On December 8, 2020 the cybersecurity company FireEye revealed that it was the victim of a data breach. Since then, multiple other hacks have been reported that are tied to the same cyberattack campaign.
Inside the Hack
The origin of the hacks of FireEye and multiple US government departments (including the Departments of the Treasury, Commerce, and Homeland Security) has been traced back to malicious software updates distributed by the cybersecurity vendor SolarWinds. SolarWinds is believed to have been breached by cyber threat actors associated with Russia.
The attackers compromised the SolarWinds network and gained access to private keys that enabled them to create digitally signed, malicious software updates to SolarWinds’ Orion network monitoring product. The malicious updates provided the attackers with initial access to the networks of SolarWinds customers. From this starting point, the attackers were able to expand their access and gain elevated privileges.
This attack campaign has already been discovered to have caused a breach of FireEye’s red team tools and allowed the cyberattackers to monitor email communications within the Departments of Commerce and the Treasury. However, SolarWinds also claims most of the Fortune 500, multiple US government departments and military branches, and major telecommunications and accounting organizations as clients.
While it is not certain that all of SolarWinds’ customers use affected versions of Orion, it is likely that other organizations have been impacted by the breach. The threat was significant enough that DHS issued an emergency directive to government agencies instructing them to physically disconnect all Orion devices from their networks and treat all systems monitored by these devices as compromised.
SolarWinds and the Supply Chain Security Threat
The potential cybersecurity threats of relationships with third party organizations and of supply chains is not a new one. Some of the largest cyberattacks on record, such as the 2013 Target breach, involved exploitation of a trusted partner with access to the target network.
The SolarWinds hack and the resulting attack campaign simply serves to underscore the importance of having a strategy and solutions in place to manage third-party risk. Tools like Orion may be vital to an organization’s operations and cybersecurity strategy. However, it is essential that an organization identifies and acknowledges the potential cybersecurity risks associated with these trusted relationships and takes steps to minimize and mitigate them.
How MorganFranklin Can Help
Performing a comprehensive analysis of third-party risk can be a daunting task. Most organizations have many trusted third-party relationships but can lack visibility into the exact nature of these relationships and how integral they are to the organization’s cybersecurity and ability to operate. To learn more about potential sources of third-party risk to your organization, check out this blog.
MorganFranklin has extensive experience in supply chain and third-party risk analysis. MorganFranklin analysts can walk your organization through proven processes for identifying third party relationships, prioritizing them, and identifying the associated risks. This provides your organization with the data necessary to make informed risk management decisions and to take steps to minimize and control these risks.
