The hacking that occurred in many of the U.S. agencies and departments has caused a massive tsunami around the globe. The breach may have made the news in its announcement of the plight in the U.S., but it has also caused major problems with organizations, companies (including Microsoft), and even other governments of the world. The original malware was embedded in Orion software that was then expanded into (thus far) an unknown volume of other software updates.
In an article by Lexology:
“The Orion software platform has been compromised, according to a press release and SEC disclosure issued by its provider – SolarWinds Corporation.
Orion is used by thousands of organisations internationally to monitor their IT networks and systems from a single, central platform. Customers include many arms of the US Government and many Fortune 500 companies.
According to the SEC release, malicious code was surreptitiously embedded into Orion updates released between March and June 2020. Any organisations that downloaded, implemented or updated their Orion products during this period were therefore unknowingly introducing the vulnerability and compromising their systems. SolarWinds further stated that some 18,000 customers were impacted having installed the infected update (out of the 33,000 customers notified of the compromise). SolarWinds confirmed it has has over 300,000 customers worldwide. At the moment, it is still not clear how SolarWinds’ Orion software build system was compromised.”
What is astounding about this situation is that instead of the U.S. government discovering the breach, it was instead uncovered by cyber security company FireEye, one of the other SolarWinds clients that was infected; and while the original breach occurred in March, 2020, it wasn’t discovered until many months later.
SolarWinds is a Texas company that provides technical services, including network-monitoring to hundreds of thousands of organizations around the world including government agencies in North America, the Middle East, Asia, and Europe, most notably Fortune 500 companies. The Orion product makes up around half of the revenue per year.
Who Is Responsible?
Individuals have spoken up both on and off the record to indicate that the “supply-chain” method of hacking is the same type used by the Russians in the 2016 efforts of the Russian military to attack companies doing business with the Ukraine with the NotPetya virus. Of course, the Russians deny all accusations, but the similarity of design is unmistakable.
How Bad Is It?
While the U.S. government isn’t releasing any details on the depth of the breach, it’s important to understand that a successful hack isn’t a black and white situation. A breach could be as simple as access to but not theft of data all the way to stealing and using the information. Microsoft did announce that once the malware was detected they launched their “Death Star” response to the Solar Winds hack. This involved four days and four steps that Microsoft uses in both a legal and software manner to obliterate some of the most sophisticated hackers that exist.
“It may take months for the full breadth of this massive breach to be exposed and, given that it involves governments, we may never really know everything about it. DaVinci Forensics continues diligent efforts to keep our clients educated on all of the actions that they need to take to protect their proprietary data, that of their customers, and their reputation.”
– Sharon Knowles, CEO DaVinci Forensics