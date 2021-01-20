Solarwinds, a company that most people haven’t heard of, made huge news in December when it disclosed that its product Orion had been compromised (possibly as far back as March of 2020) and that the infected software had made its way into as many as 18,000 of their customers’ networks.
The huge number of affected parties makes the Solarwinds hack the largest in history. Among their customers are several large U.S. government agencies and 425 of the companies listed on the Fortune 500 list. So far only Cisco and Microsoft have acknowledged the intrusion into their networks.
Microsoft said that the hackers were able to access the source code for a number of their products. They said that none of their source code was altered, something that a nefarious actor might do in order to install backdoors into systems running Microsoft software. Likewise, Cisco said that the intrusion was limited to a small number of sites and that it wouldn’t impact the security of their products. This is good news as the hack has been tracked back to Russia, a nation that we aren’t on the best of terms with. A hack on this scale that leaves a hostile nation with access to software that runs on our systems in our largest companies could be devastating.
So how does something like this happen? Most large organizations also have large networks. They need to monitor their networks so that they can track down any interruptions in service (maybe a piece of equipment is offline), detect intrusion attempts, determine if proprietary IP is being sent outside the network, and many other reasons. Solarwinds sells a product called Orion that does exactly that. So rather than try to attack thousands of different organizations, Russia only needed to infiltrate one organization. Once Russians were able to hack into Solarwinds, they modified the Orion software to allow them access to any network that it was running on. Then all the Russians had to do was wait for customers to download the update and they were in.
Large organizations buy and run software from dozens of different companies. It’s not feasible for the IT department, largely considered an expense and often underfunded by companies, to intensely monitor every piece of software that they run. The methods and tools available to hackers are always getting better, all it takes is one vulnerability among millions of lines of code for them to get in. IT security has a momentous task, you can’t expect them to keep the organization completely secure all of the time.
It’ll take months before we know the full extent of the damage done by the Solarwinds hack. At least six major government agencies are among the 18,000 clients. Who knows what kind of information Russia was able to grab during the months that they had access.
Then there are the U.S. corporations that have been affected. So far only Microsoft and Cisco have admitted to the malware being on their networks, but we know there will be more. And we can be sure that the hackers are pouring over the source code they stole from MS looking for vulnerabilities to exploit. This hack is going to lead to others. We just don’t know when.