Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again

Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again

Column One of the great threats to our civilization is space weather. Specifically, the Sun's proven ability to target the planet with a tremendous cosmic belch of radiation, knocking out satellites, power grids, and networks worldwide.


In that context, SolarWinds' choice of company name seems gruesomely apt. We still don't know the full harm done by Sunburst, the splendidly evil hack of its Orion network monitoring platform, but it was global in scope, deep in reach, and hit only the highest-value assets. For months, the internal networks of government, military, and agency were compromised.


From the quality of the threat design, the range of techniques used, and the nature of its victims, this was a nation state at work and in MO and capabilities most likely Russia. It revealed a very good knowledge of not only the fabric of modern IT infrastructure, but the psychology of those who develop for and maintain it. Beautifully obfuscated, delicate in its use of steganography and layers of diversion. Sunburst will trigger another round in the arms race between hackers and opsec researchers.


Perhaps the most chilling aspect of the attack was how it propagated itself by installing itself as part of SolarWinds' standard distribution and update system. This is a very old trick – anecdotally, mainframes in the 1960s were compromised by carefully faked system patch tapes sent to companies by mail – but of course rendered much more powerful by the automation and patch-quickly culture of today's IT.


At the time of writing, it's not clear whether the compromised .dll at the heart of the hack was built on SolarWinds' own servers using the company's own source, or whether a trojanised version was ..