It is bad enough when an account is breached, but what if that account controls network security for thousands of customers, and potentially thousands of their customers as well? Orion software, used by 33,000 organizations to manage their IT resources, was compromised by hackers, giving the criminals access to install more malware and compromise critical corporate and government systems. Organizations believed to be affected by the breach include Microsoft, Cisco and U.S. government agencies such as the State Department, the Treasury Department, the National Security Agency, the Department of Homeland Security and many others.
This was a supply-chain attack, where hackers gained access to targeted systems through a third-party that had access to those systems. Malicious code was inserted into software updates, giving the hackers backdoor access to the systems of SolarWinds customers’ networks. As reported by Slate, “The SolarWinds Orion products are specifically designed to monitor the networks of systems and report on any security problems, so they have to have access to everything, which is what made them such a perfect conduit for this compromise.”
This means that hackers could use their access to sniff passwords, find vulnerable machines and spread their attack throughout a network. According to SecurityBoulevard.com, “The chances are, if a hacker got on your network with control over this software, they would have a high probability of hacking other machines and achieving deeper persistence and control. And given the ubiquity of this software within large enterprises and government, much of our federal government may have been or still be hacked by a powerful nation-state actor, along with many other governments and large companies. The true impact of this event may take years to uncover and some hacks may never be discovered.”
A recent update by Axios on the latest developments in this story states, “The revelations suggest that the access gained into SolarWinds software was only one part in a broader Russian hacking campaign that hit other service providers as well. And the hackers’ initial point of entry or ultimate goal remains unknown.” And the more time that passes, the less likely it becomes that we will uncover the full story about how this breach originated.
For cybersecurity professionals, the focus now is how to prevent future attacks of this kind. Although it is impossible to anticipate and prevent all malicious attacks, there are some best practices (many not followed by SolarWinds) that can make systems a less attractive target to bad actors. Following those best practices for network security will provide a safer environment.