Cyberattack 'Leaves U.K. Infrastructure Exposed for Month'

A cyberattack on a U.S. technology company that has left U.K. infrastructure exposed, including the Home Office, National Health Service (NHS) and police forces, could take months to remove, it has been claimed.

U.S. officials confirmed that it had been hit by cyberattacks targeting SolarWinds corp. The attack inserted malware into software updates. The company supplies technology products to all five branches of the U.S. military as well as the NHS, European Parliament and NATO.

President and CEO of SolarWinds Kevin Thompson said in a statement: "We believe that this vulnerability is the result of a highly sophisticated, targeted and manual supply chain attack by a nation-state. We are acting in close coordinate with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters. As such, we are limited as to what we can share at this time."

A U.K. government spokesperson told Newsweek that the government was assessing the degree of infiltration in British networks but was unwilling to comment whether the APT29 group, a hacking group tied to the Russian government, was a potential suspect.

Professor Muttukrishnan Rajarajan, professor of security engineering & director of the Institute for Cyber Security at City University, said the aim of such a cyberattack was to bring down national infrastructure. He told Newsweek: "So it's going to be banking systems, the utility systems the government system."

Professor Rajarajan added that the U.K. widely uses SolarWinds technology and that the aim of hackers would have been to penetrate as many networks as possible and to cause maximum damage.

cyberattack
The cyberattack could take "months to recover from" according to Professor Rajarajan Getty

He said: "The U.K. is well prepared but so is the U.S. Many countries invest heavily in cybersecurity protecting critical national infrastructure but the main challenge is that these kinds of threats happen because people don't update their systems, people can reveal passwords and access controls.

"Somebody has injected malware into the system a long time ago, it didn't just happen last night, in most of these threats, the planned attack intends to penetrate sensitive systems, they tend to leave the software installed in different terminals and they trigger them at some point."

He added that it could take months to root out the malware especially given that the attack had taken place between the months of March to June, as stated by the president of SolarWinds. The company's Orion platform is also used by the Home Office and regional police forces.

Bill Conner, CEO and president at SonicWall, who in recent years has advised the U.K. and U.S. governments, as well as Government Communications Headquarters (GCHQ), on how best they can protect critical national assets from cybercrime said the hackers appeared to be motivated by geopolitical control.

He said: "The news of the attack on U.S. Treasury and Commerce Departments, and other government agencies, is especially troubling given major events that have captivated the attention of all Americans including the historic effort to administer a COVID-19 vaccine to the United States' most vulnerable citizens, the 2020 presidential election and the onboarding of new political players to the government's highest-ranking offices.

"The hackers, most likely Russian backed, appear motivated by geopolitical control as well as monetary gain. A player in possession of valuable information and intellectual property could potentially pose a series of threats to influence or control global healthcare, enterprise and government agencies."

The U.K. National Cyber Security Centre said it was still investigating.

A spokesperson said: "We are continuing to investigate this incident and have produced guidance for SolarWinds' Orion suite customers. While it is important to note this issue has only been reported for the Orion product suite and will therefore not impact all SolarWinds customers, we strongly urge those who are affected to follow our guidance."

NATO said it was assessing the scale of the attack. A spokesperson said: "SolarWinds software is used by a wide range of governments and organizations, including some entities in NATO. Our experts are currently assessing the situation, with a view to identifying and mitigating any potential risks to our networks."

The NHS has been contacted for comment.