SolarWinds Cyber Attack
Cyberattacks enter a new era of destructive impact when threat actors are advanced enough to compromise SolarWind’s software supply chain with infected binary code while mimicking legitimate protocol traffic to avoid detection.
The attackers managed to modify an Orion platform plug-in that is distributed as part of Orion platform update. The malware was deployed as an update from Solarwinds own servers and was digitally signed by a valid digital certificate bearing their name issued by Symantec.
SolarWinds’ Security Advisory lists 18 known products that have been affected by the attack, including their Application Centric Monitor (ACM), Server Configuration Monitor (SCM) and Network Performance Monitor (NPM). Earlier this month, SolarWinds says the malicious code may have been delivered to nearly 18,000 customers.
Usually, there is a vulnerability that allows threat actors to get into the network. What is unique about Solarwinds is the initial vulnerability is in vendor software, so it’s often now being referred to as a supply chain hack because the vulnerability was embedded as code. It appears like it is a nation/state-related incident that always heightens the exposure and is another reason it is so large in scale. Some tools that FireEye uses for Red Team evaluation of people’s networks got exposed, so now those tools are in the hands of threat actors to do nefarious activities with them.
80% of hacks involve the use of compromised privileged credentials and this one is no exception. An important layer of control is Privileged Access Management (PAM) solutions, which typically involve predictive, preventive, and detective controls.
In the end, it is security layers and vigilance that make the difference in minimizing the impact of a breach. NIST’s guidance can be constructive in cybersecurity planning, which can also be informed by Zero Trust’s principles. Remember, it is not a question of if you will be hacked. It is a matter of when and what you can do to limit the impact through layers.