What You Need To Know About SolarWinds Cyber Attack
SolarWinds Data Breach (March 2020)
Throughout large organizations there are thousands of connected devices making the networks complex and hard to manage. The larger the network and number of devices connected, the larger the attack surface becomes. Businesses hire 3rd party companies to help manage their networks. These companies specialize in sophisticated tools that allow enterprises to better thwart off cyberattacks. In today’s landscape, the threats are more severe, and the outcomes are significantly more impactful due to our increased reliability on information systems. Former FBI director, Robert Mueller, confidently stated, “There are only two types of companies: those that have been hacked, and those that will be.” The purpose of this report is to outline the actor, motive, means, weaknesses, unwanted outcome, company’s response, and other pertinent information relevant to the SolarWinds security incident.
SolarWinds provides software as a service (SaaS) and offers a variety of suites focused on security. They have a gross revenue of ~$938 million as of 2019 (Wikipedia) and more than 425 clients that are Fortune 500 and government agencies. (Brandom, Russell) The company offers a variety of services and products including network management, database management, and application management. One of SolarWinds’ provided services, the product suite Orion, was compromised as early as March 2019 and was detected till December of 2020. (Pam, Baker) SolarWinds was greatly affected by this supply chain security attack. The attack entered through an OIP (open innovation platform) eco-system that gave the attackers the ability to inject malicious code into the software of Orion. The updates were pushed out to customers, and those who installed the updates were compromised by malware code named Sunburst. The malware allowed access to the system through a remote-access-trojan (RAT). (Alderson) The attack was very sophisticated and was made possible through nation-state funded hacking groups.
The compromise was discovered by the security firm, FireEye on December 13, 2020, where they found a significant flaw in the Orion database management software. The attack is known to be “The most widespread digital espionage campaign ever carried out against the United States” (Axel). Based on expert’s findings, the groups responsible are both advanced persistent threat (APT) groups of China and Russia. The motive was to compromise the clients of SolarWinds and gain access to information from companies including Microsoft, VMware, FireEye, McAfee, Symantec, US Department of Homeland Security (DHS), and the Pentagon (HHS). The unwanted outcomes are that 18,000 companies received these updates and were highly probable to be compromised. The high-value targets such as Microsoft had their source codes exposed. Ultimately, we don’t fully know the overall impact it will have on clients both private and government included. The confidentiality and integrity of the software produced by SolarWinds was tarnished. The impact had a large ripple effect on the availability of products and services offered by SolarWinds. It greatly affected their clients as well including Microsoft’s Exchange Mail Server. This caused products to temporarily shut down while they were investigated. The troubling issue is that they don’t know the full extent of the damage, however SolarWinds did announce the cyber-attack to inform their clients and release patches to known vulnerabilities.
The SolarWinds supply-chain hack is extremely sophisticated and complex. The estimated recovery cost of the data breach is $100B. (Ratnam) In order to prevent this from occurring again, several steps need to be taken. The first is to implement “secure by design” in the software development process (Hardcastle), zero-trust architecture, multi-factor authentication, and effective government policies to ensure software is created more securely. (Vaughan) There isn’t an easy fix or change to prevent an attack like this from occurring again. Nation-states have large funding and sophisticated actors that permits them to cause great harm in cyberspace.
— — — — — — — — — — — — — Sources — — — — — — — — — — — — — —
Alderson, Bill. SolarWinds Data Breach. Publication. Security Institute, Dec. 2021. Web. 9 Sept. 2021.
Axel, Axel. “What Else We’ve Learned about the Solarwinds Data Breach.” AXEL.org — Bringing Awareness to Data Custody. 23 Apr. 2021. Web. 11 Sept. 2021.
Baker, Pam. “Breaking Stories & Updates.” CSO. IDG Communications, 4 June 2021. Web. 11 Sept. 2021.
Brandom, Russell. “SolarWinds Hides List of High-profile Customers after Devastating Hack.” The Verge. The Verge, 15 Dec. 2020. Web. 11 Sept. 2021.
Cybersecurity Program, HHS. “Beyond Orion: Other Vectors in the SolarWinds Hack.” Beyond Orion: Other Vectors in the SolarWinds Hack. 1 Jan. 2021. Web. 9 Sept. 2021.
Hardcastle, Jessica Lyons. “SolarWinds CEO: Here’s What We’re Doing to Prevent Another Attack.” SDX Central. SDX Central, 26 Mar. 2021. Web. 9 Sept. 2021.
Ratnam, Gopal. “SolarWinds Hack Recovery May Cost Upward of $100B.” GovTech. GovTech, 21 Apr. 2021. Web. 12 Sept. 2021.
Vaughan-Nichols, Steven J. “SolarWinds Defense: How to Stop Similar Attacks.” ZDNet. ZDNet, 14 Jan. 2021. Web. 11 Sept. 2021.
Wikipedia, Wikipedia. “SolarWinds.” Wikipedia. Wikimedia Foundation, 04 Sept. 2021. Web. 11 Sept. 2021.