SolarWinds details Orion cyber attack
SolarWinds’ new CEO Sudhakar Ramakrishna has provided details into investigations into the compromise of its Orion network monitoring platform in a sophisticated cyber attack.
In an update, Ramakrishna said the company is working with DLA Piper, CrowdStrike, KPMG and other industry experts on a root cause analysis for the attack aimed at examining how malicious code was inserted into the software without its knowledge.
The investigation to date suggests the use of a “highly sophisticated and novel malicious code injection source” to insert the malicious code into the software.
The malware, which appears to have been carefully crafted to avoid detection, is so sophisticated that the US government and many private sector experts are speculating that a foreign nation state conducted the operation as part of a targeted attack on US cyberinfrastructure.
Analysis suggests that the attackers were able to circumvent threat detection techniques employed by SolarWinds, other private companies and even the US government. The code itself appears to have been designed to provide the perpetrators a way to enter a customer’s IT environment.
SolarWinds, CrowdStrike and KPMG have reverse engineered the code responsible for the attack as part of the investigation. The company has expressed concern that other software development environments could be vulnerable to a similar attack.
Scattered Spider: where every click is one step closer to chaos
Cybercriminal group Scattered Spider often uses social engineering to gain access to identities...
The MediSecure breach thrusts the security spotlight back on service providers
Organisations have been confronting security risks in their supply chains for years, but a new...
Managing third-party cybersecurity risks in the supply chain
Third-party cybersecurity breaches occur when the victim's defences are compromised through a...