{"id":2575,"date":"2021-05-06T08:30:57","date_gmt":"2021-05-06T12:30:57","guid":{"rendered":"https:\/\/www.trifectanetworks.com\/?p=2575"},"modified":"2025-06-26T09:33:33","modified_gmt":"2025-06-26T13:33:33","slug":"solarwinds-breach-if-cyber-companies-can-get-hit-do-you-stand-a-chance","status":"publish","type":"post","link":"https:\/\/www.trifectanetworks.com\/staging02\/about\/blog\/solarwinds-breach-if-cyber-companies-can-get-hit-do-you-stand-a-chance\/","title":{"rendered":"SolarWinds Breach: If Cyber Companies Can Get Hit, Do You Stand A Chance?"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"900\" height=\"600\" src=\"https:\/\/www.trifectanetworks.com\/staging02\/wp-content\/uploads\/2021\/05\/Abacode-Blog-Lessons-learned-from-FireEye-and-SolarWinds.jpg\" alt=\"\" class=\"wp-image-2577\" srcset=\"https:\/\/www.trifectanetworks.com\/staging02\/wp-content\/uploads\/2021\/05\/Abacode-Blog-Lessons-learned-from-FireEye-and-SolarWinds.jpg 900w, https:\/\/www.trifectanetworks.com\/staging02\/wp-content\/uploads\/2021\/05\/Abacode-Blog-Lessons-learned-from-FireEye-and-SolarWinds-150x100.jpg 150w, https:\/\/www.trifectanetworks.com\/staging02\/wp-content\/uploads\/2021\/05\/Abacode-Blog-Lessons-learned-from-FireEye-and-SolarWinds-300x200.jpg 300w, https:\/\/www.trifectanetworks.com\/staging02\/wp-content\/uploads\/2021\/05\/Abacode-Blog-Lessons-learned-from-FireEye-and-SolarWinds-600x400.jpg 600w\" sizes=\"(max-width: 1199px) 98vw, 900px\" \/><\/figure>\n\n\n\n<p>By: Jeremy Rasmussen, Abacode CTO<\/p>\n\n\n\n<p>Is your organization prepared and well equipped to protect its critical IT infrastructure?<\/p>\n\n\n\n<p>You probably have heard of the SolarWinds Breach but what exactly is SolarWind software and how can you protect your company and your IT infrastructure from a similar attack?<\/p>\n\n\n\n<p>SolarWinds is software that allows for centralized health\/status monitoring and management of corporate networks. SolarWinds customers include Microsoft, McDonald\u2019s, Lockheed Martin, and Yahoo, as well as many government and military departments in the US and internationally.<\/p>\n\n\n\n<p>18,000 SolarWinds customers, downloaded the malicious Orion software update, which was actually cryptographically signed (i.e., vendor \u201cverified\u201d software) by SolarWinds between March (version 2019.4 HF 5) and June of 2020 (version 2020.2.1).<\/p>\n\n\n\n<p>The trojan itself stayed dormant for a couple of weeks before it began connecting out to command &amp; control sites to retrieve and execute commands, including the ability to transfer and execute files, pull system profile info, reboot machines, and disable services.<\/p>\n\n\n\n<p>The malware evades detection by mimicking normal SolarWinds API communications, interleaving its network traffic with legitimate SolarWinds Orion Improvement Program (OIP) protocol traffic, and even storing its reconnaissance results within legitimate plug-in configuration files. The trojan also used multiple obfuscated blocklists to side-skirt endpoint protection tools running as processes, services, and drivers.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"SolarWinds Breach Webinar | Trifecta Networks\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/6ssL2sz4k_w?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>So, how did SolarWinds get hacked? We don\u2019t know yet. According to&nbsp;SolarWinds, the attack: <em>\u201cwas likely the result of a highly sophisticated, targeted, and manual supply chain attack by an outside nation state, but we have not independently verified the identity of the attacker.\u201d<\/em><\/p>\n\n\n\n<p>Some have said there\u2019s the possibility of an insider at SolarWinds who helped the hackers gain access to its clients, or maybe attackers exploited a&nbsp;weakness in a public-facing system&nbsp;meaning they could be targeting them remotely.<\/p>\n\n\n\n<p>According to a&nbsp;SolarWinds report&nbsp;filed with the U.S. Securities and Exchange Commission (SEC), it was a DevOps security issue: \u201cthe vulnerability \u2026 was introduced as a result of a compromise of the Orion&nbsp;<em>software build system<\/em>&nbsp;and was not present in the&nbsp;<em>source code repository<\/em>&nbsp;of the Orion products.\u201d<\/p>\n\n\n\n<p>DevOps is, the combination of development (Dev) and operations (Ops) \u2013 i.e., the people, processes, and technology used to put out new software builds. Perhaps if SolarWinds had better DevSecOps practices in place, it could have detected and stopped the malware before it was widely propagated.<\/p>\n\n\n\n<p>No matter how it happened, the lesson is very clear: no matter who you are, it\u2019s not\u00a0if\u00a0you will be targeted, but\u00a0when, and how ready you will be to respond.<\/p>\n\n\n\n<p>Unless you have a third-party such as Abacode powered by Trifecta, with eyes-on-glass, 24\/7\/365 monitoring for these types of breaches, you are just flying blind.<\/p>\n\n\n\n<p>If you don\u2019t have continuous monitoring, you really have nothing. No security at all. If you are a SolarWinds customer, or even if you\u2019re not, what can you do today? Have our team discuss your current cybersecurity strategy, perform a comprehensive assessment and create a customized plan designed to manage and reduce your cyber risk at all levels.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By: Jeremy Rasmussen, Abacode CTO Is your organization prepared and well equipped to protect its critical IT infrastructure? You probably have heard of the SolarWinds Breach but what exactly is SolarWind software and how can you protect your company and your IT infrastructure from a similar attack? SolarWinds is software that allows for centralized health\/status [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2611,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"class_list":["post-2575","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.trifectanetworks.com\/staging02\/wp-json\/wp\/v2\/posts\/2575","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.trifectanetworks.com\/staging02\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.trifectanetworks.com\/staging02\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.trifectanetworks.com\/staging02\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.trifectanetworks.com\/staging02\/wp-json\/wp\/v2\/comments?post=2575"}],"version-history":[{"count":3,"href":"https:\/\/www.trifectanetworks.com\/staging02\/wp-json\/wp\/v2\/posts\/2575\/revisions"}],"predecessor-version":[{"id":17331,"href":"https:\/\/www.trifectanetworks.com\/staging02\/wp-json\/wp\/v2\/posts\/2575\/revisions\/17331"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.trifectanetworks.com\/staging02\/wp-json\/wp\/v2\/media\/2611"}],"wp:attachment":[{"href":"https:\/\/www.trifectanetworks.com\/staging02\/wp-json\/wp\/v2\/media?parent=2575"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}