Network infrastructure has long been the backbone of communications and IT activities for both Governments and Private organisations alike. At the same time, it has always been known that the network itself is at risk from cyberattacks.
Knowing that, it is still the case that, particularly governments, are not fully equipped to be able to undertake the huge task of creating and developing their own secure and complex networks in-house. For this reason, the organisations have become almost fully reliant on a supply chain of third-party companies to deliver their hardware and software requirements.
It’s this factor that has led to hackers targeting these third-party organisations as a way to breach the security of the bodies that have purchased and use their products and services.
Major US Cyberattack
The vulnerability of network infrastructures has been brought into sharp focus recently when it became known that many US Government agencies’ networks were breached, by what is thought to have been a state sponsored attack, code named “Sunburst”.
Computer systems of both businesses and government agencies, estimated to be in the region of 18,000 organisations across America, Europe and Asia, were able to have been accessed for what is believed to have been months, with emails and other sensitive files being targeted.
It is suspected that the main target was US government agencies.
With the initial attack taking place at SolarWinds, the hackers were able to build a “back door” in their software, which was then subsequently sold on to SolarWind’s customers, which included the many state departments of the US.
The small piece of code that had been inserted in to the software is alleged to have lay dormant for a few months, but then activated, which then allowed the hackers to access the great number of systems.
At this stage, the level and amount of damage that will have been caused by this hack is unknown. Some believe the full extent will never actually be known.
To highlight the seriousness of this attack, the agencies and organisations that have could have been affected by the hack include:
- Fortune 500 organisations
- US Telecomms companies (top 10)
- All 5 branches of the US military
- The National Security Agency (NSA)
- The State Department
- The Office of President of The United States
- UK NHS
- EU Parliament
- NATO’s Support Agency
Further evidence that points to how serious many believe this attack to be, the following quotes leave little to the imagination:
Sen. Mitt Romney, R-Utah, told SiriusXM chief Washington correspondent Olivier Knox: “What I find most astonishing is that a cyberhack of this nature is really the modern equivalent of almost Russian bombers reportedly flying undetected over the entire country. So our national security is extraordinarily vulnerable. And in this setting, not to have the White House aggressively speaking out and protesting and taking punitive action is really, really quite extraordinary.”
Sen. Chris Coons, D-Del., told MSNBC: “It’s pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war. ... (T)his is as destructive and broad scale an engagement with our military systems, our intelligence systems as has happened in my lifetime.”
While all the cyber experts across the world try to understand the depth and breadth of this attack, all have stated their commitment to fortifying their network infrastructure in an attempt to thwart future attacks.
Whilst we appreciate this has been major attack predominantly of static hardware, we think it is worth noting at this point that, as the Blackphone PRIVY does not store any files on third party servers, but retains them on the handset itself, this type of hack would not have provided access to any email or files used from the smartphone. It would have remained completely secure and private.
This incredible hack helps to highlight the importance of ensuring your network infrastructure’s security and integrity is monitored and maintained.
If you would like to discuss how the deployment of the Blackphone PRIVY across your organisation can help form a part of your cybersecurity strategy, then please call one of our team and we can discuss your specific requirements.