Major Cybersecurity Hack of Government Agencies in 2020

Near the end of 2020, a cybersecurity company named FireEye revealed a major hack of government agencies. The attack exploited a vulnerability in the highly popular security software Solarwinds and is believed to have been instigated by Russian or Chinese hackers. The incident remains one of the most significant and sophisticated cyberattacks in recorded history, prompting testimonies from experts and raising questions about how government agencies could let this happen.¹

Read on to uncover the full story and see how governments and companies are working to address the issue—including their hunt for more cybersecurity specialists to join them.

A Perfect Storm for a Cyber Pandemic

By December 2020, the COVID-19 pandemic had spread to every country in the world, resulting in lockdowns that kept millions of people homebound. The resulting fear and uncertainty created the perfect breeding ground for hackers to take advantage of online targets. With more and more people spending extended periods working from unsecured home networks, hackers seized the opportunity to penetrate key targets.

When summer arrived, cyberattacks were reported to be up by 400%, with some security experts recording 4,000 unique attacks per day since the pandemic began.^2,3 The combined threats have led some experts to dub the situation as a "cyber pandemic", prompting major news outlets like Forbes and CNBC to popularize the term.⁴

FireEye’s Role & Its Cybersecurity Tools

FireEye, a leading cybersecurity firm headquartered in Silicon Valley, California, was the first to uncover and report the major hack. But things took a turn when, on December 8, 2020, the company discovered that its own systems had been breached and one of its key cybersecurity tools was stolen. Although it is a private company, multiple government agencies use FireEye to track and monitor hacking activities around the world.

It's likely that FireEye's extensive knowledge of global hacking activities made the firm a prime target, despite it having some of the best security in the country. FireEye described the perpetrators of its attack as "a nation with top-tier offensive capabilities", meaning it was likely conducted by a rival government-funded agency rather than a common hacking group or individual.⁵

Subsequent Hacks

Despite FireEye’s best attempts at recovery on the same day the theft was discovered, their stolen tools were subsequently used in several high-profile hacks. The most notable of these was an attack on the supply chain of popular IT software provider SolarWinds, used by several government agencies including five branches of the U.S. military, the State Department and the National Security Agency (NSA).⁶

FireEye alerted the NSA of the breach within a week, but by that time, the hacking tools had already been used in over 19 countries worldwide.⁷ Some reports suggest the hackers had access to SolarWinds systems for up to eight months before being discovered, allowing them to snoop on government communications and steal sensitive information.⁸

Since the initial discovery, new information has come to light regarding email hacks at the Department of Homeland Security (DHS), phishing emails to the U.S. Agency for International Development (USAID), and links to a Russian-affiliated cybercriminal organization.^9,10 Fortunately, the use of strong encryption methods meant most top-secret information was probably inaccessible, though we may never know the full extent of the hack.

The Ripple Effect

As a result of these major attacks, some of the world's most powerful backward-compatible hacking applications were leaked and likely made available on the dark web to the highest bidder. This compromises the network security of hundreds of organizations in the U.S. and leaves thousands of companies open to hacks, thefts and ransomware attacks.

While cybersecurity companies acted quickly to release software patches and upgrades, there is no telling how many systems remain infected with hidden bots or backdoor vulnerabilities.¹¹ In January 2021, a joint statement by the FBI and NSA, among other agencies, noted "an advanced persistent threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises".¹²

In the statement, the U.S. Cybersecurity & Infrastructure Agency (CISA) announced the formation of a joint task force, the Cyber Unified Coordination Group (UCG), to tackle the issue. The group has provided a suspicious activity detection tool, along with guidance and measures that groups and individuals can take to protect themselves from the ongoing threat.¹³

Join the Cybersecurity Fight

Cybersecurity is an industry that will only continue to grow as hackers become more and more sophisticated and ruthless. Government agencies around the world are aggressively expanding their cybersecurity defenses, but there remains a significant shortage of highly trained professionals.

If you think you have what it takes to battle the ongoing threat of cybercrime, a Master of Science (MS) in Cybersecurity could be the perfect degree for you. The Katz School of Science and Health at Yeshiva University offers an online MS in Cybersecurity, providing the ideal environment to complete a master's from home.

Our cybersecurity master’s program focuses not only on the technical aspects of cybersecurity, but also its role in a business environment, preparing you to take on advanced leadership positions. With our renowned faculty, including some of the most experienced cybersecurity professionals working today, you'll receive the training needed to tackle industry-standard certification exams.