Two recent cyber attacks have been in the news. Government agencies including the Treasury and Commerce departments were hacked by a "nation state" (Russia is suspected) targeting sensitive data. Cyber security firm FireEye was also attacked and government data targeted. Both attacks have been dubbed "Solorigate".
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive calling on all federal agencies to review their cyber networks for evidence of hacking. The hacks have targeted the SolorWinds systems which are used, in addition to government agencies, by most Fortune 500 companies and many other private companies.
The FireEye attack was also by a foreign government. The hackers stole "Red Team tools" that FireEye uses to test customers' defenses. The hackers were interested in government customers according to FireEye CEO Kevin Mandia. FireEye has been investigating state-backed hackers, and this attack may be payback.
What should we learn from these attacks?
First, realize we are at war. Cyber war is a fact, and though governments may target each others cyber networks civilians are caught in the "crossfire". Governments use civilian contractors, and those contractors use vendors, which connect with other users... When one system is breached, others will follow.
Second, if a sophisticated cyber security company like FireEye can be breached, it can - and probably will - happen to anyone. To its credit, FireEye reacted promptly in disclosing the attack, releasing means and methods to detect use of its stolen tools, and enlisting the FBI and Microsoft in its investigation. Since most firms don't have FireEye's capabilities they need expert partners who can detect or better yet prevent attacks on their systems.
Through security monitoring at all levels, zero trust and sharing threat information we can improve our ability to detect and combat cyber attacks.