In any industry, some of the top competitors have a robust IT infrastructure that allows them to store large amounts of data and applications, access them quickly, and have little to no server downtime. However, not everyone has the knowledge or expertise to create a reliable IT infrastructure and maintain it. Because of the high demand for specialists across multiple sectors in the IT industry, many seize the opportunity to develop IT monitoring platforms designed to help other companies.
One such platform is SolarWinds Orion, and behind the platform lies the companies mission to empower all businesses to adopt technology successfully. SolarWinds are some of the best in the industry for providing a wide array of management solutions and IT monitoring. Their knowledge expands in areas such as database performance analysis, network monitoring, cloud technology, and security.
However, even tech companies face issues, and the cause is not always technical. Security breaches are a real threat to any company’s IT infrastructure. Most recently, CISA (Cybersecurity and Infrastructure Security Agency) issued an emergency directive to power down SolarWinds Orion Products due to a security breach. Here is what you need to know!
SolarWinds Orion Platform
SolarWinds Orian is one of the most popular products from their line. The Orion suite features six tools which include, Netflow Traffic Analyzer, Network Performance Manager, Server, and Application Monitor, Virtualization Manager, Network Configuration Manager, and Storage Resource Monitor. All these tools combined offer a complete oversight over applications, network, and storage resources.
The Orion platform gives you the freedom to choose the tools that are most useful for your business. Whether the IT infrastructure management has to deal with 10 or 1,000 nodes, SolarWinds offers the right solutions to reduce downtime and improve efficiency. The most popular Orion tools are the Server and Application Monitor (SAM), the Storage Resource Monitor (SRM), and the Network Performance Manager (NPM).
With these tools in your pocket, you have fully customizable dashboards that allow users to focus on specific metrics that are important for the business. The Orion platform, along with other SolarWinds products, is entirely modular, allowing other tools to be seamlessly integrated into the UI. SolarWinds products are designed to scale quickly as your IT infrastructure grows.
SolarWinds Orion Products Security Breach
Digital threats are a real issue nowadays since they can knell even the most robust tech companies. If a company’s IT infrastructure is at risk, it could cause massive revenue losses, or in the worst-case scenario, it could end the business. Cyber attacks are a real issue, and organizations such as CISA are working together with partners to defend against today’s threats and collaborate to build secure and resilient infrastructures.
CISA issued an Emergency Directive 21-01, which is urging all SolarWinds Orion users to power-down the products immediately and review their networks for signs of a data breach. The emergency directive comes “ in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors.”
The CISA director Brandon Wales said that the directive was intended to mitigate potential compromises within a civilian network and has urged all SolarWinds Orion partners to assess the possible compromise and work quickly to secure their networks against exploits. The directive also urged all organizations running SolarWinds Orion products to report back that they have completed the products shut down by noon.
The Department of Homeland Security has issued an emergency directive to order all federal agencies to take immediate steps to affect SolarWinds Orion products offline and report back any incident.
As the threat is being analyzed and mitigated, as part of a security advisory, Solar Winds urges customers to upgrade the Orion platform to the 2020.2.1 HF 1 version as soon as possible. However, if the immediate update is not possible, they provide a couple of guidelines to avoid compromise, including disabling internet access for the platform, limiting connections and ports to what is strictly necessary, and installing Orion platform behind firewalls.
It seems that hackers over the past years have taken advantage of the tools MSPs (Manage Service Provider) rely on to manage IT systems, but the tools used in this breach are not linked to the SolarWinds MSP business. The Orion platform supports the traditional IT infrastructure management business, but it’s not connected to the SolarWinds MSP business. The company suggests that they are not aware of any impact on their remote monitoring and management (RMM) and other associated SolarWinds MSP products from the data breach.
SolarWinds reports that its technology is being used by the Pentagon, the US military and all its five branches, the State Department, the NSA, NASA, the Postal Service, the Department of Justice, the National Oceanic Atmospheric Administration, and the Office of the President of the United States. SolarWinds reported that the government departments are aware of these reports and are taking the necessary steps to remedy any possible issue in this situation.
FireEye on SolarWinds Security Breach
Washington Post reported that the U.S. Treasury and the U.S. Commerce Departments were breached through SolarWinds. The FireEye security vendor has also experienced a data breach, and it is unclear if it is linked to SolarWinds. IT management vendor from SolarWinds disclosed their platform experience a manual supply chain attack, which was highly sophisticated because it targeted the Orion network monitoring product.
The data breach targeted Orion’s versions of network monitoring product released between March and June of this year, and it is said that it was an attack from outside the nation. The breach was narrow and extremely targeted, and it was manually executed, but no specific country was named. A FireEye blog post stated that the attack targeted multiple public and private organizations through trojanized updates of the SolarWinds Orian software. Names of the victims were not disclosed, but FireEye is working closely with SolarWinds, the Federal Bureau of Investigation, and other partners.
FireEye soon made a shocking statement through which they announced a security breach on their platform, and they believe it is a state-sponsored attack to gain information about firms’ government customers. FireEye reported that the attacker gained access to FireEye’s internal systems but didn’t exfiltrate data from their primary systems where they store sensitive information.
However, the attacker managed to steal some of FireEye’s security assessment tools. It is uncertain whether the threat actor is going to use the tool himself or disclose them publicly. FireEye stock has dropped by about 11% per share, and the hack was disclosed after the market closed. Washington Post reported that the hackers with the Russian intelligence service that attacked FireEye also compromised some governmental agencies such as the Treasury and Commerce departments.
FireEye saw a pattern in the attacks that share common characteristics:
- Attackers used limited malware to avoid detection and complete their mission.
- Malicious code was inserted in the software updates of the SolarWinds Orion platform, allowing them remote access into the victims’ environment.
- Attackers managed to blend into regular network activity to avoid being caught.
- Threat actors are carefully covering their tracks with a high level of operational security and other tools.
FireEye reported that the data breach took place for months, and many point out to an operation that targeted the State Department and the White House. The hack also led to a National Security Council meeting at the White House as the U.S. intelligence community expressed its concern that hackers might’ve used a similar tool to break into other government agencies.
Conclusion – Prepare for the Future
While the SolarWinds Orion Platform has suffered a data breach, many other platforms are gaining ground in a competitive marketplace where network, application, and resource monitoring is crucial for business growth.
Even if your organization isn’t running SolarWinds products, it still might not be out of the woods. If a third party or vendor your organization uses runs this software, they might be infected. And if they have access to your network or systems, your organization could be attacked through that connection. Even if your organization has a program, it is a good time for an overhaul and improvement.
Volico Data Centers does not leverage any technologies branded and marketed by SolarWinds, the products we are currently using have not been identified as being vulnerable or involved in this security incident.