Major SolarWinds Breach Affects Government and Businesses Worldwide

Author

ACA Aponix

Publish Date

Type

Cyber Alert

Topics
  • Cybersecurity

A major breach has been reported with wide-reaching U.S. and international repercussions. The breach has compromised confidential data at several U.S. government agencies, including the Treasury Department and the Department of Commerce. It has exposed information from the executive branch, the military, and intelligence services. It has likewise compromised leading telecommunications firms, technology firms, and international governments.

In the attack, the software provider SolarWinds was breached by what it calls “a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software.” SolarWinds Orion platform is used to monitor and manage network traffic. It is used by a majority of Fortune 500 companies, the U.S. military, the U.S. State Department, the NSA, and other international governments and businesses.

In the “supply chain attack” bad actors infiltrated SolarWinds’ data and deployed malware in the firm’s Orion software updates released between March 2020 and June 2020 (versions 2019.4 HF 5 through 2020.2.1). This infected software was delivered to customers who installed it during updates. The malware then provided the bad actors with “back door” access to a sensitive information.

The attack is believed to be the work of a nation-state, specifically hackers associated with the Russian foreign intelligence service. Russia has denied responsibility for the attack.

In response to the attack, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive to mitigate the effects of the attack. The instructions include disconnecting network devices running affected SolarWinds Orion software, assessing data for indications of the breach, taking steps to repair affected software, and reporting breaches as needed. The agency indicates that additional information and instructions will be forthcoming.

SolarWinds recommends updating to its latest version of the Orion platform (version 2020.2.1 HF 1) to ensure greater security in response to the breach.

Additionally, reports have indicated that nation-state actors have gained access to sensitive information via a breach in Microsoft® Office 365®. In this breach, attackers have been able to circumvent authentication controls and gain access to government software, and to a wealth of emails. Per the report, this surveillance has been underway for months. Microsoft and FireEye have confirmed they were also compromised in this SolarWinds breach.

ACA Guidance

The SolarWinds breach is shocking in its far-reaching nature, and its ability to affect top tiers of government and industry, both in the U.S. and internationally. It highlights the continued need for vigilance in the face of cybersecurity attacks, originating both from individual actors and on the nation-state level.

ACA Aponix recommends taking the following actions regarding the breach:

  • Immediately follow the recommendations provided by CISA in its emergency directive. The recommendations may require IT and cybersecurity expertise. If necessary, reach out to trusted third-party providers for assistance.
  • Once recommendations are implemented, ensure that SolarWinds Orion software is updated to its latest version, per the firm’s recommendations.
  • Assess your Office 365 configuration to ensure that maximum protection is afforded against this and other potential vulnerabilities.
  • Monitor system logs and other security resources for unusual activity.
  • Assure that data backup and related resiliency plans are up-to-date and functional.
  • Review and update existing incident response plans to prepare reaction in the event of a breach.
  • Strongly encourage third-party vendors to follow directions and information related to this breach.
  • Follow further CISA guidance as it becomes available.

How We Help

ACA Aponix offers the following solutions that can help your firm in light of the discovered vulnerability, software patching programming, Office 365 security configuration, and with data security in general.

If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com.

Contact Us