SolarWinds Cyber Attack: 2021 Implications For Your Business
The SolarWinds Orion Cyber Attack in December successfully infiltrated more than 250 networks including private companies and government agencies with a trojanized Orion update. The attack was discovered by FireEye, a cyber security company, as it was honing its own security systems.
What Exactly Is Orion?
SolarWinds Orion is a platform building product that is used for centralized monitoring and management. It’s usually employed in large networks to keep track of all IT resources, such as servers, workstations, mobile devices and other IT devices.
The attack truly shook the IT community. One ZDnet.com reporter, called it the “Pearl Harbor of American IT.”
Seemingly impenetrable giants were hit: Microsoft, the U.S. Treasury Department, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA), the Department of Health’s National Institutes of Health (NIH), the Cybersecurity and Infrastructure Agency (CISA), the Department of Homeland Security (DHS) and the U.S. Department of State.
Who Did It and What Companies Suffered?
Linked to Russia, the trojan compromised Microsoft SolarWinds’ Orion monitoring and management software, allowing them to “impersonate any of the organization’s existing users and accounts, including highly privileged accounts.”
The last count of compromised networks was 250 (18,000+ companies) and growing every day. And though discovered in December 2020, it was launched much earlier in the year but went undetected for months.
Unlike ransomware, worms and other threats, it is not clear what this one is supposed to accomplish. While the National Security Agency has safeguards in place to protect the U.S. from cyber attacks by foreign governments, this one did not look like a foreign attack because it was launched from the United States. Congress has not given the agency or Homeland Security any authority to enter or defend private sector networks. It was on these networks that the Soviet Foreign Intelligence Service (S.V.R.) got in the back door of SolarWinds. They left clues which FireEye was ultimately able to find.
The New York Times said that early warning sensors that Cyber Command and the NSA placed inside foreign networks to detect potential attacks failed in this instance. The Times surmised that their attention was perhaps centered on protecting the November elections from foreign hackers, taking their focus away from the software supply chain.
The bottom line is the attackers got in. The Department of Justice consistently affirms that no classified files or materials were compromised. Microsoft has taken a number of steps implementing even more stringent cyber security protections than it had before the breach.
Conducting the attack from within the U.S. apparently allowed the hackers to evade detection by the Department of Homeland Security. SolarWinds is based in Texas which apparently did not have the best security measures in place.
On Jan. 6, 2021, the U.S. Department of Justice said that the hackers escalated the hack to a second phase and moved to access internal email inboxes of its employees. The entrance point of that hack has now been blocked.
The CyberSecurity and Infrastructure Agency has issued an alert detailing the specific Orion platforms affected and giving clear lines of action to employ.
Implications for Your Business
So what does that mean to the average business like yours which either uses an MSP or tries to do their own IT?
Don’t do it yourself. Contract with an MSP like SWAT to ensure you have the best protection possible.
No matter what the intent was for this attack on SolarWinds Orion, it wasn’t anything good. It was seeking information for some devious purpose which no doubt will become apparent in the future. In the meantime, protect your data, protect your company, protect yourself.
You May Get Hacked
Know What to Do with our Checklist
Whether you've been hit by ransomware or are just worried about a ransomware attack, this checklist can help. This one page checklist has simple instructions to help your team act fast and feel confident in how to respond. Print, post and prepare your team wo know what to do in a ransomware attack.