.png){kind=small}
Cyberattack on SolarWinds 2020: From Government to Private sector
- Dmytro Reva
- Jan 22, 2024
- 3 min read
An attack that will be in the hall of fame of on of thee most interesting cybersecurity attacks performed!
2020 was marred by one of the most complete attacks in the history of
cybersecurity. Whether we label it SolarWinds, Orion, or SunBurst, the aftermath
has shown the spotlight on the fragility of IT defenses in the face of an organized
attack.
It is now clear that a number of companies specialized in cybersecurity have
suffered an intrusion tied to the SolarWinds compromise—for example: Qualys,
Palo Alto Networks, FireEye, Malwarebytes, etc'
Since the discovery of the mass compromise, many researchers have tried to
decipher the entire chain of infection in an attempt to trace the precise attack
path.
It is very important to keep in mind that security is at foremost one of the top
priorities for the organizations if not to be the first priority.
Let us dive into the timeline of events tied to the SolarWinds cyberattack as they highlight the chief importance of security in the digital realm, especially when it involves major
players and hefty corporations.
We’ve broken down the analysis below into several components:
What Happened?
SolarWinds, a leading-edge software developer company specializing in network and
infrastructure monitoring technology, engineered for high efficiency and tech-savvy
security. They also deliver a range of tech services to hundreds of thousands of
enterprises worldwide.
As a result of the breach, SolarWinds inadvertently rolled out infected software in the
form of an update for the Orion software.
On December 13, 2020, as information about the cyber attack emerged on the
internet, the company promptly carried out an assessment, disclosing with
concern that around 18 thousand users were impacted, encompassing:
1. The Department of Homeland Security
2. The State Department
3. The Department of Commerce
4. The Department of the Treasury
5. The National Nuclear Security Administration
Among the casualties were no less prominent large companies, including: FireEye,
Microsoft, Intel, Cisco, and Deloitte.
It is essential to emphasize that recognizing the attack required a significant amount of time.
The breach of SolarWinds systems occurred in September 2019, with the attack
going unnoticed until December 2020, providing hackers with unrestricted access for a lengthy 15-month period.
What Vulnerabilities?
The cyberattackers used a modern maneuver known as a “supply chain attack”
to integrate their malware code into the Orion software by using a software update.
This type of attack targets vulnerabilities in another suppliers' infrastructure, with access to the organizations
systems, rather than directly breaching the network.
In this shown scenario, third-party software, specifically the SolarWinds Orion software, becomes the "hackers-gateway",
allowing them to gain access to the company network and their vendors.
This "update" was not used for some time, but used later on, making it completely invisible for the IT cybersecurity experts.
It turns out, that absolutely normal software update was actually a maliciously exploited software!
Solution Response
Recognizing the urgency of the situation, SolarWinds has released a new
update to patch the vulnerability.
Resolution Timeline
In just a few hours, the deployment of the update successfully patched the malicious code.
Cost of the Event
The actual expenses, aside from the harm to the company's reputation, are still up in
the air. The hack of the widely-used "Orion" software, affecting around 30,000
organizations worldwide, spans both local and federal government agencies.
There were uncovered stats pointing to a whopping $90 million in insurable losses.
This covers expenses related to incident response and forensic support services
for companies affected by the incident and equipped with cyber insurance.
Current Status
In the summer of 2023, SolarWinds reached a global settlement with investors
who accused the company of disclosing inaccurate information about the level
of cybersecurity, paying them $26 million. Currently, SolarWinds is actively
working to restore its reputation status. This situation was further exacerbated by
the public disclosure of the password "solarwinds123"; from their development servers.
Conclusion
Why is the SolarWinds hack so crucial?
The attack on SolarWinds reveals a global intrusion, as hackers transformed
Orion software into a potent weapon, gaining access to government systems and
thousands of private networks worldwide. This hack has acted as a
catalyst for rapid and extensive changes in the cybersecurity industry.
Numerous companies and government entities are currently diligently devising
new methods to respond to such attacks before they occur. Governments and
organizations recognize that merely installing a firewall and hoping it provides
protection is insufficient. At present, there is an active pursuit of vulnerabilities
in their systems, and depending on the circumstances, either fortifying them or
utilizing them as traps to prevent such attacks.
Comments