SolarWinds Cyberattack Likely Affected Thousands Worldwide

The massive SolarWinds cyberattack no doubt will prompt considerable short-term fallout in terms of customers, revenue and reputation.

That’s according to Eric Parizo, senior analyst with Omdia. The SolarWinds cyberattack resulted from a software vulnerability.

The hackers inserted malicious code into SolarWinds‘ Orion software updates sent to nearly 18,000 customers. It existed in updates released between March and June of this year.

This led to security breaches at numerous U.S. government agencies. Those include the Treasury Department, the National Telecommunications and Information Administration (NTIA) and the Department of Homeland Security (DHS). The attacker also breached SolarWinds’ corporate clients.

Emergency Directive

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive. It calls on all federal civilian agencies to review their networks for indicators of compromise. Furthermore, it instructs them to disconnect or power down Orion products immediately.

The Cozy Bear hacking group, which U.S. authorities suggest gets backing from Russian state intelligence, likely performed the SolarWinds cyberattack.

According to FireEye, the intrusion began as early as spring 2020. The security research firm announced Dec. 8 that the crime had impacted some of its customers. FireEye on Sunday released a report detailing the subdomain and malware that the threat actors used. FireEye, which has investigated numerous high-profile data breaches, fell victim to the attack.

Wake-Up Call

Nigel Thorpe is technical director at SecureAge. He said the SolarWinds cyberattack is “totally a wake-up call” for cybersecurity providers.

SecureAge’s Nigel Thorpe

“This incident shows people just how disruptive a well-planned supply chain attack can be,” he said. “These types of attacks are actually quite common and vendors are a frequent jump point for bad actors looking to infiltrate a business’ network. This one was particularly destructive, however, because of how stealthily and precisely it was carried out. That said, I think this put a lot of people on guard moving forward. And the preemptive measures … will only become more prevalent as businesses assess and reassess existing relationships with third-party vendors.”

It’s difficult to say whether the attack could have been prevented, Thorpe said. But it highlights the need to have protocols in place in case one happens.

Experts surmise if the attackers opted to extract huge swaths of data at once to peruse later, they would have likely raised red flags in the government systems, he said.

“They had to remain stealthy and exact, indicating that their approach was more about the quality of data stolen, rather than the quantity,” Thorpe said.

Extremely Targeted Attack

John Pagliuca is president of SolarWinds MSP.

SolarWinds MSP’s John Pagliuca

“We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted and manually executed incident, as apposed to a broad, systemwide attack,” he said. “At this time, we are not aware of an impact to our RMM, N-Central and associated SolarWinds MSP products.”

SolarWinds uses Microsoft 365 for its email and office productivity tools. An attack vector was used to compromise its emails. Furthermore, it may have provided access to other data contained in its office productivity tools.

Both SolarWinds and Microsoft have …