Solar winds is a renowned cybersecurity service provider. Unfortunately, a couple of days ago, a team of hackers broke into their tool Orion i.e. a tentpole network management tool and the security of a total of eighteen thousand customers was compromised. Some of the companies and clients whose data was taken over due to the
SolarWinds hack included the US State Department, Treasury, Commerce, Homeland Security and even big giants like Microsoft.
This month has surely been a bonus month for cybersecurity criminals and hackers. Two most
important security breaches have taken place over the last four weeks. FireEye and solarwinds hackathon has surely left a lot of people at risk. While FireEye has suffered proprietary loss since their cybersecurity tools have been stolen, SolarWinds on the other hand has suffered a lot of loss since approximately eighteen thousand customer’s data has been breached and compromised. What Exactly Happened?
SolarWinds Sunburst Hack was not an impulsive move. Rather it seems as if the attackers have been planning and trying to get into their system since earlier this year. The company SolarWinds has been working on deploying a new software update for their tentpole network management tool to move from the version 2019.4 HF 5 to the newer version i.e. 2020.2.1.
It was not only SolarWinds that was excited about the version update, but the customers too had been looking forward to this update since quite some time. The hackers first launched a soft manual supply chain attack so that they could get access to the company’s communication with the customers regarding the version update. Using this attack, they laid the foundation of the attack and finally successfully compromised the
According to the reports so far, a total of around eighteen thousand customers have been affected by the
SolarWinds Sunburst Hack. Who Is Responsible For The Hacking?
Although no one has assumed the responsibility of the attack so far, the attack has been linked with some group of people that are said to be working with the Russian Foreign Intelligence Service (SVR). It is important to mention that this is just a speculation at the moment and nothing has been officially confirmed so far.
But it has been found that the attack was pre-planned and the team had been working on the attack for a couple of months. It has been found that the attack was mediated by hacking into the communication between the SolarWind’s internal body and the customers and clients. Some reports have also stated that some
high level person in SolarWinds Development management was involved in the process.
There are two different sides of the story. Some people state that there had been a loophole in the SolarWinds communication channel that the hackers used to expand their system and plan a deep rooted attack to compromise the security of the system. Some parties state that the hackers realized the loophole and then extended their attack.
While there are some other people who are of the notion that this attack was specifically planned so that the attackers could break into the system and take information of the specific customers that SolarWinds dealt with on a regular basis. These people argue that the hackers had the chance to acquire information about thousands of customers and some even more hire profile customers than the parties whose data the hackers ended up stealing.
Impacts Of The Attack:
There have been a couple of days since the attack, but now the efforts are designated towards mitigation of the risk and finding out to what
extent the data has been breached and damaged. It is especially the private organizations that are extremely concerned about the extent to which the hackers have been able to attain the information and what type of potential risk is associated with the leak and misuse of the data that has now been compromised.
National security has also been threatened as a result of this attack since the hackers have been able to break into the system and get information related to the Department of Treasury,Homeland Security and the Pentagon.
The first thing that the people were instructed to do was to disconnect Orion products and remove them completely from their networks and devices. This was done to avoid any further security breaches as the investigators as well as the SolarWinds management is still not aware about the extent to which theri system has truly been compromised. It is still possible for the attackers to misuse the company’s infrastructure and harm even more clients by causing more security breaches.
There are a lot of committees that were immediately involved for the sake of research and getting to the bottom of the issue. Some notable committees include the
Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Council. These councils and committees are working to not only get to the bottom of the issue, but also to determine the route that was used to plan and execute the attack, the possible mission of the attackers the probable loss that this breach of information may cause for both the government as well as the private companies whose data has been stolen as a result of the Software provider SolarWinds hacking. SolarWinds Stance:
This attack has surely shaken the
Software provider SolarWinds more than anyone else. It has been reported that researchers were already concerned about their not so reliable security system and the company had been informed about the possible risk of a security breach. Unfortunately, this chance became a reality and the company had to face such a huge issue.
The consequences of the
cybersecurity compromise are yet to be determined. But the SolarWinds service provider has quickly taken action and sent over a patch to fix any possible bugs and issues that may lead to any more security attacks. They say that an investigative committee has been announced to look into the matter within the company itself.