SolarWinds touts its Orion enterprise monitoring software as providing a single pane of glass solution, that has quickly turned in to a single glass of pain.
A sophisticated supply chain attack against the product has resulted in at least one – and almost certainly hundreds more – high profile breaches, including FireEye, a respected cyber security firm that has had their warchest plundered.
The attack inserted malicious code in to a DLL (Dynamic Linked Library) of the application and it has been downloaded and deployed at least 18,000 times according to SolarWinds themselves.
One of the most worrying aspects of this breach is how long it went undetected – estimates place the first malicious payloads going out as early as March 2020.
Strong Beachhead
Unlike many initial footholds on to target systems, its unlikely the attackers needed to do much in the way of privilege escalation or recoinnoisance to take advantage of infected organisations as the SolarWinds software was likely running on servers and also likely to have administrative or system privileges so that it could access the data it needs to perform its monitoring.
Given this, we can expect to see some significant – and by this we mean bad – announcements over the coming weeks as organisations evaluate the damage done, the data disclosed and the scope of their breaches.