Data Backup Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

SolarWinds' Monitoring Systems Have Been Compromised

The SolarWinds breach made headlines all across the world in mid-December 2020, and for good reason. With so much uncertainty being cast around the recent presidential election in the United States, the attack actually served to fuel the flames of doubt even further. They're also causing a lot of confusion for customers of SolarWinds – which range from Fortune 500 organizations to the highest level of governmental entities.

What Happened?

Although it's unclear when the SolarWinds system was initially breached, security experts claim that their infrastructure was hacked several months before it was actually detected. The event was first detected and reported in the middle of December, right in between a heated presidential election and the New Year, and the accusations are starting to fly from all sides.

What is clear, however, is the fact that SolarWinds' system has been compromised. Foreign hackers are suspected, with some U.S. officials claiming the attacks originated from Russia and others blaming China, but there hasn't been any substantial proof to backup these claims.

Regardless, the hackers gained accessed to SolarWinds' infrastructure and added malicious code to their proprietary Orion platform. SolarWinds currently boasts over 33,000 users that rely on Orion on a day-to-day basis.

The problem was compounded due to the regular updates provided by SolarWinds, which only helped to further distribute the hack to their customer's machines. As a result, the hack installed a backdoor that gave hackers direct access to their machines, too. The hacked systems were then used to spy on various companies and organizations.

A recent Microsoft blog post provided greater detail on the hack, stating: "Using highly privileged accounts acquired through the technique above or other means, attackers may add their own credentials to existing application service principals, enabling them to call APIs with the permission assigned to that application."

It's also not clear how many of their customers, or exactly which ones, are affected. According to a recent report from SolarWinds, they estimate that as many as 18,000 customers could be affected in some way. Given the fact that SolarWinds provides services to organizations like the Department of Homeland Security, the Department of Energy, the Pentagon, and many Fortune 500 companies, the fallout could be quite significant.

Ignoring the Early Warnings

The matter is only made worse when you consider the fact that officials with SolarWinds were actually warned of the vulnerabilities in their cybersecurity strategy. Moreover, they were warned several years in advance.

On top of that, they've been cited by multiple cybersecurity experts for flaws in their security practice. While there's no such thing as an impenetrable system, the staff with SolarWinds certainly should have taken these complaints more seriously.

SolarWinds was founded and launched in 1999. Now headquartered in Austin, TX, SolarWinds provides customized software solutions for large businesses and enterprises around the world. Given that most of their work focuses on networking and general information technology, and the fact that many of their customers are located in the governmental sector, it's easy to see how they are a prime target for hackers across the globe.


No comments yet. Sign in to add the first!