To date, there has never been a hack as significant as this massive breach of security compromising SolarWinds Technology’s Orion IT Management software platform and the resulting hacks of their customers . In March 2020, Russia was able to hack into SolarWinds - and this is where things get clouded. The full extent of this hack is unknown, but the hackers goal is clear- SolarWinds was hacked due to the nature of it being a provider of IT Management software to other companies which then were breached using the compromised tool.
Before I continue - the versions of Orion compromised are Orion app versions 2019.4 through 2020.2 HF1, which were released between March 2020 and June 2020. (Check with Solarwinds for updates) If you are running those versions you may have been informed by SolarWinds directly, and probably aren't spending time reading this blog. But if you haven't, please feel free to reach out for London Security Solutions to provide insight into what your next steps should be.
Using this compromised update - hackers were able to evade security technologies (SolarWinds was an approved application after all) and place malware on systems allowing them to exfiltrate the data they wanted. Right now there is no way to truly know everyone impacted by this hack, but we will determine more information in the coming months / years. This hack will be analyzed for years to come.
So this comes back to - what should you be aware of, and what actions should you take?
First, you should verify if you are using SolarWinds and the Orion app version 2019.4 to 2020.1 isn't present in your environment. Talk to your security teams to determine if they can search for that application within your networks to verify it isn't present.
Second, you should make sure any of the companies that manage your data, your SOCs or NOCs were not impacted by this threat. They should have reached out, but it is best to trust... but verify that information.
Third, be prepared for more supply side attacks. Every software vendor is vulnerable. Layered security mitigates this risk by performing multiple checks. Effective layered security performs these checks while enhancing your organization's ability to do business. London Security Solutions recommends working with a trusted security advisor in order to verify you have these tools in place (and deployed correctly).
This hack has been a startling development in a very difficult year. Information Technology staff are working projects that weren’t on the plan at the beginning of the year Economic impacts mean resources aren't always there to bring on people for 24/7 coverage. However, more and more attacks are occurring on a broader attack surface in times when we have less security professionals to cover the growing security gaps. London Security Solutions recommends looking into 24/7 security solutions - such as London Security Solutions Security Shadow offering to monitor your technologies and isolate compromised systems. Security Shadow is a Managed Detection and Response + Remediation service where we provide the ability to lockdown a suspicious endpoint.
Cameron Cowley is a security engineer with over 5 years security experience . He has worked with companies across multiple industries and resolved various security threats and risks.