In December 2020, Solarwinds, a US company specialising in IT infrastructure, made the headlines as it was discovered that they had been breached. The source of the exploit was identified as their Solarwinds Orion product, an IT management software. The nature of the attack involved hackers planting a “backdoor” (a means by which attackers elude the normal authentication mechanisms and gain unauthorised access to an internal network which they can remotely monitor or even control) when the Solarwinds Orion product was updated in early 2020.
Solarwinds have reported that about 18,000 of their customers have been affected by the breach, including the likes of Microsoft, Cisco and VMware amongst others.
Microsoft have been closely analysing the attack and have contacted the customers that they believe were being targeted by the attackers, 44% of which operate in the IT space. The investigations for this attack are still underway and it is believed that more organisations across the world could be affected as a consequence of this attack. Primary conclusions have led to believe that the attack was state-sponsored, targeting governmental agencies (mainly in the US).
The Solarwinds attack is a deeply troubling revelation for the cyber security industry given the nature of the companies affected by the attack. It also further highlights the rise of supply chain attacks, where even the most cyber secure of companies can be affected - you’re only as secure as your weakest link.
If your company or any of your suppliers do use Solarwinds Orion Software, it is extremely important that it is updated to the latest version in order to help prevent further exploits - https://www.solarwinds.com/securityadvisory.
If your organisation does not have Solarwinds software, we believe it is highly unlikely that your security will be impacted. That said, businesses should continue to be vigilant against attacks, especially taking care to ensure that your accounts are secure and you have 2-factor authentication in place.