SolarWinds Hack: Retrospective 2

Part 2: What caused the breach and what does the malware do?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

🔒 Related Stories: SolarWinds Breach | Data Breaches.

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

What caused the breach?

Attackers inserted malicious software into a SolarWinds software update.

What is SolarWinds?

SolarWinds is a system used by large corporations to monitor any application and any server, anywhere.

If SolarWinds monitors anything, anywhere, why didn’t it spot the malware?

Once the malware embedded itself in the system, I’m guessing it excluded logs related to its own activities from the monitoring system itself. Given the sophisticated nature of this attack, it seems like the obvious thing to do. Once it obtained access to other resources on the network it may have also deleted or altered other system logs.