How SolarWinds' Massive Hack Upended Cybersecurity
Now Chinese hackers are suspected of exploiting the SolarWinds flaw.
![Data Center Hacker, dark data Data Center Hacker, dark data](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltbb4ad5e7d7b7487e/652456db86281b3eca13993a/Data-Center-Hacker.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
The SolarWinds cyberattack no doubt will prompt considerable short-term fallout in terms of customers, revenue and reputation, said Eric Parizo, senior analyst with Omdia.
The hackers inserted malicious code into SolarWinds‘ Orion software updates sent to nearly 18,000 customers. The updates were released between March and June of last year.
This led to security breaches at numerous U.S. government agencies. Those include the Treasury Department, the National Telecommunications and Information Administration (NTIA), the Department of Homeland Security (DHS) and the Justice Department. The attacker also breached SolarWinds’ corporate clients.
Microsoft joined the list of targets in the hack. And more vendors are expected to become part of the dubious registry.
Microsoft issued the following statement:
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data.”
The attackers didn’t use Microsoft’s systems to attack others, it said.
FireEye, which has investigated numerous high-profile data breaches, also fell victim to the SolarWinds hack.
Threat actors gained wide-ranging access to corporate and governmental information systems in the hack.
That’s according to a report by SophosLabs. Cisco also was targeted in the hack. And Microsoft discovered a second hacking group targeting SolarWinds software.
According to ZDNet, the list of organizations infected with Sunburst malware included Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense.
The hacker group accessed Microsoft source code, the instructions written when developing programs.
Microsoft’s investigation revealed attempts beyond just the presence of malicious SolarWinds code in its environment.
“We detected unusual activity with a small number of internal accounts, and upon review, we discovered one account had been used to view source code in a number of source code repositories,” Microsoft wrote in a blog. “The account did not have permissions to modify any code or engineering systems, and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”
Source code is among a technology company’s most closely guarded secrets. Microsoft has historically been careful about protecting it.
In the midst of dealing with the aftermath of the hack, SolarWinds was hit with a class-action lawsuit on behalf of stock buyers.
Kevin Thompson, former SolarWinds president and CEO, and Barton Kalsu, chief financial officer, are also named defendants in the lawsuit. It was filed on behalf of stock buyers who acquired publicly traded SolarWinds securities from Feb. 24 to Dec. 15, 2020.
The suit seeks to recover damages for SolarWinds investors under federal securities laws.
The federal court in the Western District of Texas has jurisdiction over the case. The suit requests a jury trial, and the plaintiffs are seeking damages from the company, Thompson and Kalsu.
SolarWinds isn’t commenting on the suit.
SolarWinds last month hired former federal cybersecurity chief Chris Krebs to help with the fallout from its massive hack.
Krebs was director of the Cybersecurity and Infrastructure Security Agency (CISA). Former president Trump fired him for saying there was “no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised” in the November election.
The former cybersecurity chief joined SolarWinds with his business partner, Alex Stamos, former Facebook CSO. Their new firm, Krebs Stamos Group, helps clients build security teams, processes, programs and culture. It also provides advice on decisions during extreme crises.
SolarWinds hackers also targeted Malwarebytes, which became the fourth major cybersecurity firm to be attacked by this group.
Marcin Kleczynski, Malwarebytes‘ CEO and co-founder, disclosed the breach. Microsoft, FireEye and CrowdStrike also were targeted by the SolarWinds hackers. CrowdStrike fended off the attackers.
“While Malwarebytes does not use SolarWinds, we, like many other companies, were recently targeted by the same threat actor,” Kleczynski said. “We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”
The insured losses due to the SolarWinds hack now total $90 million and climbing.
That’s according to BitSight and Kovrr’s joint analysis of the financial impact of the SolarWinds breach on the insurance industry.
The SolarWinds attack is a cyber catastrophe from a national security perspective, the companies said. However, insurers may have narrowly avoided a catastrophic financial incident to their businesses. That’s because the insured losses haven’t spiraled out of control.
The losses include incident response and forensic services for companies impacted by this incident and that have cyber insurance coverage.
While the number of SolarWinds victims may grow in the following months, BitSight and Kovrr don’t expect the direct insured costs to change significantly.
The insured losses due to the SolarWinds hack now total $90 million and climbing.
That’s according to BitSight and Kovrr’s joint analysis of the financial impact of the SolarWinds breach on the insurance industry.
The SolarWinds attack is a cyber catastrophe from a national security perspective, the companies said. However, insurers may have narrowly avoided a catastrophic financial incident to their businesses. That’s because the insured losses haven’t spiraled out of control.
The losses include incident response and forensic services for companies impacted by this incident and that have cyber insurance coverage.
While the number of SolarWinds victims may grow in the following months, BitSight and Kovrr don’t expect the direct insured costs to change significantly.
Last month, SolarWinds‘ entire world was rocked as news of a massive hack spread globally.
The espionage campaign has heavily impacted the federal government and cybersecurity industry. It reportedly was carried out by Russian hackers.
Most recently, Trustwave identified three new critical flaws in software products by SolarWinds. Trustwave said the flaws could have allowed an attacker to compromise SolarWinds customers’ networks.
SolarWinds released a patch to fix the flaws and there’s no evidence that hackers exploited them.
In addition, Reuters reported suspected Chinese hackers exploited a flaw in SolarWinds software to help break into U.S. government computers.
The massive hack was first reported in mid-December and the full impact still remains unknown.
Nozomi Networks said layered operational technology (OT) security provides the best defense from these breaches.
“When attackers hit a technological boundary, they need to adjust their tactics accordingly,” said Chris Grove, product evangelist at Nozomi. “In addition to serving as hurdles for attackers to overcome, boundaries provide for ‘choke-points’ where monitoring and signaling can occur. Each technology boundary put in front of the attacker serves as an opportunity to better defend your network.”
Scroll through our slideshow above for the latest and to see how the hack unfolded.
Read more about:
MSPsAbout the Author(s)
You May Also Like