Read the full story
Even organisations with the best security systems can find themselves at risk if other organisations in their digital supply chain are vulnerable.
It was recently revealed that up to 18,000 organisations may have unknowingly installed backdoors into their networks. These organisations all use “Orion”, a network monitoring tool created by American software firm, SolarWinds.
Reports indicate that an advanced persistent threat (APT) group, likely to be originating in Russia, gained access to Orion servers and manipulated scheduled patches. When Orion customers ran system updates in March 2020, they unknowingly installed remote access trojan (RAT) malware that created backdoors into their networks. As Orion is a network monitoring tool, it has extensive network-wide access privileges. This allowed the attackers to deeply penetrate victims’ networks, remaining undetected for many months.
Despite thousands of potential victims, it is thought that around 100 organisations were specifically targeted. This speaks to the highly targeted nature of the campaign, as well as the attackers’ efforts to stay under the radar.
It is believed those behind the breach gained extensive access to emails, user IDs, passwords, financial records, source code, as well as highly confidential files. With SolarWinds customers including numerous US government agencies, including the military, as well as many large enterprises, the potential damage is enormous. It is thought the breach went undetected for over six months.
The seriousness of the breach has led some to label it the Pearl Harbour of American IT.
This case demonstrates the importance of supply chain security. Orion was a known, trusted tool. SolarWinds customers would have had no reason to suspect that an Orion update could contain such malware. However, with ongoing supply chain monitoring and auditing, organisations stand a much better chance of stopping or catching such threats. Even for those that don’t use Orion, a connected third-party may do so. This could also be a risk.
If your organisation uses Orion, you should consider deactivating the software and engaging professionals to investigate whether you have been breached and whether any backdoors into your network can be identified. All organisations should have regular independent assessments of your digital supply chain moving forward to help identify potential third-party risks.