UPDATED 15:33 EST / JUNE 04 2021

SECURITY

Supply chain software hack, ransomware attacks underscore need for extra vigilance in IT

When terms like supply chain, nation-state actors and ransomware become mainstream topics of national conversation, it’s probably a good time to take cybersecurity even more seriously.

Over the past six months, a compromise of third-party software used to protect sensitive networks in the U.S. government and four-fifths of the Fortune 500 companies continues to play out in terms of damage. Initially discovered in December, what has become known as the SolarWinds breach impacted multiple organizations, and the full extent of the damage may not be known for a long while. U.S. authorities have attributed the attack to a government-sponsored group of hackers working within Russia’s cyberespionage nation-state operation.

That was followed by a major ransomware attack in May when a successful intrusion, led by a group of Russian cybercriminals, knocked out one of the nation’s largest refined gasoline pipelines. The system operator — Colonial Pipeline – had to close operations while it sought to restore its IT network, which disrupted 45% of the East Coast’s fuel supply and led to long lines of angry motorists and truckers.

“Defense in depth is something that has really been the mantra,” said Manoj Nair (pictured, right), general manager of Metallic, a Commvault venture. “You have to really think through the different threats, identify your weak link, your vulnerability. That vulnerability is now your software supply chain. Criminals may not care about your data, but they know you care about your data.”

Nair spoke with Dave Vellante, host of theCUBE, SiliconANGLE Media’s livestreaming studio. He was joined by Tim Carben (pictured, left), principal information systems engineer at Mitchell International Inc., and they discussed the use of tools to prevent major vulnerabilities, smart IT practices to guard against network attacks, and the need for a public/private partnership to protect critical infrastructure.

Focus on tools and practices

Cybersecurity Ventures has recently estimated that global cybercrime costs will reach $10.5 trillion by 2025. To put that into perspective, if cybercrime were a country, it would represent the world’s third largest economy behind the U.S. and China.

Numbers such as these are forcing cybersecurity teams in many companies to closely examine the steps taken to protect enterprise systems and the tools that can help them accomplish that.

“You make sure you keep track of these small things and at the same time you leverage utilities that make it easier for you to do your job,” Carben said. “The Commvault iDA has a feature that keeps track of changes or modifications on a server. If I have a server that’s actually getting hit with ransomware, Commvault sends me an alert and tells me how many files have been modified within a time period and that I should look at it right now. It’s not a replacement for our virus protection, but it does help us.”

Another tool that continues to attract interest is the air gap. The idea is to diminish the danger of lateral moving ransomware threats inside of a network. Metallic Cloud Storage Service eliminates the possibility of direct access to cloud storage because there are no exposed credentials. Credential access to cloud proved to be a significant problem in the SolarWinds breach.

“We’ve started creating an air gap service in the cloud so the customer doesn’t have to worry about managing credentials, because even those were getting compromised,” Nair said. “People were stealing the credentials to go delete the backup.”

Marshalling forces

For a systems engineer such as Carben, protecting his company’s network involves keeping critical infrastructure continually patched and making sure that employees are properly trained in cybersecurity hygiene.

“The most important part is patching, with everything up to date,” Carben said. “Most of the time, when someone is getting in or one of these viruses is replicating between the different systems, it’s due to unpatched environments. Training is important because if your resources don’t know not to click on something or hover over something to look at it, you are going to be exposing your environment over and over and over again.”

It is unknown at this point whether the U.S. government has taken any specific cyber-related action against Russia for the SolarWinds exploit. The White House announced sanctions against the Russian government in mid-April.

The FBI has identified Russian cybercriminals DarkSide as the group behind the gas pipeline attack. Earlier in May, DarkSide reported that it has lost access to much of its compute infrastructure, although a number of security experts believe the group is simply going underground for a while. There is just too much money to be made right now in the ransomware space.

“Unless there’s a bigger penalty in terms of the response to these kinds of attacks, as long as they keep getting paid, they’re going to keep doing this thing,” Nair said. “Let’s take that rich ecosystem that’s funding them and replace it with a tight partnership between companies, customers, partners and governments.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations.

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU