One Year Later, Cybersecurity Lessons For Pros

The world of cybersecurity changed for good on Dec. 13, 2020.

On that day, incident response firm FireEye Mandiant released the first of several security research reports detailing how a nation-state threat group initially targeted IT software firm SolarWinds as part of a sophisticated supply chain attack. The goal, the analysis noted, was to compromise the company’s infrastructure and create a Trojanized software update for the company’s Orion network monitoring product. This malicious update contained a backdoor, dubbed Sunburst.

Initially, about 18,000 Orion customers downloaded the software update, which installed the Sunburst code within their networks. From there, the group behind the attack deployed other malware variants and eventually focused their main efforts on about 100 prominent private firms as well as nine U.S. government agencies, including the Departments of Homeland Security, State, Energy, Commerce and Justice. Investigators later suspected that the attack was likely a cyberespionage campaign designed to steal emails and other sensitive communication data.

The attack itself appears to have started sometime in early 2020 (although the planning and initial execution might have begun in 2019) and might have continued if FireEye hadn’t discovered it was also a victim and then alerted federal authorities before making the public announcement.

The incident rocketed cybersecurity up the list of priorities for the incoming Biden administration. Later in the year, the White House would publish an executive order outlining dozens of new measures that federal departments would need to adapt to improve their security posture, including how these agencies buy and evaluate third-party software.

The Biden administration also placed blame for the attack on the Russian government, specifically a threat group working within that country’s Foreign Intelligence Service, or SVR, and named by various security researchers as APT29, Cozy Bear and Nobelium. As part of the attribution, the U.S. Treasury Departmentannounced sanctions against several Russia-based individuals and organizations in April.

While some aspects of the SolarWinds…