The SolarWinds hack, discovered in late 2020 when FireEye announced it had been targeted through a third party vulnerability, has now become one of the most widespread and impactful supply chain attacks in history.
As more information is gathered about where and when the SolarWinds hack originated and how security teams might have acted differently to prevent the hack, we asked our BitSight experts to answer some of your most pressing SolarWinds questions.
The questions below were asked by real BitSight customers during a recent webinar surrounding the SolarWinds hack, and were answered by a BitSight team made up of Stephen Boyer, Co-Founder and CTO, Jake Olcott, VP of Communications and Government Affairs, and Dan Dahlberg, Director of Security Research.
A: We don’t know, and as far as we have been tracking, they have not said. The code got inserted on their build server, in their build process as early as October 2019.
A: Yes, and recently we are finding that there are ties between the two.
A: It is believed that only the SolarWinds Orion platform was affected by this supply chain attack.
A: It is believed that the additional malware discovered by Microsoft is a separate incident to this supply chain attack that was also used to perform targeted attacks on companies. SolarWinds and its partners analyzing this compromise would have the most accurate knowledge whether other versions of software are vulnerable to the same or different attacks.
A: It is common for adversaries to move laterally within the network once they've breached an organization, which can involve installing additional backdoors or other means of persistent access beyond the initial SolarWinds device. Currently there have been insufficient details published regarding what occurred on organizations that were affected by the second stage of attack.
A: If the threat actor accessed the system then it is possible they made additional changes to the device, or moved laterally within the network to ensure persistent access. There hasn't been enough information published by organizations confirmed to have been targeted by the second stage of the attack that would give light on the specific tactics they employed once they achieved access. Given the sophistication of the threat actor, it is possible they took a unique approach to each targeted company.
A: BitSight isn't and was never a SolarWinds customer.
There continues to be new information about the SolarWinds hack made known to the public as companies analyze their networks to piece together the depth of the breach. The BitSight team has created a SolarWinds Resource Center to help security leaders find the SolarWinds hack information they need, all in one place.
For a tailored walk-through on where SolarWinds may be living on your network, request a demo today.
The SolarWinds supply chain attack did more than just create cybersecurity problems for businesses and government agencies – it has had a strong impact on the mindset of CISOs. Already under stress, the incident further dispirited many...
The SolarWinds hack, discovered in late 2020 when FireEye announced it had been targeted through a third party vulnerability, has now become one of the most widespread and impactful supply chain attacks in history.
In light of the cyber attack targeting SolarWinds, security and risk professionals are working to identify instances of the Orion software within their organization -- including their broader partner ecosystem -- and reduce their...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469