The SolarWinds hack was sophisticated, almost artistic and probably a harbinger of things to come. It signalled the end of ‘smash and grab’ tactics so beloved of hackers for many years. The days of credit cards having real value are over, and credit card details and Facebook logins are available very cheap on the dark web.
In fact, if you want to do anything nasty on the internet, it is easy enough to arrange.
The shocking thing about the SolarWinds hack was the level at which it was aimed and the ease with which allegedly Russian hackers eased their way into a system guarded by Microsoft and from there into systems used by many US Government departments as well as some of the largest companies in the country.
The question quickly becomes: who will guard the guards when the guards ignore vulnerabilities that were flagged up in 2017. The technique to hijack authentication tools was widely known and yet was used in the SolarWinds hack.
The problem, as with all these things, was resources. Although deemed high risk, the technique was thought to be so unlikely to be used that no resources were thrown at the problem.
The SolarWinds hack also highlights that if a leading-edge technology company is not on the ball with security issues, what hope does the normal run of the mill company have when faced with an ever-increasing level of sophisticated hack.
The SolarWinds hack was epic and shows the patience that is now a hallmark of large scale hacks. Break into the vault and wait. If no-one notices, wait some more.
Then, either sell the secret entrance to others or quietly use it yourself to siphon who knows what out of the systems you now have access to.
The SolarWinds hack, if nothing else, should make technology companies around the world look at their own systems to throw resources at the problem and never let this happen again.
That said, the level of sophistication is becoming extraordinary. According to MIT, the ultra-secure walled garden approach adopted by Apple and Google for their stores is actually working against them. Once hackers have breached the wall, the walled garden’s security stops vulnerabilities being discovered and allows the hackers to do their worst on the inside.
There is, however, help at hand. Apart from the many and specialist security companies, Google has a team whose sole job is to look for zero-day attacks and work with any company that looks vulnerable. In fact, Apple is one such company, and it redesigned iOS as a result.
Our digital world is under attack like never before and at a level and sophistication that is truly worrying. Let us hope that the SolarWinds hack and the emerging ironies of walled gardens focuses the tech industry and its budgets on the problem, so that we, at least, keep up.