At this point, most people are aware of the fact that a multitude of private and government organizations have been compromised by a sophisticated foreign threat actor. FireEye and SolarWinds have become household names for all the wrong reasons. Yet while it has become common knowledge that a terrible breach occurred and a whole lot of networks have been compromised, many do not understand exactly what happened, and more importantly, what it means to them personally.
In brief, SolarWinds is a software development company for network management tools. As part of their management tools, SolarWinds software utilized a monitoring system called Orion, which would help customers have visibility over every device on their network, even down to the exact RPM of their cooling fans. FireEye was utilizing Orion software as part of their network management.
As is true for every software in existence, when vulnerabilities are identified, patches are created. SolarWinds was unaware of the vulnerabilities associated with the Orion software until sometime in the Spring of 2020 and while there have been a series of patches since 2019, the vulnerability itself was never addressed – the vulnerability is referred to as the Sunburst Backdoor Code. The vulnerability does show up in intermittent platform versions.
What the Solarwinds Breach Means to Your Network
Because of this vulnerability, sophisticated threat actors, possibly Russians, were able to access the Orion monitoring tool. And through this attack vector, once the threat actor had access to Orion, that threat actor had access to every system utilizing it. Forensics puts the original breach sometime around March 2020. Utilizing Orion, they were able to acquire the FireEye’s Red Team tools (hacker tools). These were tools utilized by NSA, CIA and, of course, FireEye to harden networks by looking for network vulnerabilities. These attackers also have a good knowledge of the Windows operating system. In response, FireEye decided to release all of their Red Team tools to the IT security community to give businesses and agencies the ability to patch their systems for the compromised hacking tools.
While this story is still unfolding, and no one knows yet all the ramifications that may be in play, one good lesson is to value the importance of utilizing cutting-edge security software, and making sure it is being expertly managed.
If you would like to learn more about the details of this breach, CISA provides a very good assessment. To learn more about its impact, ISMG gives a list of victims and Tech Crunch does a fair job discussing what your response should be.
Bottom line, the big takeaway is that network compromise is serious, pervasive, and no one connected to the internet is exempt from the fallout. It is incumbent upon every business in every industry to prioritize the security of their network and how to best protect themselves from a worst-case scenario.
If you are concerned how this major system compromise might affect your network, or if you have concerns that you are utilizing a system software that might have been affected by Orion, we can run an analysis to make you aware of any potential vulnerabilities. Contact us and let us help you know your network better.