SolarWinds is a major IT firm in the United States that provides software to thousands of organizations, including the US government and Fortune 500 companies. SolarWinds got hit with a massive cyberattack that remained undetected for months and spread to thousands of its customers. The hackers hacked into SolarWinds Orion software, which let them imitate the firm’s existing users and accounts, along with many high-profile accounts. The hackers could spy on US Government agencies, such as the Treasury Department, the Department of Homeland Security, and others, along with other private elite firms, such as FireEye, Microsoft, etc.
How SolarWinds got Attacked
In 2020, the hackers hacked into SolarWinds systems secretly and added a malicious code into the firm’s “Orion” system. Dozens of companies use Orion to handle IT resources. As per SEC documents, there are 33,000 customers of SolarWinds using the Orion system.
When SolarWinds sent the Orion software updates to its customers, it also included the malware code in it. It is reported that almost 18,000 customers installed the updates, which made all those vulnerable to hackers. This type of attack is termed as a supply-chain attack. The code act as a backdoor to all those customers’ IT systems, which eventually made hackers secretly install further malware to those systems.
Recent developments in knowing the true cause of the attack narrate that hackers also used legitimate software and cloud hosting services to access the systems of victims. So, other than malware implantation in Orion, hackers have also used other hacking techniques which are still being investigated.
The Magnitude of SolarWinds Hack
As SolarWinds has many big customers, including Fortune 500 companies and US government agencies, so the magnitude of its impact could be huge. As per the news, different US government agencies were attacked, including the Department of Homeland Security, the Treasury Department, the Department of Energy, parts of the Pentagon, and the National Nuclear Security Administration. The Treasury Department saw a breach in several networks and email accounts in the Treasury Departmental Offices.
Many other tech giants, such as Intel, Microsoft, FireEye, Cisco, and many more, are also the victims of this attack. Microsoft confirmed that it was hit by the SolarWinds hack. The hackers were able to view source code in many repositories, but they could not modify those codes. Microsoft has denied the news circulating about its services and products being compromised. The organization has further clarified that hackers did not use its systems to attack others. They have acknowledged that they discovered SolarWinds hack elements in their systems but have successfully removed those elements now.
Concerns rising with SolarWinds Hack
Since this hack remained undetected for months, so it has easily penetrated into multiple networks. It will now take extensive time and resources to make all networks secure again. This attack is one of the most massive cyberattacks in the present time. The hackers’ sophisticated technique and effective penetration demonstrate that small and large corporations must expend more time and effort on cybersecurity measures. Besides that, it is still unclear whether similar hacking practice is carried on other vendors other than SolarWinds, which could have created more than one backdoor for hackers to attack IT systems. This hack has triggered the cybersecurity industry to deploy new methods and approaches that also assume that the system is already breached.
Since this article was written in early March 2021, a far more significant hack has been revealed to corporations using Microsoft Exchange email. Surely these two cyberattacks of 2021 completely dwarf all prior experience. Bookmark our blog for further updates.