Trending:Amazon sends letter to President Biden, says it is ‘ready to assist’ with U.S. vaccination efforts
(BigStock Photo)

“Microsoft, FireEye, and the U.S. Treasury department have been hacked in the SolarWinds attacks.”

This statement is true but doesn’t tell the whole story accurately.

It’s true because by most people’s understanding, these organizations have been hacked. But it doesn’t tell the whole story accurately because each of these organizations has had different impacts with different levels of severity from “the hack.”

A good example of why this matters is how we talk about cancer. Years ago “having cancer” was a binary thing, too. Either you “had cancer” and were going to die or you didn’t. And cancer was often talked about in hushed tones with euphemistic terms — “the C word.”

由于医学进展,这不再是这种情况:人们可以并确实生存癌症。所以现在我们更公开地谈论癌症,狗万平台以一种反映在癌症和阶段的类型的现实。这有助于我们了解它是否是一种可能是一种可治疗和可生存的癌症,或者是无法治愈的和终端的癌症。

The same is true now about being hacked. Some hacking is catastrophic, but some is survivable. We see this reality in the different reports coming out about “SolarWinds hacks.” Some organizations are severely affected while others less so. But these crucial nuances are lost when we say they’ve all been “hacked.”

There is no “hacked scale” that is used by professionals, let alone that can be used by laypeople. This is one reason why we continue to just hear about “hacked.”

If we’re going to understand the nuances in the SolarWinds cases better, we need to define a规模. Since the most important thing in hacks is the spread and severity, thecancer staging system给出一个良好的模型,因为它追踪五个阶段的癌症的传播和严重程度。我们可以用黑客做同样的事情。

  • Stage 0: The attackers have found or made an entry point to systems or the network but haven’t used it or took no action.
  • Stage I: Attackers have control of a system but haven’t moved beyond the system to the broader network.
  • Stage II: Attackers have moved to the broader network and are in “read-only” mode meaning they can read and steal data but not alter it.
  • Stage III: Attackers have moved to the broader network and have “write” access to the network meaning they can alter data as well as read and steal it.
  • Stage IV: Attackers have administrative control of the broader network meaning they can create accounts and new means of entry to the network as well as alter, read and steal data.

The key factors in these levels are the attacker’s access and control: less of each is better, more is worse.

例如,Solarwinds有说过that 18,000 customers were impacted. But this doesn’t mean that 18,000 customers’ networks experienced Stage IV and are fully and totally controlled by the attackers.

The information SolarWinds provides only tells us that those customers experienced Stage 0: the attackers may have had a way to get further into the network. To know if attackers did go further and customers were more severely affected requires more investigation.

12月17日,微软说过“可以确认我们发现发作icious Solar Winds binaries in our environment, which we isolated and removed … we have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.” Taking the information at face value, that would seem to indicate that Microsoft experienced Stage 0 or Stage I.

Fireeeye制作了一个disclosure12月8日的其自身妥协将成为Solarwinds攻击的一部分。似乎表明攻击者能够窃取信息,但没有迹象表明攻击者能够改变网络的数据或获得网络的行政控制,可能会使公司经历的阶段II。

Details of the U.S. Treasury’s attack aren’t as clear in part because we only have the information second and third-hand. The information in theNew York Timesreport clearly indicates that the attackers at least had “read” access on the network, which is consistent with Stage II. However, some of the details that have emerged abouthow the attackers may have gained access to cloud propertiesimply the possibility that the attackers had achieved Stage IV on the network.

任何规模的目标是使事情简单但不简单。但没有规模是完美的;总是有尺度可以模糊批评细节的方法。具有这样的尺度的重要事项是使我们能够轻松而简洁地了解情况的相对比较严重程度。我们所知道的表明,国库局势比微软或FireeEye情况更糟糕 - 在这方面,这种规模是准确和有用的。

The key point for everyone now is to understand that “hacked” isn’t a simple binary state: there are different degrees of it. By understanding this we can better assess how serious a situation is and what we need to do in response.

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline

Job Listings on GeekWork

Find more jobs onGeekwork.. Employers,post a job here.