Exploring the SolarWinds Hack and the Related Fallout
As common as cyber attacks are, it’s not every day that we see supply chain attacks. And if we were to make a list of the most damaging supply chain attacks of the last several years, the recent SolarWinds attack would certainly rank at the top.
What is the SolarWinds Hack?
On December 13, 2020, it was announced that the U.S. Treasury Department had been compromised in a sophisticated attack by a cyber adversary. At first it was unclear who the attacker was, but it quickly became evident that the perpetrator was the same group that targeted FireEye: APT29 (Cozy Bear/Russian SVR). The attack was focused on the SolarWinds supply chain.
“In a joint statement, US national security agencies have called the breach ‘significant and ongoing.’ It’s still unclear how many agencies are affected or what information hackers might have stolen so far,” reports Laura Hautala of Cnet. “But by all accounts, the malware is extremely powerful. According to an analysis by Microsoft and security firm FireEye, both of which were infected, the malware gives hackers broad reach into impacted systems.”
According to early reports, Microsoft identified more than 40 different customers targeted in the attack, but the number is likely even larger.
The hack, which was conducted by hackers accessing a system SolarWinds uses to push out updates on its Orion product, infected otherwise legitimate software with infectious code. This attack was made even more dangerous by the fact that it’s a supply-chain attack. There was no phishing required. Companies simply had to download the apparently-legitimate Orion update and they became affected.
SolarWinds Hack FAQs
Because of this attack’s extent and severity, we know that many businesses are left asking questions. Let’s address a few of the most common ones:
Is My Organization at Risk?
The good news is that not all customers of SolarWinds are vulnerable. Only those who use Orion software and who installed the March update are at risk. The total number of users who did this is around 18,000. But, the good news is that, even if you are among this group, there are no guarantees that you were hacked. A logical assessment says the hackers focused on high-value targets and large organizations first.
What, if anything, should I do?
If your company meets the criteria to be at risk, then you should hire a threat hunting company, or other professional, to take a deeper dive into your system to see if there are signs of an attack.
How can I protect my organization moving forward? The scary thing about this attack is that there was little a SolarWinds Orion user could do to prevent it. However, the takeaway is to remain vigilant of which companies you partner with, the software you use, and where your data is being shared.
Get In Touch With Us!
To keep your organization safe, secure, and efficient, consider working with a managed IT support partner like Warren Research Inc. Contact us today to learn more about our services and how we can support your company’s vision for growth!