Written by: Alex Steck
Fitting for an eventful year, 2020 is coming to an end with one of the most sophisticated and consequential cyberattacks in recent history. A suspected foreign government sabotaged a SolarWinds network monitoring product, Orion, and has been monitoring the product’s clients tracing back to March of 2020 using malware.
As a fair comparison, it’s as if you just now found that someone has been living inside your house since March, without your knowledge, documenting every little detail.
SolarWinds itself is a tech provider giant routinely winning yearly awards for its multiple products. To put things into perspective, out of SolarWinds’ 300,000 customers, 33,000 of them use the Orion product. Out of the 33,000 Orion product customers, SolarWinds claims only 18,000 have been affected. Keep in mind, this number is growing daily.
Interesting fact: The SolarWinds Orion product won the most top-rated Network Monitoring tool for 2019 by TrustRadius, and came in 4th place by Software Reviews in 2018.
As of now, only this can be confirmed.
Attackers have had since March 2020 to view and extract this data. The true impact may take years to uncover, some of which may never be discovered as the attackers had months to destroy any forensic evidence.
Only customers that used the Orion product are reportedly affected, and only those who loaded the March update of the Orion product. Even so, the high value targets have been noted to be Government agencies & large technology organizations.
There is a chance that if your organization is not one of the high value targets, that it has not been compromised. However, you should still take all appropriate steps to limit exposure.
This should be a wake-up call for organizations that do not have a cyber-security incident response plan and call for an evaluation of software and programs being used.