“A ‘Worst Nightmare’ cyberattack” that we all... just take in stride? Either the consequences are themselves clandestine, or cyberattacks aren’t as meaningful as our headlines would indicate.
Clandestine I think. Immediate reaction steps to this from CISA were pretty unprecedented; a govt-wide unpluggening on a Sunday night of a specific vendor doesn’t happen a lot.
We can compare and contrast with the effects of NotPetya, which caused widespread obvious economic damage (e.g. Maersk shipping and Merck losses) - due to the number of affected companies, Solarwinds had the potential to be worse, but I'm not sure if you can be more destructive than that without it being obviously visible.
>I'm not sure if you can be more destructive than that without it being obviously visible.
I don't know if it the damage was greater than NotPetya but you definitely can have something more destructive without it being immediately apparent. If you lose credit card numbers and PII from your customers you HAVE to report it to the public but there are different rules for the loss of incredibly valuable intellectual property.
Perhaps the damage is just not visible yet. The sand has not been tossed in the gear box. The blue prints have not been built. Maybe it’s a precursor event to a longer decline.
The attacks have more similarities than differences.
First, to correct a common misconception, NotPetya definitely wasn't ransomware run amok - it was designed to look like the previously popular Petya ransomware, but the actual ransom and decryption key processing mechanism was removed as that wasn't its purpose. It was masquerading as ransomware, but it wasn't ransomware, it just destroys data by encrypting it with a non-recoverable key.
Just as Solarwinds, NotPetya also was a targeted supply chain attack - it was deployed through updates from a previously hacked accounting/tax software company "Intellect Service" to all their customers in Ukraine, which also included many multinational companies which had their finance depts file tax reports in Ukraine; and just as Solarwinds, NotPetya is attributed to Russian government.
The main difference is that, as you say, it seems that Solarwinds was (at least at the stage it was detected) used only for espionage, while NotPetya was designed for pure destruction.
Definitely correct in that NP originated a supply chain attack on that vendor in Kiev, I had forgotten and good catch.
NP, as Maersk and co experienced was definitely rware (a variant, sure) run amok however. It’s industry consensus that the attacker either a) didn’t think of the possible Global blast radius or b) thought of the blast radius but didn’t plan for how bad it would get.
In a sense, SW might reflect a more mature approach: consider the network spread, use a different exploit and intent - spyware for espionage vs rware variant for destruction.
That said, very different exploits and intents were used.
The Biden administration just announced sanctions against the Russian government for their (presumed) responsibility for the SolarWinds attack. They're not shrugging this one off.
(Which is itself a bit odd. The US has argued in other contexts for "cyber norms" which would allow pure espionage operations, but put more restrictions on attacks. And so far as anyone can tell so far, SolarWinds was a pure espionage operation -- using tools that could be repurposed to do something else, but you could say that about a lot of operations in this sphere, including US operations that our government wants everyone else to shrug off. Yet here are the sanctions. I expect the "norms" push, to the extent that the current administration still wants to pursue it, will take some kind of a hit...)
An attack directed at your own govt is potentially a nightmare for the average individual. If the wrong information is stolen it could be used much farther down the road. Your govt may find itself at a disadvantage at a critical moment.
I'm a sense it's only not a nightmare if you aren't paying attention.
A worst nightmare for normal people would be something like a foreign country hacking all the US nuclear missiles and launching them against themselves. You know, an actual war caused by it, not just some minor intelligence advantage with no particular direct effect on normal people.
