SolarWinds hit in extremely sophisticated cyber attack

Security officials race to probe one of the most sophisticated cyber attacks of recent years.

The US government has put out an emergency warning about what appears to be one of the most sophisticated cyberespionage campaigns in recent years.

Hackers working for a nation-state managed to infiltrate software used by key government agencies and the world’s largest companies just as the west went into lockdown earlier this year.

Here is everything we know so far.


What happened?

Hundreds of thousands of organisations around the world rely on a piece of software called Orion to manage their IT networks.

The software, from the IT company SolarWinds, is described as a “single pane of glass” that can monitor everything in a system.

The hackers managed to insert malicious code into the software updates provided by SolarWinds to its customers, which then allowed them to open a back door that let them spy on their targets at will.

The updates were released between March and June this year, SolarWinds said, raising the possibility that the hackers have been inside some systems for as long as nine months.

The attack was not related to an hour-long outage of Google services on Monday.


Who has been hacked?

The scope of the attack is potentially huge. SolarWinds said on its website that it had 275,000 customers worldwide.

But the company on Monday said it believed that “fewer than 18,000” of its customers had downloaded the compromised updates.

FireEye, a cybersecurity company that revealed last week it had been a victim of the hacking campaign, said it had found other victims in “government, consulting, technology, telecom and extractive entities” across the world.

No major companies have disclosed that they have been hacked.

In the US, the commerce department said one of its bureaus had been breached. The Treasury Department was also reported to have been targeted, but it declined to comment.

UK and EU cybersecurity agencies have yet to comment on the extent of their exposure.


What is SolarWinds and what does it do?

SolarWinds is a 20-year-old technology company based in Austin, Texas, with revenues projected to exceed $1bn this year.

According to its website, SolarWinds’ clients include Microsoft, McDonald’s, Lockheed Martin and Yahoo, as well as many government and military departments in the US and abroad.

Some of America’s most sensitive intelligence targets are among its customers: all five branches of the US military; the Pentagon, the state department; the NSA; the Department of Justice; and the Office of the President of the United States, according to the company’s website.

Shares in SolarWinds fell 15 per cent in early trading on Monday after news of the hack emerged.


Who were the hackers and what were they looking for?

Western security experts quickly pointed the finger at Russia, though there has been no official confirmation.

FireEye said: “The campaign is the work of a highly-skilled actor and the operation was conducted with significant operational security.”

One person familiar with the investigation said American security sources believe the SVR, Russia’s foreign intelligence service, was behind the hack.

Robert Hannigan, former director-general of the UK signals intelligence agency GCHQ, said while it was still too early to tell who was responsible, Russian agencies have a history of using software updates to deliver attacks, as these attackers did via Orion. This was how a cyber unit operated by Russia’s GRU military intelligence service implanted the NotPetya virus into Ukrainian accountancy software in 2017.

Officials suggested the attack has all the hallmarks of an espionage operation, designed to target central government, defence, military and intelligence institutions.

Russia has denied any involvement, with Dmitry Peskov, President Vladimir Putin’s spokesman, labelling the accusations “groundless”.


What do we still not know?

One of the key questions, according to western security officials, is how the hackers managed to penetrate SolarWinds.

Possibilities include an insider at the company who helped the hackers gain access to its clients or weaknesses in cybersecurity which meant its systems could be targeted remotely.

The other question is how many governments and companies may have been compromised.

Those who use Orion risk having been accessed directly, but cybersecurity experts point out that organisations which shared data with the targets could also have been compromised. This means that the potential repercussions could go far beyond the original Orion customer base.


We’re Netcom, how can we help?

At Netcom, we are well-versed in helping companies in various sectors navigate the often mystifying, jargon-filled worlds of IT.  With over 15 years’ experience and covering virtually all aspects of business IT, we can help guide your business through this uncertain period and help you deploy cutting edge solutions that will not only help you weather the current storm but keep your business at the top of its game beyond the pandemic.

For guidance on IT strategy, cybersecurity and digital transformation why not book a free, no-obligation discovery call today by calling 0114 361 0062.


News Source: