SolarWind’s Orion

Cybersecurity incident is a security event that compromises the integrity, confidentiality, and /or availability of an information asset whereas a breach is an incident that results in confirmed disclosure of data to an unauthorized party. In the world, there have been numerous cybersecurity violation incidents that are regularly on news portals.

Recently, SolarWinds a Texas-based company comes into spotlight whose software was compromised while servicing some of the biggest agencies and companies in the United States. Solar Winds product, Orion Platform offers a single architecture that scales to manage the most complex and geographically isolated IT environments. According to the SolarWinds website, their scalability engines are designed to provide monitoring and management for large infrastructures. This means the invaders who were able to compromise this platform had an exceedingly high level of access to all of the SolarWinds client systems.

If we look back the history of the company, according to the company’s website their first products Trace Route and Ping Sweep helped IT professionals to cope with early stage cybersecurity attacks. SolarWinds also provides computer networking monitoring services to corporations and government agencies around the world, and has become a dominant player since 1999. Although they are not as commonly known as Microsoft, SolarWinds products have been used in back office by IT professionals around the world.

SolarWind's Orion

According to SolarWinds official press release, they were the victim of a cyberattack to their systems that inserted a vulnerability (SUNBURST) within their Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated. This could potentially allow an attacker to compromise the server on which the Orion products run. Attackers suspected to be state-sponsored had injected malware into a service that provided software system updates for its Orion platform to its customers, then that enabled assailant to open a backdoor (signed with SolarWinds’ legitimate certificates) into a DLL file utilized by the SolarWinds Orion platform. The code name given for the attack is sunburst and known as supply chain attack. The domain name avsvmcloud[.]com was utilized by the hackers to communicate with systems compromised by the backdoored Orion product updates and the communication was masqueraded as Orion Improvement Program (OIP) protocol. The updates were released in the middle of March 2020 and June 2020. SolarWind declared that risk of attackers are within some systems for as long as 9 months. Besides that the attack conjointly compromised the victim’s Microsoft Office 365 accounts.

According to SolarWinds officials, 2,75,000 customers use SolarWind’s Orion product. Out of that, it is believed that “fewer than 18,000” users might have a vulnerable version. The product is used in the U.S. federal, homeland security, and Fortune five hundred companies for observance of their IT Networks. SolarWinds customers are American telecoms, 5 branches of the american military and numerous federal agencies like Pentagon, State Department and therefore the workplace of the President of the U.S. SolarWind has filed a report in which stated that “the vulnerability was introduced as a result of a compromise of the Orion Software build system and was not present in source code repository of the Orion Products.” The breach was discovered by prominent cybersecurity company FireEye which also uses SolarWinds products. Western Security Experts have claimed that the activity was organized by Russia but there is no official confirmation.

SolarWind recommend their customers with any of the products affected for Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to upgrade to Orion Platform version 2020.2.1 HF 2 as soon as possible to better ensure the security of their environment.

To view more articles like this please do visit our website and subscribe to the newsletter for frequent updates.

Get Connected

Share This