Towards the end of 2020, SolarWinds, a major US information technology firm, was found to have been the subject of a cyberattack that had gone unnoticed since their platform was compromised in September 2019 – the very worst kind of cyber-attack when the victim is unaware.
The problem in this case is that the hackers were not looking to steal data directly from SolarWinds, but using them to get at their more than 30,000 clients by adding malicious code into their Orion software system, which is widely used by organisations to manage their IT resources.
Like most software providers, SolarWinds regularly sends out updates to their systems, to fix bugs, resolve vulnerabilities or add new and in March 2020 they sent out just such an update which unfortunately contained the code installed by the hackers.
This extremely well hidden code than infected many of the systems of the SolarWinds customers, possibly as many as 18,000, creating a backdoor through which the hackers could install even more sophisticated malware to spy on organisations and steal data, all without anyone knowing.
The infection went undetected for months and allowed criminals to spy on giant private companies, like Microsoft, Cisco and Intel, but also the highest reaches of the US Government suffered, including the Department of Homeland Security and the Treasury Department.
The hack was so stealthy and sophisticated it is believed only ‘state actors’ could be responsible, with many pointing to the Russians, who have strenuously denied involvement. State involvement is perhaps more worrying than hackers out to make money from stealing data or holding it to ransom.
Some victims may never know if they were hacked and it is proving extremely difficult to understand what was accessed by the hackers, whether it was crucial or not to commercial or government activities and what, if anything, was stolen or compromised.
The long term implications
The hack was limited to SolarWinds Orion software and did not infect its popular MSP software, used to help service providers discover and resolve errors, network interruptions, software deployments and security issues across their clients’ networks
We must consider the SolarWinds event to be one of the most sophisticated and audacious cyberattacks in recent years, with the criminals using a compromised supply chain to target a huge number of high profile targets.
But who really knows what the target was, with all the focus on the government agencies and tech companies, the real target may have been compromised without their knowledge and secrets may have been taken.
It is critical organisations share intelligence about threat activities, ensuring their security, both digital and physical is not only as good as it can be, but is regularly updated to help mitigate such attacks in the future.
Vigilance against the threats posed by third-party supply chain vendors is essential as is every organisation improving its cyber-security, potentially adopting a zero-trust model that requires those inside and outside a network needing verification before being allowed access.
The zero-trust approach also protects the organisation by allowing users only the level of access they need for their work, rather than having total freedom to access every corner of the network, as is traditionally the case.
Events like the SolarWinds hack will undoubtedly lift cyber-security back up the agenda for C-suites across the globe, with hackers expected to continue to exploit fears over COVID to target users in phishing scams and gain entry to secure networks. You have been warned.
If these events give you sleepless nights, helps is at hand and we’re here to put your mind at rest with a full and frank discussion about your current cyber-security hygiene, highlighting when improvements can be made. Call us today, while you have time.