On December 8, 2020, one of the world's largest security firms, FireEye, announced it had been hacked by a "highly sophisticated threat sector".
These state-sponsored hackers accessed its internal network and stole hacking tools FireEye uses to test the networks of its customers. During their investigation, FireEye announced on December 11th that SolarWinds Orion was the tool used to breach their defenses.
SolarWinds Orion
SolarWinds develops software to help manage computer networks and systems. Their Orion software is a tool that allows management of multiple systems through one interface. It allows IT departments to manage all of their computers at once. This also means it allows a threat actor to get anywhere in a computer network very quickly.
Should you be concerned?
Like most things in security, the answer is "it depends".
Who is at Risk from the SolarWinds Breach?
Security is about managing risk. If a company has Orion software installed, and it was updated in 2020, the bad guys have access inside of their network.
If you fit this scenario, it's time to shut off the software, follow the advice of the Cybersecurity and Infrastructure Security Agency (CISA), and reinstall the software. (CISA is a standalone United States federal agency, an operational component under the Department of Homeland Security).
If a company doesn't utilize Orion software, they may not be out-of-the-woods yet.
As security organizations analyze what happened during this breach, more things are being discovered. As an example, Microsoft announced last week that the threat actors had been able to look at the source code for their software. That doesn't mean anything yet, but it may lead to future breaches based on the knowledge they gained.
What Should You Do Now?
Keep an eye on the news, watch for updates, or contact SVA Consulting for a better understanding of the risks that need to be managed.
©2021 SVA Consulting
