SolarWinds breach saga continues in the new year

Beginning the cyber New Year in 2021 apparently involves learning that the SolarWinds data breach was more substantial in scope than previously thought.  What it boils down to is the fact that approximately 250 government and private networks, rather than the dozens initially thought, were compromised by suspected Russian intelligence services seeking to exploit a poorly secured supply chain.

It now appears that different factors played into compromising the Texas company’s Orion platform.  Warning sensors placed inside overseas networks by the National Security Agency (NSA) failed to alert anyone to the attack, and the hackers also exploited the agency’s prohibition against domestic surveillance (not that I’m advocating for their ability to do so).  Ultimately, however, none of these exonerate SolarWinds for the fact that investigators, current and former employees have all asserted subpar product security over the years.  As we mentioned when this story broke, notifications from SolarWinds have advised disabling antivirus scanners so their software could run freely on client networks.  No matter what other external circumstances figured in, therefore, their absence seemingly would have made little difference in the hackers’ success.  You could have all the surveillance in the world and cyber criminals could still slip through to infect software whose security is not up to code.

Another revelation is that the hackers had gained a foothold in the SolarWinds network earlier than we knew.  Mid-2019 is now the latest estimated date, judging by the evidence of previously undetected files that were distributed as part of an apparent test run.  Investigators will continue searching for the origin of the break-in, how far back it goes, and for all we know the scale of the breach might keep expanding.

It certainly seems suspicious that several company board members sold hundreds of millions of dollars in stock just a few days before the breach announcement.  And already SolarWinds is being hit with a class action suit for allegedly lying to plaintiffs about its security practices.  Among the allegations is the company’s use of “SolarWinds123” as a password for update servers.  They might as well have gone with no password and spared their fingers the effort.  The suit goes so far as to define the company’s actions as a fraudulent scheme, knowing matters were worse than appeared and ignoring it for the sake of reputation and stockholders.

I know everyone is ready to turn the page on 2020, but it doesn’t look like SolarWinds will have that privilege just yet.  Depending on the veracity of these claims, they might be stuck there for a while.


By: Jonathan Weicher, post on January 6, 2021
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security