Major cyberattacks since 2019 jolted the U.S. government and software industry into action. The succeeding years have seen executive orders, new funding, two summits and a newfound resolve. Because of those attacks, the federal government aims to fix the open-source software security threat altogether. But what has really come of these efforts in the last few years?
The Wake-Up Call
President Joe Biden issued two executive orders last year on cybersecurity, one called Improving the Nation’s Cybersecurity and the other about supply chain security.
In the six months leading up to the executive order, the SolarWinds attack, a Microsoft Exchange Server attack and the Colonial Pipeline ransomware attack were all uncovered.
In December 2020, cybersecurity company FireEye (now Mandiant) revealed a massive and extremely sophisticated supply chain cyber attack launched by a nation-state via the SolarWinds Orion network management system (NMS). SolarWinds was the leading NMS in both business and government. FireEye’s disclosure was unique. They had not discovered the breach through detached research, but by being victimized by it. The subsequent list of victims was enormous.
Russian-government-backed APT 29 attackers (also known as Cozy Bear, UNC2452 and Nobelium) injected the SolarWinds’ software build environment with malware. This enabled attackers to gain access to the networks, systems and data of thousands of SolarWinds customers. Since then, it’s been described as the biggest attack in history. Tends of thousands of organizations use the software. To oversimplify how the attack worked, attackers breached SolarWinds’ networks in September of 2019. The nex ..
Support the originator by clicking the read the rest link below.
