April 26, 2021
SolarWinds, the major US information technology firm, has only recently reported that it was the victim of a cyberattack. Whilst not that surprising initially, given the growing number of corporates being breached, this had gone unnoticed since their platform was compromised in September 2019.
For many, this is the most dangerous of all attacks, when hackers are not looking to steal data directly from SolarWinds, but using them to attack the more than 30,000 clients that use their Orion software system.
SolarWinds regularly sends out updates, to fix bugs, resolve vulnerabilities or add new features and in March 2020, the update they sent out, contained extremely well hidden malicious code installed by the hackers.
The attack is thought to have compromised the systems of as many as 18,000 customers of SolarWinds, with a backdoor allowing the hackers to install sophisticated malware to spy on organisations and steal data – without anyone aware of what was happening.
Victims included giant private corporations, including Microsoft, Cisco and Intel, with upper echelons of the US Government also suffering at the hands of the criminals, with the Department of Homeland Security and the Treasury Department reporting hacks.
The investigation into the origins of the attack is ongoing, but many believe only ‘state actors’ could be responsible, with the Russians firmly in the frame, although they have strenuously denied involvement – but they would, wouldn’t they.
It is proving difficult to determine what the hackers accessed and whether it was information critical to commercial or governmental activities. Of course, it is not just a matter of what was stolen, copied or compromised, but whether every victim will ever be identified.
The hack was limited to SolarWinds Orion software and did not infect its popular MSP software, which is used to discover and resolve errors, network interruptions, software deployments and security issues on networks.
The SolarWinds attack is considered one of the most sophisticated in recent years, using a compromised supply chain to target high profile targets – for what purpose, we may never know.
Organisations must share intelligence about threats, whilst ensuring their security is robust and regularly updated to help prevent similar attacks in the future. One answer is to adopt a zero-trust model, which requires everyone wanting access to a network, to verify their identity first.
This approach also improves protection by allowing users only the level of access they need for their work, rather than being able to access the entire network as they would currently.
The issues of security, back-up and disaster recovery will come into sharp focus once more as businesses return to more normal operations, especially as the hackers will undoubtedly continue to exploit fears over COVID to target users in phishing scams designed to access secure networks.
We are all about Cloud, but good cyber security is integral to everything we do, so if you have worries and would like security to be part of your Cloud conversation, please get in touch with me, Chris Baker, on 0333 800 8800 or email me at [email protected]