The Washington Post, one of the largest and oldest newspapers in the United States, reported on December 13, 2020, that many government agencies, including the U.S. Department of the Treasury were compromised and a large number of confidential data stolen through SolarWinds Orion software. A few days ago, FireEye, one of the largest cyber security companies in the US, announced that it was hacked and its red team tools were stolen, possibly as a result of a “state-sponsored” operation.
It is really interesting that any USA technology companies not aware of the this attack for a long time. There is also an interesting story of how he was finally noticed. At the center of this story is the FireEye cyber security company. This California-based company is a cybersecurity company founded in 2004 with more than 3,400 employees and a market value of approximately $ 3.5 billion. FireEye, which has made a name for itself with the efforts to illuminate the cyber attacks against Sony and Equifax companies, which have gained wide media coverage in the past years, has many public and private sector customers worldwide. In the aftermath of the 2015 cyber attack on the US State Department, the company that American officials received support was FireEye. This attack is attributed to the Russian APT 29 group that Nakashima mentioned and claimed to be behind the SolarWinds attack. In the years that followed, FireEye; He alleged that different cyber attacks in the USA, Ukraine and Saudi Arabia were also carried out by Russian intelligence services.
FireEye itself has been the victim of a cyberattack recently. This is how the process of the SolarWinds emergence started. It is not possible to talk about 100% security in the field of cyber security. Those who claim to provide 100% security are either too ignorant to know that this cannot be done, or they are trying to deceive the other. In addition, cybersecurity companies are an attractive target for attackers. In this respect, it is no surprise that FireEye has been hacked. But what FireEye does after realizing this is very important. On December 8, FireEye General Manager Kevin Mandia admitted in a written statement that “An attack carried out by highly skilled and disciplined attackers, with great attention to operational security” and the Red Team cyber attack tools developed by FireEye and used in the evaluation of the cyber security of its customers, and this He said they were working with the FBI and Microsoft on the matter. According to the news of Business Insider, this announcement caused the company to lose 13% in value in the stock market.
The report in the New York Times on December 9 stated that Russia was behind the FireEye attack. In the view of James A. Lewis, a cybersecurity expert at the ‘Center for Strategic and International Studies’ in Washington, Russia wanted revenge on the FireEye. As Microsoft President Smith stated, attackers accessed FireEye’s systems using the vulnerability in SolarWinds. In fact, the issue was much bigger than just FireEye. Upon this realization, the issue took a different dimension and a few days later the US National Security Council meeting took place.
Thanks to this incident, we know that attackers have been able to access critical networks of the United States and other countries for nine months and how they did it. What we do not know for now are what purposes they use this access for and what they do. With regard to FireEye, we know that attackers can steal even the company’s most private software tools. FireEye is just one of around 18,000 customers that SolarWinds admits may be affected.
It is worth considering what kind of lessons we can draw from this incident for our country. We see that the attackers have roamed freely in the capillaries of the critical infrastructure of the USA, which they entered through SolarWinds, without being noticed for almost a year. No one knows what they were doing inside during this time. American officials are currently looking for the answer to this question day and night.
It is a supply chain attack on systems used in critical infrastructure that put America in this situation. SolarWinds, the owner of the attacked supply chain, is an American company. It is an American company at Microsoft, which develops the operating system it is working on and provides e-mail service to SolarWinds with Office 365. The computers that these software run on are also made in America. Network devices managed with SolarWinds Orion are also an American company. Although these are all U.S. companies, we observe that someone skillfully found the security vulnerabilities in them and used U.S. products as a weapon against America.
Let me briefly summarize the lessons to be learned from this incident;
- Although the entire supply chain is under the control of the United States, attackers who can penetrate a small part of this chain have been able to carry out such an effective attack. Nevertheless, if the devices used in a country’s critical infrastructure do not dominate the design and production processes and are externally dependent, it is clear that they may suffer much greater damage than in this case. For this reason, it is important for countries to reconsider the issue of how much damage they may suffer if they do not have national solutions that will constitute their critical infrastructure.
- In the event of cyber security risks, the situation of the attacked company should be reported to the competent authorities at the earliest opportunity. This is necessary to initiate an important, coordinated work for homeland security. For example, if FireEye chose to hide that it was attacked so that its reputation was not damaged, an event that poses such a serious risk to the security of the country (how it has not been noticed for months) could go unnoticed. Companies working in the field of cyber security should be able to choose national interests between their own reputation and national interests. Hiding cyber incidents, which are very common in the sector, prevents your loss of prestige and damages national interests with a greater impact. Unfortunately, we cannot see that the big technology companies in America have been attacked, but most companies that have been attacked have declared that they are affected in this regard.
- Your supply chain needs to be safe, resilient, and well managed. Its possible effects, such as the domino effect, can be devastating. In the coming days, companies will need to act more consciously about procurement cyber security.
- There is no such thing as 100% security. No matter how well a system is designed, there is always a risk. There is a need for cyber security companies that can realize that the security of a system is vulnerable, determine the reasons and develop solutions in the fastest way. After FireEye announced that it was attacked, the cause of this attack was quickly investigated, and SolarWinds noticed the incident, and solutions were developed in a few days.
- Qualified manpower that can keep up with the ever-changing threats and technology of the countries, thus design safe national products and then ensure the continuity of security in the systems where these products are used, is very important.
- Most of the conflicts between the dominant countries in the world are transferred to the internet and digital environment. We see that inter-country cyber attacks continue to gain speed, as in the example of Solarwinds. Countries need to increase their cybersecurity resilience and be prepared for similar attacks on a national scale.