A deep dive into the SolarWinds attack Special

Posted Jan 11, 2021 by Tim Sandle
The SolarWinds Orion network management platform became a targeted attack vector towards the end of 2020. With this, attackers injected malware into the SolarWinds application and this spread through many business and US government applications.
Firms operating nuclear power plants and other energy facilities in the US have been hacked in recen...
Firms operating nuclear power plants and other energy facilities in the US have been hacked in recent months: NYT
The reason why the malware spread so easily and so rapidly is that it appeared within the next update of the SolarWinds software (which is designed to support networks, systems, and information technology infrastructure). Corporate and government clients saw the update was genuine and downloaded the update. Unbeknown to them, and to SolarWinds, the update contained a malicious code that went on to infect many SolarWinds clients.
There is new analysis on the SolarWinds attacks, as the number of customers impacted reaches in excess of 1,500 (based on a Censys report). The impact has been confirmed in a U.S. security and intelligence agencies statement. The origin is thought to have been from Russia.
Peter Tsai, Senior Technology Analyst at Spiceworks Ziff Davis, has told Digital Journal why these attacks are hard to defend and about the vulnerability they have exposed.
Tsai explains: "The security vulnerability known as ‘Sunburst’ left tens of thousands of businesses using the popular SolarWinds Orion software at risk, and is the latest in a series of supply chain attacks believed to be perpetrated by sophisticated state-sponsored hackers."
Turning his attention from getting from A to B, Tsai states: "Supply-chain exploits can spread quickly because when hackers modify the source-code of popular software titles, they’re able to create exploitable vulnerabilities across many organizations at once."
Tsai also explains just how serious these attacks are: "These types of attacks are particularly hard to defend against because malicious actors take advantage of the established trust between organizations and solutions providers, infecting software that already has elevated security privileges on corporate networks and devices."
Looking at the specific risks, Tsai explains: "In the case of the Sunburst attacks, networks belonging to multiple U.S. government agencies and technology companies including Microsoft and security firm FireEye were believed to be breached by Russian hackers, as was the case with the similarly-devastating Petya supply-chain ransomware attacks in 2017."
The impact has been considerable: "The Sunburst vulnerability has left many IT departments without the security resources of bigger companies feeling vulnerable and exposed."
Moreover, he adds: ‘If an organization like FireEye, which is arguably one of the best in the business, can have this happen, how can we expect to defend against such things?’” Such an open question requires a joined-up and proactive response.