18 Jan Bursting the security bubble
Late last year when most of us were attempting to check-out on a year that had dealt some terrible blows, real and imagined, there was a flurry of journalistic activity reporting a dramatic, global story of digital security gone awry.
SolarWinds, Inc., a company name now synonymous with its security platform Orion, had fallen victim to a stealth slither of injected code, Sunburst, that would compromise SolarWinds’ clients (IT administrators mostly) and SolarWinds itself. At latest count 18,000 firms are affected, those include government organisations, arms manufacturers and consultancies around the world.
Crowdstrike, who are part of the SolarWinds industry-led analysis campaign following the attack, are leading the technical analysis and although it is complicated they simplify it like this, “a malicious tool that was deployed into the build environment to inject this backdoor into the SolarWinds Orion platform without arousing the suspicion of the development team charged with delivering the product.” What that means is malware injected onto Orion security software laid dormant for some months and only when IT administrators using the Orion platform updated their software, the malware code was unleashed.
Microsoft are also conducting their own internal investigation whilst working with industry to ‘share information, strengthen defences and respond to attacks’. So far in their investigation they have found no cause for real concern, albeit there are some instances of attempted malicious activity from the SolarWinds code in internal accounts, only to view source code, none of the code viewed had permissions to ‘modify code or engineering systems’.
Microsoft put this down to their open source software development practice and open source culture. The source code is viewable and any security that Microsoft implements assumes that hackers have access to that code.
According to the BBC, there are many reasons why an attack like this is dangerous but it really amplifies that government bodies cannot keep up with Silicon Valley and programming oligarchs. When technology intercepts communication at executive levels it is an information and intelligence gathering exercise, state secrets are at risk. The Sunburst malware is sophisticated, a nation-state hack and we understand that security measures undertaken by big corporate players are now vulnerable, corporations and government are not entirely safe. This is not for short term financial gain which is why it’s different from other targeted hacking events that use ransomware as leverage for payment.
SolarWinds are updating their client base regularly on their blog, it’s impressive. Not only are they taking ownership of the problem but seeking to address the subsequent issues it has caused their clientele. They have rallied the best minds in the industry to take stock and responsibility. Their new CEO, Sudhakar Ramakrishna, appointed late last year started in January 2021. He started while a bushfire was raging and he has an optimistic, experienced and dedicated approach to working through the massive challenges ahead, not only for the company but more so for their client base who are reeling from the potential loss of privacy and digital security. Watch this space….
Faster Networks help businesses protect their digital assets. We are a cyber security partner that brings the best software solutions that anticipate and fix digital vulnerabilities. Our areas of expertise includes Vulnerability Management, Security Orchestration Automation and Response (SOAR), Application Security, Infrastructure Security, Distributed Denial of Service (DDoS) Protection and Application Pentesting.