The deeply embedded nature of SolarWinds Orion, which often receives VIP network access to avoid conflicts with other malware detection solutions, simply adds to the gravity of the attack. With the infected code onboard the SolarWinds Orion update, many users then executed this update on their devices giving hackers backdoor access to troves of data. First, hackers were able to weave malicious code into a SolarWinds Orion update in early 2020 (Paul, 2020). While the responsible actors are still unknown, details on how the attack occurred have emerged. Ironically, the recent SolarWinds Orion breach may help shed light on this exact shift in the Software Supply Chain paradigm. Despite the opposing views in this debate, one fact remains: 96% of applications use Open Source Code, and 80% of the code in the Software Supply Chain is from Open Source. For most in software development, this is nothing new however, there are many companies who are still staunchly anti-Open Source - believing that Proprietary Code is more secure. By contrast, many would argue that Open Source Code is more secure due to a faster fix/patch/update cycle and the pervasive access to source code (Clarke, Dorwin, and Nash, n.d.). When compared simply to the code itself without any additional tools, Proprietary Code is no more secure than Open Source. You can learn more in our SIEM Buyer’s Guide.The recent SolarWinds breach highlights a new paradigm in the Software Supply Chain. Always verify the authenticity of messages before following instructions. Phishing attacks often build off chaos (as evidenced by the scores of COVID-19 related attacks) and this attack meets that definition. Yet you should also ensure that all such communications do legitimately come from your providers. Most likely, the SolarWinds Orion Breach will motivate other providers to look harder for their own vulnerabilities and backdoors, closing them before hackers find them. Second, keep an eye out for potential updates from your current cybersecurity provider, if you use one. Civilians, including you, may end up in the future crossfire. The breach indicates that nation-states will start transferring their military resources into the cyber-realm, which has fewer rules of engagement. The alternative can leave your business even more vulnerable.Īdditionally, if you are seeking a new provider, look for providers which specialize in defending against nation-states attacks. While you may feel reluctant to trust central monitoring solutions in the wake of the breach your organization still needs cybersecurity. Instead, you need to think about the practical implications of the breach.įirst, you absolutely need a secure SIEM solution that remains current with the threat landscape. However, in a practical sense, it actually doesn’t matter to your business who conducted the breach. The United States government has not made any definitive statements about suspected perpetrators, but this kind of “supply chain” attack is a signature of multiple Russian hacking groups. Research indicates this breach likely resulted from a nation-state sponsored group, with affiliations with the Russian government suspected. As a result, the SolarWinds breach might end up becoming the largest cyber-breach conducted on the U.S. government departments suffered from the attack. In addition to multiple corporations, cybersecurity providers such as FireEye and multiple U.S. Given that the breach appears to have begun in March, hackers enjoyed plenty of time to steal data via compromised emails, databases, and more. With these privileges, the hackers established a backdoor into the Orion system, allowing them to create a malicious update that granted them visibility and mobility over victims.Īt time of writing, at least 18,000 organizations likely downloaded the malicious update, and thus suffered in the SolarWinds Orion Breach. It boasted about 33,000 customers at the time of the breach disclosure.Īccording to multiple cybersecurity sources, including FireEye and Microsoft, it appears a hacking group infiltrated the SolarWinds Orion software through malware and then conducted a privilege escalation attack. SolarWinds Orion offers centralized monitoring over organizational networks, enabling it to manage threat detection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |