What The Supply Chain Hack of the U.S. Treasury Dept Means To You

On December 13, 2020, Reuters and other news organizations reported that the U.S. Treasury Department had been hacked. Related news reports revealed that as many as 18,000 other government organizations and large private companies such as Microsoft, Cisco, Intel and FireEye were similarly breached. According to some reports, the hacks began as early as December of 2019 and originated from a sophisticated "Supply Chain Hack."

On the surface, Small and Medium Sized businesses like yours might not see the relevance of this story -- where huge corporate or government institutions were hacked -- to your companies, but you would be mistaken. The breach of these organizations was through legitimate software designed to monitor and protect companies like yours, regardless of size.

What Is A Supply Chain Hack?

The Treasury Department and these large companies did not all suffer a hack from some aggressive intruder at the same time. In fact, they intentionally installed the malicious software without knowing it as a result of a "Supply Chain Hack." So what is a Supply Chain Hack?

A Supply Chain Hack is when malicious software is installed through the installation of third party software that was previously hacked. In other words…

1. You use and rely on Software Publisher X to help run your business.
2. A cybercriminal hacks into Software Publisher X and installs malware into the new version of their software that is soon to be released.
3. Software Publisher X then releases the software and encourages its users to install the software.
4. You install the software, unknowingly installing the hack.

Other Supply Chain Hacks are accomplished when small software publishers or individual pieces of software are purchased from a legitimate software publisher by cyber criminals. They then update the software with their hack and publish the update.

You can see how damaging a Supply Chain Hack can be to all of the users of the hacked software.

Why Supply Chain Hacks Matter To You

Think for a moment about how much software you rely on in your organization. You have software written by other companies to do just about everything: Accounting, Human Resources, Databases, Document Processing, Manufacturing, Process Control, Email, Messaging, Video Production, Photo Editing...you can complete the list for your own organization.

Any one of those software publishers could be hacked and distribute that hack to thousands, if not millions of computers in a matter of days. In fact, we wrote about a Supply Chain Hack that affected ASUS Computers. Hackers installed malware into their system software, so when ASUS computers downloaded updates, they were infected. Potentially millions of computers were hacked.

If malware were installed in software that you used every day, how would you remove the hack?

More importantly, would you even know that you had been hacked?

The Solar Winds Supply Chain Hack

The Treasury Department, as well as 18,000 other organizations, had been on the receiving end of a supply chain hack from an unlikely source: Solarwinds produces IT Management software called Orion that is designed to help large organizations manage their networks and equipment. It was this software that was hacked in the manner described above.

The initial attack of Solarwinds is still under investigation, but the hack spread quickly and undetected because it was installed by a trusted software publisher. According to an article published by CNET, “In a joint statement, US national security agencies have called the breach "significant and ongoing." It's still unclear how many agencies are affected or what information hackers might have stolen so far. But by all accounts, the malware is extremely powerful. According to an analysis by Microsoft and security firm FireEye, both of which were infected, the malware gives hackers broad reach into impacted systems."

How To Help Prevent Hacks and Breaches

You can get some good advice about how to prevent hacks and breaches in your own company by looking at what Solarwinds is doing to make sure that their systems remain safe and secure going forward. In a blog post by incoming CEO Sudhakar Ramakrishna, he says that Solarwinds will be taking numerous steps, which we will paraphrase here (with additional information from us in italics):

• Further securing their internal environment -- to prevent unauthorized physical access to their network and software.
• Deploying additional, robust threat protection and threat hunting software on all their network endpoints -- so they can be proactive about finding and removing hacks and vulnerabilities.
• Resetting credentials for all users in the corporate and product development domains, including resetting the credentials for all privileged accounts -- in case any employee passwords had leaked, and in case former employees or vendors have credentials that pose a security risk to their network.
• Consolidating remote and cloud access avenues for accessing their network and applications by enforcing multi-factor authentication (MFA) -- The chance of brute force attacks is reduced to near zero when MFA is properly configured and used.
• Leveraging third-party tools to expand the security analysis of their software and network -- No single security technology can prevent all attacks: the best security solutions are when a variety of technologies are used.
• Performing extensive penetration testing of their platform -- which means using automated testing tools to try to penetrate the network and its end points
• Engaging with and funding ethical hacking from white hat communities to quickly identify, report, and remediate security issues -- Humans have a creativity that automated software can’t match...especially when hacking live systems

These are “big business” approaches to security that are out of reach for most Small and Medium-sized businesses (SMBs).

Digital Uppercut’s Business Protection Toolkit

We asked the question earlier: Would you even know that you had been hacked?

The answer is that you probably wouldn’t. And that’s why we developed the Digital Uppercut Business Protection Toolkit. This kind of security is out of reach for most companies, even though it is essential for companies of all sizes. And we’ve added security measures that Solarwinds didn’t even mention (but that they probably have).

These two tools in particular can detect malicious activity even when it’s caused by trusted software you have installed on your networks.

Security Information and Event Management System

Most computer systems generate logs of their activities. However, to manually examine and correlate those logs in order to create a picture of what is really happening on your network is impossible, which is a flaw because hacks affect more than just one system at a time. Our Security Information and Event Management system (SIEM) which is a part of the Business Protection Toolkit, looks at your business as a whole, not a collection of individual machines. It automatically collects logs from all your computers, routers, firewalls, and other systems to give you (and us) realtime information about what’s going on with your network. This allows us to detect an attempted attack almost immediately after it begins.

Security Operations Center

Automated systems are critical and no security strategy can be complete without them. But live humans can do things that computers cannot. Our Security Operations Center (SOC) team of security experts monitors the results of all our tools and reacts to escalate a detected threat. We will filter false positives and analyze viruses and other threats that the system detects.

The Business Protection Toolkit contains a dozen other tools as well, but these two tools help to protect your business in a way that’s impossible without them.

Don’t Be The Next Link In A Supply Chain Hack

Every day, your business and your network are at risk of cyber criminals gaining entry and then destroying your business. Whether it’s through a Supply Chain Hack, Ransomware, Data Exfiltration, or some other technique, your business could be gone in 30 days under certain circumstances. We’ve never had a claim made against our Million Dollar Ransomware Guarantee, but we maintain it to show you how confident we are in the work we do. If you’re not quite that confident, let’s talk. Contact us online or call us at 818-913-1335.