TECHNOLOGY Tom Meehan, CFI
Explode / Shutterstock.com
Meehan is retail technology editor for LPM as well as chief strategy officer and chief information security officer for CONTROLTEK. Previously, Meehan was director of technology and investigations with Bloomingdale’s, where he was responsible for physical security, internal investigations, and systems and data analytics. He currently serves as the chair of the Loss Prevention Research Council’s (LPRC) innovations working group. Meehan recently published his first book titled Evolution of Retail Asset Protection: Protecting Your Profit in a Digital Age. He can be reached at TomM@LPportal.com.
What You Need to Know about the Cyber-Espionage Attack Linked to Russia A
Because of how stealthy the breach was, the attackers were able to spy on government agencies and other companies for at least nine months
massive cyber‑espionage effort, believed to be led by the Russian government, has targeted both private companies and federal agencies, including the Treasury, the Department of Commerce, the Department of Homeland Security, the State Department, and the National Institutes of Health (NIH). Although Russia has denied any involvement, cyber‑security experts believe that the Russian foreign intelligence service, the SVR, is behind the attack.
How Did the Attack Happen? A joint statement released by a group of federal agencies, including the FBI and the National Security Agency, confirmed that the
attack was connected to APT29 or Cozy Bear, a group of state‑sponsored hackers working with the SVR. The hackers infiltrated systems in the private and public sectors by adding malware to a legitimate software update from SolarWinds. By piggybacking onto a software patch, the hackers created a back door into the software. That way, they could enter other organizations’ systems whenever they wanted, essentially able to pick and choose their targets. Many government agencies and thousands of companies around the world use SolarWinds’s Orion software to monitor their networks. In December 2020, SolarWinds reported that approximately
Many government agencies and thousands of companies around the world use SolarWinds’s Orion software to monitor their networks. In December 2020, SolarWinds reported that approximately 18,000 clients were affected by the breach. They also said that the breach was due to a “highly-sophisticated, targeted … attack by a nation state.” March–April 2021
| 48 |
LossPreventionMedia.com
18,000 clients were affected by the breach. They also said that the breach was due to a “highly‑sophisticated, targeted … attack by a nation state.” They also said that the breach was due to a “highly‑sophisticated, targeted … attack by a nation state.” The company was able to trace the attack to updates to Orion between March and June of the same year. This announcement came within a day of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issuing an emergency directive ordering all federal agencies to immediately disconnect affected Orion products from their networks.
Why Is This Breach a Big Deal? Because of how stealthy the breach was, the attackers were able to spy on government agencies and other companies for at least nine months. The hackers took advantage of the widespread trust associated with SolarWinds and their
