What Can We Learn From the SolarWinds Data Breach?

January 6, 2021

VIEW ALL POSTS

phone, fintech notebook, and coffee cup on table, with a hand over the notebook with a pen.

The cyber corruption of network management software provider SolarWinds has affected approximately 18,000 of their 300,000 customers, including companies and government organizations. Given the breadth of this cyber attack, many are asking, “How can we ensure the safety of our data in the future?”

“In a statement, President-elect Joe Biden said he would “elevate cybersecurity as an imperative across the government” and “disrupt and deter our adversaries” from undertaking such major hacks.” (cnbc.com)

 

The cyber corruption of network management software provider SolarWinds has affected approximately 18,000 of their 300,000 customers, including companies and government organizations. Given the breadth of this cyber attack, many are asking, “How can we ensure the safety of our data in the future?”

 

Sadly, that question may be about as useful as asking, “How can we rid the world of bad guys?”

 

What Happened?

 

March – June 2020

 

According to SolarWinds, a vulnerability was injected into updates for their Orion products between March and June 2020. It appears that the vulnerability was placed in the build rather than in the source code or in the certificate, as is often the case. This is important to note, as it is one indicator of the sophistication of these hackers.

 

Eighteen thousand of the Orion users performed updates, unwittingly opening their data up to the breach.

 

December 2020

 

Orion user FireEye was the first to announce that a nation-state had hacked them.  Shortly after that, Reuters reported the data breach to the US Department of the Treasury, followed by a report from the Washington Post that linked the two data breaches as one.

 

“So far, the hackers are known to have at least monitored email or other data within the U.S. departments of Defense, State, Treasury, Homeland Security and Commerce.” (cnbc.com)

 

Can We Blame SolarWinds?

 

No, although they may be used as a scapegoat. SolarWinds appears to have been diligent in using standard cybersecurity practices and took many steps considered above the norm. This malware was particularly sophisticated.

 

The malware included no electronic footprints, meaning no ability to see which files had been viewed. No false data was implanted, a timed-release was set so that the breach did not activate until after scans of the files were complete (FireEye reported a 14-day period of dormancy), and it appears that each malware distributed was personalized for its victim.

 

“The operational teams appear to have used specific infrastructure for each victim, reducing the usefulness of network-based IOCs.” (SANS.com)

 

How Widespread is the Data Breach?

 

Reuters is reporting that SolarWinds was not the only software company affected. According to the news source: “Another major technology supplier was also compromised by the same attack team and used to get into high-value final targets, according to two people briefed on the matter.” (cnbc.com)

 

According to FireEye: “The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East. We anticipate there are additional victims in other countries and verticals. FireEye has notified all entities we are aware of being affected.”

 

“The Department of Homeland Security said in a bulletin on Thursday the spies had used other techniques besides corrupting updates of network management software by SolarWinds, which is used by hundreds of thousands of companies and government agencies.” (CNBC.com)

 

What’s The Takeaway?

 

The ongoing fear is that this initial malware will open up to secondary attacks and affect thousands more; however, this breach has brought the focus back to cybersecurity and its importance from the top down. President-elect Biden has promised to make cybersecurity a priority as best as possible.

 

If you are using the Orion software – or if you are unsure – we might be able to help. The Department of  Department of Homeland Security Cyber divisions released an Emergency Directive for all Orion users. Tech One IT has cybersecurity experts that can help identify data breaches and initiate the process of getting your organization back to safety.

Email Us: Contact@techoneit.com | Call Us: 480-449-3333

 

View Open Jobs Here: Careers | Learn About TAP: Technology Apprenticeship Program |

Email Us: Contact@techoneit.com | Call Us: 480-449-3333

Talk to sales

Interested in hiring? Just pick up the phone to chat with a member of our sales team. 480-449-3333

If you prefer, you can email us: contact@techoneit.com

Reach our customer support team

3 + 9 =