Quick Read

How ZKX could have prevented cyberattacks like SolarWinds and OPM 

In 2020 the world was rocked by multiple events that had never been seen before. One of these was the largest cyber security breach of the twenty-first century, SolarWinds. This breach created a snowball effect of supply chain problems that impacted thousands of organizations.  

What happened in SolarWinds? 

SolarWinds is a massive United States-based information technology firm that suffered a cyberattack that went on unnoticed for months, radiating all the way down to their clients. Malicious payloads were delivered via updates were sent out to clients leaving their networks vulnerable to bad actors. It is estimated roughly 18,000 of SolarWinds clients were victims of the attack, including Fortune 500 companies and several government organizations. Federal investigators and cybersecurity experts claim Russia’s Foreign Intelligence Service, known as the SVR, is the most likely originator of this attack, although Russia has denied any involvement. 

Office of Personnel Management (OPM) data breach 

In 2015, OPM announced two separate but related cybersecurity incidents that have impacted the data of Federal government employees, contractors, and others. In June 2015, OPM discovered that the background investigation records of current, former, and prospective Federal employees and contractors had been stolen. Personnel data of 4.2 million current and former Federal government such as full name, birth date, home address, and Social Security Numbers, were compromised, and authenticating information such as fingerprints, usernames, and passwords were stolen by the malicious actors. The attackers’ initial access to OPM servers was made possible due to credentials compromised from an earlier breach of federal government contractor KeyPoint Government Solutions. 

These cyber incidents are catastrophic. 

The biggest concern with attacks like SolarWinds and OPM is that the network is now vulnerable and bad actors are already in and went undetected for so long. These bad actors can destroy data, steal critical information, and even impersonate real people.  

In the current cybersecurity landscape, the perimeter is the main point of defense. Once someone breaches the network, there is nothing stopping them from accessing data. This old-school approach to cybersecurity is not working, which is why there has been a strong shift to a Zero Trust architecture.  

What is Zero Trust? 

The Zero Trust Architecture (ZTA) is not in itself a specific technology. Instead, it is a cutting-edge operational philosophy that security architects utilize to preserve the networks of today. Traditionally, the security of the network has been focused mainly on its perimeter. If access to the network is heavily guarded, less scrutiny is given to accessing the network’s resources. 

In light of attacks like SolarWinds, the Executive Office of the President: Office of Management and Budget released a memorandum for executive departments and agencies, National Security Memorandum (NSM) 8. This memo is aligned with the executive order detailing the U.S. government’s shift to a Zero Trust enterprise. 

In the current threat environment, agencies and the whole of the federal government can no longer depend on traditional perimeter-based defenses to protect critical systems and data. As President Biden stated in EO 14028, “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments to defend the vital institutions that underpin the American way of life.” 

The idea of ZKX came about as a direct result of attacks such as SolarWinds and OPM and our belief that future attacks like these will not be possible under the Zero Trust paradigm – as long as that paradigm is usable, readily accessible, and feasible for organizations of all sizes and budgets to accomplish. We started investigating how we can revolutionize the outdated authentication model. At ZKX, we believe Zero Trust begins with authentication of the user and their devices. ZKX Solutions has developed and demonstrated a successful Zero Trust MFA Engine at several high-profile theatres, including ARMY Futures Command’s Project Convergence 2022, verifying that ZKX is the foundation for the Federal Government’s shift to and adoption of the Zero Trust architecture.  

Why ZKX is the solution to mitigate these attacks 

ZKX protects the network from catastrophic damage from malicious actors while ensuring the security of end devices and, ultimately, users both within the larger enterprise and at the edge. The information used to verify a user’s identity claims are stored on the network via public key data, minimizing a database’s value as a target for an attacker. The ZKX MFA engine integrates seamlessly with key architectural components of the recipient’s choosing, enabling any computing platform to participate in the ZKX paradigm and effectively bridging the enterprise and the edges with Zero Trust MFA.  

Had an authentication solution like the ZKX MFA Engine been implemented in either of the OPM or SolarWinds networks, these now infamous cyberattacks would have been stopped before they could really start. Because ZKX MFA is continuous, an adversary would have to successfully cheat a series of authentication challenges with every lateral step they attempt to make on the network. Similarly, because ZKX MFA concerns itself with both the user and the device being used, the attackers would not have been able to leverage compromised credentials to initially gain a foothold into the target networks. Because of the ZKX Engine’s novel employment of zero-knowledge proofs to drive MFA transactions, a single compromised credential is not enough information for an adversary to compromise any single part of any single ZKX authentication transaction. Lastly, because ZKX authentication does not rely on the storage of secret authenticating information anywhere in the network, sensitive authentication information like fingerprints, MFA credentials, usernames, or passwords are never stored and therefore are not available for threat actors to leak or subsequently abuse.