SolarWinds Issues Fix After Massive Hacking Campaign

Matthew Broersma,
M2M: The Future of Cybersecurity

SolarWinds says two security updates protect against ‘Sunburst’ attacks as well as more recently discovered ‘Supernova’ malware

Network tools maker SolarWinds has issued security fixes for its flagship Orion platform after the tool was discovered to have been used in a major hacking campaign earlier this month.

The company said it issued two patches on 14 and 15 December, a day after it disclosed on 13 December that Orion had been hacked.

The company also released fixes for all other versions of the Orion platform, including a fix for customers using unsupported versions.

“Sunburst” refers to what SolarWinds called a “very sophisticated supply chain attack” that inserted a vulnerability into Orion.

HSBC, security, hacking

‘Supernova’

It later emerged the platform had also been hacked by a second, unrelated malware strain, called “Supernova”, which was deployed via a previously undetected software vulnerability in Orion.

The security fixes protect customers against both Sunburst and Supernova, SolarWinds said.

Following the company’s initial disclosure of the hac, it emerged that the Orion had been used to breach numerous US government departments and private companies.

The “Sunburst” attack is currently known to have affected the US Treasury Department, the National Telecommunications and Information Administration and the Department of Homeland Security, as well as Microsoft, Cisco, Intel,  Nvidia and UK accountants Deloitte.

A UK security source has said a small number of British organisations are likely to have been affected.

Nation-state hack

Some industry watchers have indicated it could take more than a year for organisations to determine whether they have been affected by the attack, which began in March.

US lawmakers have indicated they suspect Russian hackers to have carried out the “Sunburst” attack with the backing of the country’s government, although no attribution has yet formally been made.

“It’s clearly a sophisticated intelligence operation and no doubt was done by a state actor. And we’ll get around to attribution of that at a time and place of our choosing,” US national security adviser Robert O’Brien told Fox News.

Russia has denied any connection to the attack.

Liviu Arsene, a researcher at Bitdefender, said attacks on the supply chain are likely to become more common next year.

“Either for political or economic reasons, supply chain attacks will likely affect even industry verticals that have rarely been hit in the past, such as real-estate or healthcare,” he said.

He added that research, pharmaceuticals and healthcare organisations are likely to face increased threats.