As reported recently by major news outlets such as Reuters, The New York Times, The Washington Post, and others, FireEye, an international cybersecurity company, as well as prominent U.S. government agencies, including the Departments of Treasury, Commerce and Homeland Security, disclosed that their networks have been compromised. FireEye was the first to go public, disclosing that a sophisticated threat actor with the skills of a nation-state breached the company’s security protocols, thereby gaining unauthorized access to information on its networks, including some of its specialized toolsets used to test the security of the networks of FireEye’s own customers. The breaches have been found to have stemmed from initial compromises that may date back to March of 2020, due to the result of malicious code being injected into updates for third-party software, identified as SolarWinds’ Orion IT monitoring software. This supply chain attack opened a “backdoor” that was leveraged by malicious actors to exfiltrate proprietary information and monitor email traffic from the impacted entities. FireEye’s write-up about the attack provides some technical details, including various indicators of compromise (IOC’s) that can be leveraged by other defenders.
SolarWinds is an IT management and remote monitoring vendor that offers security solutions for a range of customers, from small businesses to large corporations. An estimated 18,000 SolarWinds customers use the affected software, although not all 18,000 may have had the infected patches installed. Many managed IT service providers also rely on SolarWinds products to perform their work, raising the possibility that many organizations who outsource their IT functions may have the affected product within their computer network and may not yet know it. This attack is a stark reminder about the importance of a mature security program, which includes careful analysis of third-party access to systems, supply chain attacks, vulnerability scanning and management, as well as incident response planning.
If your organization uses the implicated software or outsources its IT security function, you may consider having an independent inspection of your systems and networks.[1] bit-x-bit can help by specifically scanning for the affected products or other vulnerable products. Feel free to contact us at 412.325.4033 or info@bit-x-bit.com.