Supply Chain Cybersecurity

BITSIGHT ANALYSIS OF SOLARWINDS ORION — PART 2: DECLINING PREVALENCE

Paulo Pacheco | December 18, 2020

In light of the cyber attack targeting SolarWinds, security and risk professionals are working to identify instances of the Orion software within their organization -- including their broader partner ecosystem -- and reduce their exposure.  How responsive have organizations been to the SolarWinds hack?  

Screen Shot 2020-12-18 at 4.52.45 PM

BitSight is leveraging our continuous collection of security performance and software usage data on 260,000 organizations across 24 sectors to track the prevalence of Orion -- including trojanized versions of the software -- and observe steps taken by organizations to reduce their exposure. 

BitSight observes that many organizations with publicly exposed trojanized versions of Orion have acted over the last 3 days to remove those instances from the Internet or to patch them: 

  • Since Dec. 14, we have observed a 71% decline in organizations with publicly exposed trojanized versions of Orion
  • We observed a 63% decline in organizations with publicly exposed trojanized versions of Orion on Dec. 16
  • We observed an additional 8% decline in organizations with publicly exposed trojanized versions of Orion on Dec. 17 

While these efforts may shut off further penetration, organizations once using trojanized versions of Orion may have been compromised since March; FireEye and Microsoft have suggested that a smaller number of organizations may have been impacted. 

Organizations are also acting to remove their instances of SolarWinds Orion from the Internet, likely bringing the software inside the firewall to reduce potential exposure. The rate that organizations are removing these instances is significantly less than the trojanized version -- likely due to the fact that Orion is a critical piece of software for many organizations: 

  • Since Dec. 14, we have observed an 8% decline in organizations with publicly exposed SolarWinds Orion
  • We observed a 7% decline in organizations with publicly exposed SolarWinds Orion on Dec. 16
  • We observed an additional 1% decline in organizations with publicly exposed SolarWinds Orion on Dec. 17 

BitSight recommends that security and risk professionals immediately determine the prevalence of SolarWinds Orion within their organization and broader third party supply chain in order to mitigate the risk of exposure. Given the significance of this incident, BitSight recommends reporting any potential exposure to senior executives and the board as soon as possible. For additional information, please read our earlier Part 1 analysis of the SolarWinds breach.  

 

Webinar : Understanding The Impact of the SolarWinds Breach on your Supply Chain

Suggested Posts

BITSIGHT ANALYSIS OF SOLARWINDS ORION — PART 2: DECLINING PREVALENCE

In light of the cyber attack targeting SolarWinds, security and risk professionals are working to identify instances of the Orion software within their organization -- including their broader partner ecosystem -- and reduce their...

READ MORE »

FBI Alerts Companies of Cyber Attacks Aimed at Supply Chains

Earlier this month, ZDNet broke the news that the FBI had sent a cybersecurity alert to the U.S. private sector warning of an ongoing hacking campaign against supply chain software providers. According to the FBI, hackers are attempting to...

READ MORE »

What Role Does Procurement Play in Supply Chain Risk Management?

Thanks to globalization and rapidly developing technology, enterprise involves more connections than ever before, and more connections means more risk in the supply chain.

Supply chain risk extends past those suppliers with whom you’re...

READ MORE »

Subscribe to get security news and updates in your inbox.