SolarWinds Sunburst: UK data watchdog issues hack alert

Published
Image source, EPA

The UK's data privacy regulator has told organisations under its watch they should "immediately check" if they have been affected by the SolarWinds hack.

The Texas-based company - which provides computer network management tools to a wide variety of clients - recently disclosed one of its leading products had been compromised.

The watchdog reminded those holding data on UK citizens they had 72 hours to report a breach once discovered.

Officials continue to study the impact.

Last week, a security source told the BBC that the investigators believed only a small number of British organisations had been affected and none were in the public sector.

However, since then it has been reported that the accountants Deloitte, chip-makers Intel and Nvidia, and cloud-computing software maker VMWare are all among those who have used the Orion network monitoring tool that was altered to provide the hackers a backdoor.

There are also indications that the US Treasury and departments of homeland security, state, defence and commerce were also targeted via the breach, which has been dubbed "Sunburst".

US Secretary of State Mike Pompeo and Attorney General Bill Barr have both accused Russia of being responsible, as have several cyber-security experts.

However, President Donald Trump has muddied the waters by suggesting China could be behind the attack.

Both the Kremlin and the Chinese government have denied involvement.

SolarWinds published its own guidance to its clients on its website last week, however the whole site now appears to be offline.

Holding to account

SolarWinds has said that it believes "fewer than 18,000" of its customers had installed the compromised Orion updates.

Bruce Schneier, a leading cyber-security researcher, has written in the Guardian that "it's hard to overstate how bad this is".

It will take years to learn which networks the SVR [Russian espionage agency] has penetrated, and where it still has access."

But he noted that the US National Security Agency (NSA) was probably running similar offensive operations of its own on the same scale.

Even so, President-elect Joe Biden has promised the US will respond in turn, and mentioned suspicions that Russia was to blame.

Image source, Reuters
Image caption,
President-elect Joe Biden has said the US will respond to the SolarWinds attack

"We can't let this go unanswered. That means making clear and publicly who is responsible for the attack and taking meaningful steps to hold them in account," he said in a speech on Tuesday.

Mr Biden also noted that the Department of Defense had refused to brief him on "many things" including the attack.

Second backdoor

The UK's National Cyber Security Centre has also urged organisations to take steps to protect their networks.

"This is a complex, global cyber-incident," said its director of operations, Paul Chichester.

"But simply having SolarWinds does not automatically make an organisation vulnerable to real-world impact."

To further complicate matters, Microsoft has said its own inquiry into the breach has uncovered a further problem.

"In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor," it said in a blog published on Friday.

It added that that the malicious code provided the perpetrator the means to install and run their own software on a target's machines.

Microsoft did not speculate as to whom this second attacker might be or how they might have exploited the hack.