SolarWinds Supply Chain Attack Using Malware and Backdooring
SolarWinds Cyber Security attack is a supply-chain attack that involves targeting a third-party organization that supplies products or services to your targeted audience. In this case, SolarWinds was the third-party organization that provides System Management software to its Customers and Orion – A Network Management Tool that is quite a lot commonly used by many companies and departments to protect and manage their resources.
Earlier this year, some foreign hackers (believed to be the from Russian intelligence SVR) somehow hacked into the systems of SolarWinds and were able to code spyware in the company’s one of the most common and widely used software – Orion. There are more than 32,000 customers that use Orion in the current time, out of which around 18,000 users were impacted by this attack. Many of these users were high-grade firms like the cybersecurity firm named FireEye, companies from the Fortune 500 and a lot many agencies of the US which includes the Treasury Department, Department of Homeland Security, the State Department, the Justice Department, Centers of Disease Control and Prevention, parts of the Pentagon, Department of Energy, the National Nuclear Security Administration and many more. Some other high-profile private companies were impacted that are Deloitte, Cisco, Microsoft, etc. Even organizations like Wall Street and Kent State University were impacted the same way as others did.
The foreign hackers who managed to code spyware into SolarWinds software (Orion), also released a worldwide update of Orion and they were able to display that the update is official and is directly coming from the SolarWinds systems. This update was released to install the “Sunburst” Malware into the software Orion and this update was installed by more than 16,000 SolarWinds customers. This malware seemed to work like an AI integrated software by getting involved and blended in Orion’s activities. It could access every single file on the system and be using multiple methods to avoid getting detected. It was capable of dodging the anti-virus detection process every time. Overall it created and gave the hackers a backdoor to access anything and everything from the customer’s system at any point in time without getting noticed.
As soon as the malware was detected SolarWinds released another update that consists of a patch for this malware and asked all its customers to update their Orion software ASAP. Customers and Users who are unable to update Orion for any reason are asked to change passwords to their accounts and then block any direct internet access to SolarWinds servers.
The CISA, FBI, and the Director of National Intelligence have published a joint statement to co-ordinate with the government and its responses to the crisis. The CISA (Cybersecurity and intelligence agency) had asked all the federal civilian agencies to power down all the SolarWinds Orion Products or disconnect them ASAP. Tom Bossert, states that it could take a very long period of time to get our networks back secure again. The hackers with government data and access to government networks could easily destroy such data, alter such data, and even use it against them in unofficial ways.
This cyber-attack is being considered to be one of the largest cyberattacks that ever took place. However, this bought up questions on the US cyber command who is assigned to protect and defend American networks from such cyber attacks. The cyberattack is also being considered to be an “eye-opener” for the cybersecurity industry. A lot many companies have started to use a different method of assuming that they are already under a cyber attack. This makes them prepared by reacting daily to protect networks and software rather than reacting when actually attacked. Such changes in methods can bring a completely new era for cybersecurity and may lead to a safer environment for everyone.
Do you like this article? Follow TheHackReport on Facebook, Twitter, and Linkedln to read more exclusive content we post.
