This leads to the conclusion that even if you consider a vulnerability or an asset just a minor one, it may be used by the attacker to escalate deeper into your systems – for example, a simple SQL injection on a database that contains no personal data may lead to a complete system compromise. This is why it is believed that it must have been a major intelligence operation. The attackers, whoever they really are, took a great deal of care to remain undetected in all the infiltrated networks. This is what suggests that while the vulnerability might have been trivial, the exploitation itself was not. While the hack itself is most probably nothing out of the ordinary, what is very much out of the ordinary in this situation is the fact how long it has remained undiscovered.
Remember, it just takes one user with a weak password for a malicious hacker to enter. This yet again suggests that it might have been a weak password policy that has been the underlying cause of the breach. SolarWinds believes that data contained in emails might have allowed the attackers to gain access to other systems (which also suggests poor email culture – you should not use email to send sensitive data). Openly accessible repositories and exposed databases account for some of the biggest hacks in recent years and common password vulnerabilities are often the underlying cause of major break-ins.Īnother potential vector is that the SolarWinds Office 365 account was supposedly compromised, according to information that SolarWinds received from Microsoft. This is in line with certain Tweets that suggest that SolarWinds had an open repository on GitHub and used weak passwords. Since the first traces of backdoor being used date back to March 2020, it is very probable that SolarWinds was hacked at the beginning of 2020 or in late 2019. The original attack vector remains unknown but there are hints that might give us a clue of what originally happened. This backdoor allowed unknown threat actors to spy on SolarWinds Orion customers and potentially control their systems remotely or escalate into their networks.
An update, downloadable from the SolarWinds update server, was poisoned with a malicious backdoor. If you’re not up to date on the news: The SolarWinds Orion network monitoring software, used by more than 18,000 organizations all over the world, was compromised several months ago.
As always, we continue to take the utmost care to ensure that our on-premises and online software and our update download servers are not compromised in any way. Last week, FireEye disclosed that its own systems had been attacked by what it believed to be sophisticated, state-sponsored hackers.We at Acunetix and Invicti are deeply concerned with the aftermath of the SolarWinds hack and offer our deepest commiserations to all the security personnel who are facing this situation just before Christmas, and to SolarWinds themselves who have been an unwilling agent to the compromise of more than 18,000 organizations.Īt the same time, we would like to reassure our customers, partners, and prospects that we are not a customer of SolarWinds and are therefore not in any way affected by this hack. FireEye has notified all entities we are aware of being affected.” SolarWinds shares dropped 17% to $19.48 in recent trading after hitting an intraday low of $19.36. “We anticipate there are additional victims in other countries and verticals. “The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” FireEye said on its blog.
FireEye said the malware lies dormant in the target’s system for up to two weeks, blending in with legitimate network activity, after which it can transfer or execute a system’s files, reboot computers, or disable system services. The cybersecurity company said the ongoing campaign compromises SolarWinds Orion IT management software and may have begun as early as in the spring.
Infected that company’s software updates with a type of malware that has made its way into private and public organizations worldwide.
Said late Sunday that an attack on SolarWinds Corp.