On December 8, 2020 the cybersecurity company FireEye revealed that it was the victim of a data breachSince then, multiple other hacks have been reported that are tied to the same cyberattack campaign. 

Inside the Hack 

The origin of the hacks of FireEye and multiple US government departments (including the Departments of the Treasury, Commerce, and Homeland Security) has been traced back to malicious software updates distributed by the cybersecurity vendor SolarWindsSolarWinds is believed to have been breached by cyber threat actors associated with Russia. 

The attackers compromised the SolarWinds network and gained access to private keys that enabled them to create digitally signed, malicious software updates to SolarWinds’ Orion network monitoring productThe malicious updates provided the attackers with initial access to the networks of SolarWinds customersFrom this starting point, the attackers were able to expand their access and gain elevated privileges. 

This attack campaign has already been discovered to have caused a breach of FireEye’s red team tools and allowed the cyberattackers to monitor email communications within the Departments of Commerce and the TreasuryHowever, SolarWinds also claims most of the Fortune 500, multiple US government departments and military branches, and major telecommunications and accounting organizations as clients. 

While it is not certain that all of SolarWinds’ customers use affected versions of Orion, it is likely that other organizations have been impacted by the breachThe threat was significant enough that DHS issued an emergency directive to government agencies instructing them to physically disconnect all Orion devices from their networks and treat all systems monitored by these devices as compromised. 

SolarWinds and the Supply Chain Security Threat 

The potential cybersecurity threats of relationships with third party organizations and of supply chains is not a new oneSome of the largest cyberattacks on record, such as the 2013 Target breach, involved exploitation of a trusted partner with access to the target network. 

The SolarWinds hack and the resulting attack campaign simply serves to underscore the importance of having a strategy and solutions in place to manage third-party riskTools like Orion may be vital to an organization’s operations and cybersecurity strategyHowever, it is essential that an organization identifies and acknowledges the potential cybersecurity risks associated with these trusted relationships and takes steps to minimize and mitigate them. 

How MorganFranklin Can Help 

Performing a comprehensive analysis of third-party risk can be a daunting taskMost organizations have many trusted third-party relationships but can lack visibility into the exact nature of these relationships and how integral they are to the organization’s cybersecurity and ability to operateTo learn more about potential sources of third-party risk to your organization, check out this blog. 

MorganFranklin has extensive experience in supply chain and third-party risk analysisMorganFranklin analysts can walk your organization through proven processes for identifying third party relationships, prioritizing them, and identifying the associated risksThis provides your organization with the data necessary to make informed risk management decisions and to take steps to minimize and control these risks. 

Talk to one of our cybersecurity experts