Below the flood of articles on COVID 19 and political tension in the US; you might have seen articles mentioning the SolarWinds attack, but what is it all about and why is it a big deal not only for the US but across the globe?
This all began with malicious code being detected in SolarWinds’ software program, Orion. Orion itself is an enterprise grade infrastructure monitoring platform used by many large companies including several key United States federal departments. What made this attack so effective and how it had propagated for so long before being noticed a full 9 months later is because of the method they used to distribute the code – a supply chain attack.
This type of attack can be very hard to defend against and even the expensive intrusion detection system, EINSTEIN, that the U.S. National Cyber Security Division had built wasn’t able to pick this up. Supply chain attacks differ to a exploiting a vulnerability or using phishing to gather account details in that genuine software is compromised – malicious code is injected into a new release or update for a particular software program and is then pushed downstream to clients.
Because this update has then been digitally signed and trusted due to its point of origin, the malicious code is able to arrive at customers systems silently. We don’t raise any eyebrows when software we know and use is requesting an update be installed so it’s no wonder that this had spread so far and for as long as it did before being detected.
At the end of the day, to have done all this they needed to have access to the update server in the first place. Allegedly one of the passwords used on the SolarWinds updates server was ‘solarwinds123’. The person who administered that server may not have their job for very long after this, but we can learn a valuable lesson from their mistake.
This breach should serve as a wake-up call to show how even the smallest entry point can allow an attacker to pivot across into other systems, security must be ensured from all possible angles. No matter what systems you have or where they reside, if they are accessible from outside the organisation – as almost all systems are these days – then it is essential to perform constant security reviews to ensure you are protected on all fronts.
If you are at all concerned about the security of your systems or the data they contain, by all means get in touch with the Altitude Innovations Team for a comprehensive security and risk assessment.