The full extent of the SolarWinds Cyber-attack is still unknown but more pieces of the puzzle are coming together. Big tech companies including Intel, Microsoft, Nvidia, and Cisco were all infected by the attack on SolarWinds Orion platform. Exacerbating the issue is that investigators have found potentially another hacking group had broken into SolarWinds using a similar exploit, which is being dubbed Supernova.
CISA has updated it’s alert last week that this advanced persistent threat actor begin in at least march of 2020 and has demonstrated patience, operational security, and complex tradecraft in these intrusions. It is expected that removing this threat actor from compromised environments will be highly complex and challenging for organizations. This latest alert does not supersede the requirements of emergency directive 21-01 which ordered affected devices to be disconnected.
There is a lot of conversation pointing to Russian or Chinese influence behind the cyber-attack, but I still believe it is too soon and I have not seen hard evidence that indicates security researchers have identified with certainly who is actually behind or organized the attack.
A recent poll of IT vendors has found that 80% of their clients are wanting to leave Solarwinds. What is important to note is not all SolarWinds products are not impacted by the Orion platform. I can understand the desire to want to leave a platform that is in the news, but we will learn more about a vendor during and after an attack then you will learn about other products. I believe that SolarWinds is going to be more closely examined and analyzed than any other vendor for the foreseeable future, which is only good for the overall security of all of their products.
To be clear I am not implying that Solarwinds is out of the woods, and it’s critical for us all to stay up to date on security concerns for all of the products that are used within your business.
As a business owner or a cyber security professional this should be a catalyst to rethink your cybersecurity position. Congress and the president-elect are promising to make 2021 a cybersecurity a top priority at every level of government. States and local governments need to follow that guidance, and businesses should as well.
The system is broken, and most lawmakers don’t even know what questions to ask. This can lead to impulsive laws that may be good intentioned but will provide little to no relief to the attacks that are facing networks and data across the globe.
It is critical that we all take some time and review our technology policies, procedures, services, and vendors that are used.
