SolarWinds: An Unprecedented Cyber Attack

SolarWinds has been in the headlines recently, thanks to a sophisticated attack that leveraged third-party software to get into U.S. government agencies, Fortune 500 tech companies, and more.

Let’s take a look at what happened, why it matters, and what you can do to protect your data from a similar attack.

 

 

What exactly is SolarWinds?

 

SolarWinds is a Texas-based company that sells software designed to manage an organization’s IT network. Their products allow sysadmins and other IT personnel to track devices, analyze network performance, configure servers, and more.

Several recent versions of their Orion® Platform software (dating back to March 2020) contained a vulnerability known as SUNBURST which would, if installed, allow hackers access to the server where the software resides. This is known as a “supply-chain attack.”

Network Computer Blog Header 03 South Florida Managed IT Support What is a supply-chain attack?

Rather than attack your systems directly, hackers exploit weak security at a partner or service provider to get access to your data. In other words, it’s the weakest link principle: your company’s data security is only as good as your service providers’ security.

Network Computer Blog Header 03 South Florida Managed IT Support Who was affected by the SolarWinds attack?

When filing SEC documents related to the breach, SolarWinds estimated that “fewer than 18,000” of their 300,000 clients installed the affected updates.

However, multiple departments within the federal government—including State, Treasury, Commerce, Energy, and Homeland Security—had installed the affected update. The New York Times reported that hackers were able to access email within both the Treasury and Commerce Departments.

And the scope of the attack doesn’t end with the public sector. Among the private-sector clients affected were Intel, Nvidia, and Cisco.

Network Computer Blog Header 03 South Florida Managed IT Support Who’s responsible for the attack?

The U.S. Cybersecurity and Infrastructure Security Agency has stated that the hackers were acting on behalf of a foreign government. The country responsible is widely believed to be Russia, following a National Security Agency warning earlier in December that Russian state-sponsored actors were also using security flaws in VMware® to access U.S. government resources.

Network Computer Blog Header 03 South Florida Managed IT Support How could this have been prevented?

A former security adviser at SolarWinds has spoken up about how he told upper management in 2017 that the company needed to address security vulnerabilities, but the recommendations he made were not implemented.

When interviewed by Bloomberg, he said that “there was a lack of security at the technical product level, and there was minimal security leadership at the top.”

In the same article, another employee says that “SolarWinds appeared to prioritize the development of new software products over internal cybersecurity defenses.” Among the issues he mentioned were out-of-date browsers and operating systems.

Twitter users also reported that SolarWinds had recommended that purchasers disable antivirus software for products on the Orion platform in order for them to run correctly.

Network Computer Blog Header 03 South Florida Managed IT Support What do I need to know to secure my data?

If there’s anything that we can learn from the SolarWinds attack, it’s that an impressive client list doesn’t mean that a company is following cybersecurity best practices.

Companies need to ensure that their entire supply chain—in other words, any partners or providers with access to their secure data—adheres to strict security practices. This could include service providers such as your law firm, your accountant, or your billing software provider.

When issuing a call for proposals or soliciting bids, ask detailed questions about information security. Depending on the vendors you’re working with and the data you handle, you may ask to perform a cybersecurity audit, require an agreement, or even perform penetration testing.

If you have questions about how to ensure that your partners are following best practices to avoid an incident like this, reach out to us to set up a call, and we can talk you through the risks—and the next steps to take.

For details about the specific versions and products affected, how to mitigate the problem, and additional information, visit the SolarWinds website.

Protect from cyber attacks

You might also like

Proactive Monitoring and Maintenance

Keep your business running & protected from external threats

Backup and Disaster Recovery

Recover & protect critical data from unexpected tragedies

Remote Employee Configuration and Monitoring

Secure your remote employee’s network access

Managed Antivirus and Malware Protection

Protect your business from sophisticated cyber attacks

Security Assessment and Training

Analyze your security posture & train employees to defend against the latest threats

Help Desk Access

Solve all your technical issues with a friendly & reliable helpdesk

Remote setup and monitoring

Protect remote workers with proper employee configuration

Network Management

Boost your productivity with efficient network management

Proactive Monitoring and Maintenance

Avoid downtime and fix issues as they arise

Backup and Disaster Recovery

Keep your business up & running throughout unforeseen events

Architecture Firms

Construction & Engineering

Non-Profit

Legal

Accounting Firms

Dental Offices

Hospitality

Small Businesses

Manufacture and Wholesalers