SolarWinds, a Texas-based IT company that provides network, systems, and IT management software to companies on a worldwide scale, was the subject of a monumental security breach in the latter half of 2020. First reported on by Reuters, SolarWinds announced in mid-December that its Orion line – a suite of software designed to help companies monitor their entire IT stack from a single platform, was the subject of a “highly-sophisticated, targeted and manual supply chain attack.”
The scope of this security breach’s impact is stunning, affecting well-known Fortune 500 companies like Cisco, Microsoft, and Intel, as well as some of the most sensitive agencies of the U.S. government – the Pentagon, Department of Homeland Security, and the Treasury, to name a few.
The purview of this monumental security hack is still being investigated by authorities, and details are continuing to unfold. We’ve compiled a list of what we know so far, what to do next, and why security vendors can help safeguard businesses from falling victim to another breach in the future.
A malware package that is being referred to as SUNBURST was stealthily installed on several versions of the SolarWinds Orion monitoring software during the beginning of last year. As these seemingly normal software updates were rolled out to the Orion products as early as March 2020, the infected code began making its way to at least 18,000 of the 33,000 clients that use the program.
The code inside the virus created a virtual entry point into the networks of those that installed the infected software patch. Once inside the network, the SUNBURST malware made it possible to spread an additional virus known as SUPERNOVA that allowed the threat actors responsible for the hack to spy on the inner workings of these companies and conduct information-gathering activities.
The malware injected into the Orion software updates was highly sophisticated – so much so that it went virtually undetected for months until a private cybersecurity company first detected it within their own environment. The lengthy timeframe of free reign on the impacted environments likely allowed the cybercriminals responsible for the breach ample time to view and collect private information, meaning that the impacts of this security compromise could last much longer than initially anticipated.
What To Do Next
Scan Your Environment for Suspicious Behavior
In response to the significant unknowns surrounding the SolarWinds hack, the Cybersecurity & Infrastructure Security Agency (CISA) has developed a tool to help identify several Indicators of Compromise (IOCs) if you think you’ve been impacted. This free tool, called the Sparrow Tool, was created to detect unusual and potentially harmful behavior within an organization’s Office 365/Azure environment and was designed with IT professionals in mind. As of now, its sole purpose is geared towards identifying the identity and authentication-based behaviors discovered in the breach.
Partner With a Cybersecurity Vendor
One of the grimmest details about the entire ordeal is that the full breadth of the security breach may never truly be known. Because of the sophistication level of the programming embedded within the SolarWinds software patches, it could take months before some organizations verify that they’ve been impacted.
Partnering with a vendor that specializes in security and compliance can help speed up the threat detection process and can also help safeguard organizations from other potential breaches in the future. Security-forward companies have their ears to the ground, constantly staying up to date on the latest security concerns, zero-day attacks, and more. These vendors understand how viruses and malware work, and they have the tools to stop malicious threat actors from infecting networks before they even begin.
How Peters & Associates Can Help
The massive attack on over 18,000 SolarWinds clients should serve as a major wake-up call for cybersecurity experts, IT professionals, and business owners alike, and now is the time to take every precaution to safeguard your most critical data from being hacked.
At Peters & Associates, we take a customer-first approach to cybersecurity, ensuring we provide you with the most knowledgeable and talented resources in the industry. Our team of experts understands the behaviors and characteristics of viruses, malware, and cybercriminals and has adapted our standard operating procedures to ensure we do everything we can to keep our clients safe. We’ve even included the Sparrow IOC tool in our O365/Azure security review process as a means of protecting our clients, both present and future, from the remnants of the SolarWinds attack.
Office 365 Security Reviews are part of our Security as a Service offering. As cyber-threats become more prevalent and their consequences more severe, companies need to make sure their security is up-to-speed 24/7. Our Security as a Service offering is ongoing and reliable, so you can count on your organization remaining secure without expending all your resources to keep it that way.