not as easy as deleting Orion. It would be incredibly tedious and costly to rebuild the entire networks. U.S. uses the multibillion-dollar detection system called Einstein that identifies malware and potential attacks. But it was not equipped effectively to identify new uses of already known code, thereby allowing new malicious code to penetrate in the system. So Einstein will have to be updated to patch blindspots the hackers exploited and supplemented by scouring the code to root out malware automated defenses miss. But it would be extremely time consuming, tedious and costly.
