SolarWinds Attack (Dec 2020) is perhaps one of the most dreaded ones in the recent history of cyberattacks. It was nothing less than a nightmare. The hackers supposedly associated with the Russian state intelligence service – SVR – used a routine software update to slip a malicious code into SolarWind’s Orion Software and the rest was history. It resulted into a massive supply-chain cyberattack against America and also the rest of the world. Lots of major technology companies including Microsoft, Cisco, Intel and several top US government departments were under a severe attack. Reportedly, a lot of sensitive data was exposed. Between March 2020 and June 2020 (the period when the attack was carried out by hackers) about 18,000 companies (customers of SolarWinds) downloaded the malicious code. According to the US SEC, SolarWinds had a total of 33,000 customers that were using Orion that time.
What exactly happened? Like any software company would do, SolarWinds sent out an update to its customers. It was aimed at some bug fixes, performance enhancements etc. Little did they know that unwittingly they’d sent an update that was exploited by the hackers and included a hacked code into it.
The user companies were to download the update and then deploy it in order to update the Orion software. The only way the network/system could be compromised was if the downloading machines were connected to the Internet in order to help the hackers communicate with their servers. And to the shock of SolarWinds, they were successful in penetrating into over 100 companies and about a dozen odd governmental agencies including the Cybersecurity and Infrastructure Security Agency (CISA) – part of Department of Homeland Security in America.
The attack was some kind of a unique craft. So much so that the hackers were even able to reverse-engineer communication methodology of Orion and inserted coding instructions mimicking its syntax and formats.
In quite a record time FireEye, the cybersecurity company, discovered that an intrusion has taken place. FireEye promptly connected with the Federal Bureau of Investigation (FBI). Post that it prepared a detailed report and informed about the compromise to SolarWinds.
Tim Brown, the Vice President of Security (CISO) at SolarWinds took the call from FireEye which, in as precise words as these “We’ve decompiled your code. We’ve found a malicious code” conveyed the entire story.
DynamicCISO invited Tim Brown to speak and narrate the horrific incident to a larger audience in India at the 9th Annual DynamicCISO Summit that took place earlier this month. Brown was candid. He delivered a Keynote in form of a fireside chat with Rahul Neel Mani, Editor of DynamicCISO. He not only elaborated the whole incident and explained the unfolding of the attack step-by-step, but also made a list of very important suggestions for the #CISOs and Security professionals so that they don’t repeat the same mistakes and commit fatal errors.
Here’s the full session for your review.