A world of digitized and cloud-based functioning is considered by all businesses and enterprises as the new way of how we will work in the future. Greater transitions to cloud-based networks are termed to be highly beneficial and efficient to promote effective remote working from anywhere using any device. Every business has understood how important remote functioning and cloud networking has gained worldwide significance.
But with an increasing cloud-based transition, cybersecurity breaches have become more commonplace, and are climbing to their peak. As per Cybersecurity Media, close to 300 billion passwords were estimated to be used in 2020 by humans and machines combined worldwide. This is due to the increased cybersecurity risks we are getting exposed to. Huge security breaches are taking place in recent times— even government authorities or large enterprises are not spared by these breaches. One such severe security breach that happened recently was the SolarWinds Orion security breach.
What was the SolarWinds Orion Breach?
Solar Winds is an IT Management company that develops technologies which help businesses in managing their IT infrastructure. Solar Winds is widely used by thousands of corporates as well as government organisations, both in the USA and abroad.
On 13th December 2020, the Cybersecurity and Infrastructure Security Agency (CISA) presented an emergency directive mentioning that the SolarWinds Orion network monitoring software was actively exposed to the malicious solar winds attack.
On 14th December 2020, The SEC (Securities and Exchange Commission) of the US, estimated that close to 18,000 of the 300,000 SolarWinds customers might have installed the compromised monitoring software. As the Solar Winds network consists of some of the major players, including many from the Fortune500, US telecoms, UK and US government authorities, US military branches, and also the office of the President of the United States, this turned out to be a massively serious issue.
It was said that thousands of large enterprises and government authorities might have gotten compromised due to the huge security attack that involved the Solar Winds software. In reality, this attack was a direct attack on the supply chain that also involved SolarWinds Orion network monitoring software. The culprits were able to infiltrate various engaging networks and systems of large organizations by planting malware in the Solar Winds software.
What happened during the SolarWinds attack?
The attackers intended to plant a lateral movement within the SolarWinds network through its malware. They modified the installation files by adding an advanced backdoor to the SolarWinds Orion updates and then planted the modified files on the SolarWinds Orion update server. The update was installed with malware that waits for 2 weeks first and then secretly reaches out to the command and control server, waiting for its instructions. As Orion functions mainly at the network and system level, the malware could get the lateral movement to get explicit access to the network and file communications, while also not being tracked or detected.
Now, these update files consist of some of the most integral files like digital signatures and FTP login credentials based on a public repository. Several unofficial reports state that there were multiple cases of lax security and deep infiltration.
What was the ultimate response to this SolarWinds Orion attack?
The CISA directed all the solar winds users who installed one of its affected updates to assume that their systems and networks were compromised and carry on functions keeping that in mind. Also, the Orion was immediately patched with a secured version and was cleaned out entirely. This would’ve involved going through 6 months’ worth of network and system contacts and logs to find any suspicious activity.
Lessons companies should learn from the SolarWinds attack
There could be major observations derived from this attack that the companies should take care of in the future to avoid these malicious attacks.
- Be aware of supply chain attacks –
Supply chain attacks are on the rise of late. No matter how secure you think your websites are, there is always a vulnerable spot for attackers to land their footholds. It is important to employ various security measures and technologies like software-defined perimeter and microsegmentation to keep your eyes on every component of your supply chain.
- Some cyberattacks might go undetected for months –
As seen in this attack, attackers might plant malware to take action after a few weeks and be undetected through any source. Though some attackers follow the exciting hit-and-run trials. But nowadays the attacks are majorly planted before and acted upon later. Keep hold of this to keep your security management attractive and to detect whenever this malware or solar wind attack is planted.
- Even one weak spot is enough for the attackers –
Attackers and hackers just need one weak spot to find a flaw in your networks or systems. In the SolarWinds case, it is still not clear what is the source of the malware but it is assumed that it might have been through a weak password. Instincts of even a weak password are enough for the hacker to count on you.
- Make regular checks to your cybersecurity hygiene
The companies should know and carry regular checks of the data stored and in what facility the data is stored. Robust tools for anomaly detection like behavioural biometrics should be in effect. Regular checks of right access control should be taken care of by using technologies of zero trust network access.
- Collect the facts and stats immediately
One thing to complement the response to the attack of the solar wind was that they gathered information immediately with FireEye, Microsoft, and CISA. They were prompted to share information with the security industry practitioners, who then used this information to mitigate further potential malicious consequences. It is important to gather and collect data immediately when an attack breaks out in your network or system.
Attackers have been on a big move from the past few years and now when things are shifting on cloud and other online platforms, the cybersecurity risks have intensified. Lately, cyberattacks like malware and DDOS are the most famous ones and can cause severe damages to any system or network’s confidentiality of data.
As seen in the case of SolarWinds Orion attack, even a minor flaw can expose the whole network to a massive data breach issue. The lessons learned from this attack should be kept in mind for each and every enterprise’s remote workforce security. Robust security technologies and measures like zero trust network access, software-defined perimeter, and Multifactor authentication should be in charge of your security system.
We here at Instasafe have proved to make an astonishing mark in providing the above security technologies and measures. Reach out to us today to enable your workforce security with robust cybersecurity tools and methods.