The SolarWinds hack, also known as Solorigate or Sunburst, is one of the most significant cybersecurity breaches within the last 10 years. This supply chain attack, discovered in December 2020, targeted SolarWinds, a prominent IT management software company, and its Orion platform. The hack had major consequences, impacting many government agencies and private companies.
The SolarWinds hack is a good example of a supply chain attack, where attackers target a weaker link in a company’s supply chain instead of attacking the company directly. According to the ICCCNT report, “A supply chain attack is a kind of cyber-attack such that the organizations are not attacked directly, but the intermediate parties such as vendors and their software code are attacked instead” (Alkhadra et al., 2021, p. 2). In this case, the attackers exploited vulnerabilities in SolarWinds’ software development and update processes. One big issue was that SolarWinds did not separate its IT network from its development network, which allowed attackers to add malicious code into Orion’s software updates. Additionally, the company relied on third-party components, which are often not checked as thoroughly and can have security flaws.
Another problem was weak security systems for logging in. The hackers got around security by stealing passwords and taking advantage of weak login protections. SolarWinds also did not have enough monitoring and logging in place, which made it hard to detect the breach early. As a result, the attackers were able to go unnoticed for months, stealing sensitive data and staying active in the networks they compromised.
The hackers behind the SolarWinds attack were highly skilled and used advanced techniques to exploit these vulnerabilities. According to TechTarget, the attackers injected malicious code, known as SUNBURST, into the Orion software updates, which were then distributed to over 18,000 organizations (Oladimeji & Kerner, 2023). This malware allowed the attackers to gain unauthorized access to the networks of SolarWinds’ customers, including government agencies and major corporations. As stated in the report, “Any user who installed that update, gave the hackers a pathway to access the bigger system of SolarWinds clients” (Alkhadra et al., 2021, p. 3). The attackers also stole login credentials and escalated their access privileges, letting them move deeper into the networks and steal sensitive information while maintaining control over the systems.
The effects of the SolarWinds hack were serious and widespread. The breach affected over 18,000 organizations, including several U.S. federal agencies such as the Department of Defense, the Department of Energy, and the Department of Homeland Security. Private sector companies, including Microsoft, FireEye, and Cisco, were also impacted. The NPR article highlights how the attack was tough on the FireEye CEO Kevin Mandia. He helped uncover the attack and led the response efforts, but the situation took an emotional toll on him and others working in the field. The attackers gained access to sensitive data, including emails, internal communications, and intellectual property. The financial cost was also very high. SolarWinds estimated spending $20 to $25 million on improving its security and cyber insurance. The company also faced $90 million in customer compensation and $312,000 in investigation costs. As noted in the report, “The cost can’t be measured in terms of money spent, rather it can be measured with understanding and estimating the three types of costs: direct, indirect, and hidden costs” (Alkhadra et al., 2021, p. 5).
Several cybersecurity measures could have mitigated or prevented the SolarWinds hack. First, adopting a security model that constantly verifies access would have made it harder for attackers to move within the network. So no user or device is automatically trusted, so strict access controls and continuous verification are applied. Second, separating the IT network from the development network would have made it more difficult for attackers to compromise the software development process. According to the report, “If SolarWinds followed the NERC CIP standards they would’ve applied the CIP-005-6, which instructs to separate the IT network authentication from development one” (Alkhadra et al., 2021, p. 5). Third, regularly checking and monitoring third-party components used in software development could have found security problems before they were exploited. Finally, having better logging and monitoring systems would have helped detect the breach earlier.
The SolarWinds hack shows how important cybersecurity is in today’s world. The attackers used weak login protections, bad network separation, and poor monitoring to succeed. The attack caused serious problems for thousands of organizations and cost millions of dollars. However, using better security methods like zero-trust systems, separating networks, and constant monitoring can help protect against similar attacks. As cyber threats keep growing, it’s important for organizations to stay prepared and improve their cybersecurity.
References
Alkhadra, R., Abuzaid, J., AlShammari, M., & Mohammad, N. (2021, July). Solar winds hack: In-depth analysis and countermeasures. In 2021 12th International Conference on Computing Communication and Networking Technologies (ICCCNT) (pp. 1-7). IEEE.
Oladimeji, S., & Kerner, S. M. (2023, November 3). SolarWinds hack explained: Everything you need to know. TechTarget. https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know
Temple-Raston, D. (2021, April 16). How Russia Used SolarWinds To Hack Microsoft, Intel, Pentagon, Other Networks. NPR. https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack