The SolarWinds Hack

post image

SolarWinds develops software for IT management, and is based in the United States.  This hack was huge and exposed a lot of sensitive data, but before we find out who was affected, let’s give some background

What happened?

In early 2020, a group of hackers got into SolarWinds infrastructure.  They went in completely undetected - and they got to work.  The hackers worked their way into Orion, a system that 33,000 of SolarWinds’ customers used.   As a software developer, SolarWinds would regularly send out updates for their systems. Using this information, the hackers wrote malicious code into the updates before they were deployed to customers.  When the updates were downloaded and installed, the code created a backdoor into the IT systems of the customers.  This allowed the hackers to implant more malware directly into the systems in order to spy on their targets.

A brief outline of the technical stuff:

A malware named SUNSPOT acts as an injector for the backdoor or Trojan mentioned above (SUNBURST).  SUNBURST then allows for post-infection malware loaders, known as droppers to be installed in a Trojan-like way.  These are called RAINDROP and TEARDROP.  TEARDROP was used on computers that were originally affected by SUNBURST.  RAINDROP was then used to move laterally around the network to execute payloads.

Who was affected?

Up to 18,000 customers that used Orion were affected.  These customers included Fortune 500 companies, departments of the US government, and parts of the Pentagon.  Private companies such as Cisco, and Microsoft were also affected.  A breach on this scale surely would have been noticed quickly, right?  Wrong.  The hack wasn’t noticed until cybersecurity firm FireEye announced in December 2020 that they were victim of a nation-state attack.  Over the course of December, it was discovered that the original attack on SolarWinds may have happened as far back as October 2019 – meaning the attack may have taken up to fourteen months to be discovered.  This amount of time before it was found means that some breaches could still be undetected, even to this day.

The fallout – why is this so important?

Put simply, the sheer number of breached networks means that some have gone unnoticed.  It will take years for some of these breaches to be found, and the network be made fully secure again.  Another important factor to consider with this hack is that due to breaches in the US government, this group of hackers (and likely a lot more) now have the ability to imitate legitimate, trusted figures.  This could lead to the imposters being able to get hold of even more sensitive data, start changing files, or even permanently delete data, as well as gaining trust from other legitimate figures.

What can we learn from SolarWinds?

One really important take away from this hack is that even the most IT literate, cyber-aware enterprises can be hacked.  In fact, everyone has the possibility of being hacked – the only way to be completely un-hackable is to stop using computers, which just isn’t feasible.  Instead, it’s best to try and make your network and infrastructure as secure as you can.  A couple of good ways to do this is to monitor the traffic on your network, use antivirus that also looks at how a computer is behaving, and use a firewall.


No comments for "The SolarWinds Hack " yet, why don't you let us know what you think.

Leave a Comment

Your email address will not be published. Required fields are marked *