Drawn-Out Process To Determine Extent Of Damage

Organizations To Determine If Back-Door Programs Have Planted In Their Systems Or If Any Data Has Been Stolen. On Initial Assessments

Drawn-Out Process To Determine Extent Of Damage
By Irene Tham

When hackers inserted a malicious program into Texas-based SolarWinds’ popular Orion IT management tool as early as 2019 as a bridgehead for later attacks, they set off a chain reaction. It is little wonder that the hack, suspected to be linked to Russia, is billed as the most menacing cyber attack in recent times.

Experts have warned that it could take the whole of this year or longer for organisations to determine if back-door programs have been planted in their systems or if any data has been stolen. Based on initial assessments, top government agencies in the United States and many Fortune 500 companies – a total of 18,000 organisations – have already been exposed to data theft as they had downloaded software updates from SolarWinds between March and June last year. As the SolarWinds tools are common components in many vendors’ products, the hack in turn subjected larger systems or networks to cyber risks.

For instance, the hundreds of thousands of customers of US tech giants including Microsoft, Cisco Systems and FireEye – all of which have some SolarWinds software embedded in their products – could have been exposed to cyber risks. In Singapore, FireEye works with telco Singtel to provide cyber-security monitoring services to customers. The Singapore Civil Defence Force also uses many modules of SolarWinds’ Orion suite, including its network configuration manager, which provides administrative access rights to all network equipment such as routers, switches, servers and computers connected to the network.

This news was originally published at Straits Time’s