The latest to join the ever growing list of globally recognized companies suffering crippling ransomware attacks is SolarWinds, an IT firm supplying software to Fortune 500 enterprises and major USA government entities. A Google search for SolarWinds immediately brings up a link to SolarWinds Network Monitoring Tool – and your first thought might be, “If SolarWinds has been breached, no one is safe.” And you’d be right.
Reuters reported that SolarWinds had suffered a massive ransomware attack, which could have potentially been going on for months before discovery. SolarWinds client list is no slouch, with some of the world’s biggest Fortune 500 companies and most sensitive US Government offices potentially exposed or pillaged. Reuters reported the breach being so serious that there was an immediate meeting of the USA National Security Council at the White House to discuss the issue and plan a recovery strategy. The United States Cybersecurity and Infrastructure Security Agency and the FBI are currently investigating the issue. SolarWinds simply reports that they were the victim of a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”
It’s being reported by Yahoo!News and other media outlets, that the hackers exposed a vulnerability in SolarWinds company software system, “Orion,” widely used by many major enterprises to manage IT resources, to gain access to staff emails, which they could have monitored for months, uninterrupted.
Russian hackers are supposed to be behind the attack, although as yet unconfirmed by the US Government, but John Ullyot, National Security Council spokesman says that they “are taking all necessary steps to identify and remedy any possible issues related to this situation.” Russia officially denies knowledge of the attack.
Sources within SolarWinds reported that, in-line with company compliance protocol, software is to be patched regularly to fix bugs and to add new functions and features. SolarWinds unwittingly sent out software updates to employees containing the hacked code, creating a backdoor into SolarWinds system which was then used to expand the attack.
An attack can be devastating to enterprises of all sizes. This particular attack is causing ripples across the USA Government agencies – who seemingly have all the intelligence and power in the world to protect themselves, an assumption that is clearly not the case. For those enterprises without the far reach of SolarWinds or deep pockets of the USA Government, what chance do you have if you are attacked?
Sangfor Technologies Incident Response (IR) Services are vital to enterprises across the world. Not every attack can be prevented, even with the most cutting-edge security equipment, and not every company has the expertise to respond to an incident or breach. Statistics show that Incident Response services minimize the impact of attacks, maintain business continuity, and strengthen security for the entire business.
Sangfor Technologies Threat Identification, Analysis, and Risk Assessment (TIARA) service is a perfect fit of assessment for organization that would like to investigate if compromised red team tools are exist within the organization environment, at the same time, uncover any unnoticed malware, compromised machines, malware lateral movement, east-west attacks, employee misbehave, insecure practices, and any potential threat in the network.
Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s Security solutions, and let Sangfor make your IT simpler, more secure and valuable.