SolarWinds Orion Cyberattack

Why Your Network Security is as Important as Ever

I like to start each year with technical events that artists don’t normally follow.  This year I researched one of the largest cyberattacks on record.  If this subject doesn’t interest you, please remember one very important practice to follow:  Make sure you use passwords that are not easily guessed by anyone.

The internet is constantly under attack.  Nowhere is this more apparent that the recent massive SolarWinds US cyberattack.  Security experts believe this breach was engineered by a highly organized threat actor gaining access to a software distribution server.  SolarWinds is the company that produces Orion, a network monitoring and management product.   

It is not known exactly how access to SolarWinds was gained, but a security researcher reported in 2019 that he discovered an easily guessed password:  “SolarWinds123”.

The SolarWinds cyberattack is known as a supply chain attack.  The US government was not directly attacked.  The malware was inserted into software supplied by a trusted supplier to the US government.  In this case, SolarWinds was the trusted third party.  The cyber-espionage essentially gained access to the server that distributed Orion Network Management software updates.  At least 18,000 Orion customers downloaded and installed an infected version of Orion as early as March of 2020.

The malware was particularly clever in that it sat dormant for 10-14 days before activating.  This allowed it to escape any testing that customers might conduct after installing a software update.  In addition, the attacks were secretive in that they focused on staying hidden while collecting valuable information.  Finally, only select customers were targeted for stage two of the attack: government agencies like the Departments of Treasury, State, Commerce, Energy and Homeland Security along with corporations like Cisco, Microsoft, Cox Communications, and VMware.  This behavior plus the resources required indicate it was sponsored by a foreign power like Russia or China.

You may think these attacks only happen far away, but it’s notable that the first enterprise to notice the breach was FireEye, a cybersecurity company in Milpitas, right here in the Bay Area. 

Software users trust that the software and systems that their organizations use are secured, yet users have little control over the security or processes that develop and distribute that software.  Supply chain attacks will continue to be a threat for the foreseeable future. While no single strategy can prevent supply chain attacks, a combination of best practices can reduce their impact.