This Sunday SolarWinds presented to the U.S. Securities and Exchange Commission (SEC) the documents detailing a recent security breach that affected Orion Platform, one of the company’s main solutions. However, cybersecurity experts believe that the company downplayed the incident, just as multiple experts have linked to the activity of hackers sponsored by the Russian government.
Version 2020.2.1 and earlier, released between March and June 2020, had been infected with malware after a hacker group managed to compromise the tool’s update mechanism, affecting the networks of thousands of organizations around the world.
Although early reports estimated that this problem would have affected all SolarWinds users, the company notified authorities that 18,000 customers, just over half of its 30,000 Orion Platform users, would have been compromised. All SolarWinds customers were notified in recent days.
In its security notice, SolarWinds announced that an Orion update will soon be available containing a code to remove any traces of malware from affected systems; the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also published a technical report for mitigating this security risk.
Although multiple reports on this incident have been published, the company has not yet clarified how cybercriminals managed to compromise their networks, although this could be related to a fraudulent campaign against Microsoft Office 365 users.
SolarWinds concluded by mentioning that they will continue to investigate whether threat actors used access to these accounts to steal data from affected Orion users.
Despite the company’s attempts to dismiss the implications of this attack, more and more members of the cybersecurity community believe that this will become one of the most catastrophic security incidents in recent years. In addition, many experts believe that this malicious activity could be related to recent incidents in organizations such as the FireEye security firm, the Treasury Department, and the U.S. National Telecommunications and Information Administration (NTIA).
On the reasons for this attack, malicious hackers appear to have focused only on a small number of high-value targets, forgetting most Orion Platform customers.
Finally, this incident could have serious consequences for the company’s finances. Revenue from the use of the Orion Platform accounts for approximately 45% of the company’s annual profits, so a massive contract fee would put SolarWinds against the ropes, without considering that the investigation is still ongoing.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.