A recent malware attack, mainly targeting the US government and known as ‘Sunburst’, has caused concern worldwide.
SolarWinds, based in Austin, Texas, provides computer network management tools to a wide range of clients and announced recently that its Orion product had been compromised.
Pro Drive want to reassure our clients that we don’t use this product.
A notice from SolarWinds stated: ‘We have been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 through 2020.2.1.
We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed incident, as opposed to a broad, system-wide attack. At this time, we are not aware of an impact to our SolarWinds MSP products including RMM and N-central.’
It later transpired that the platform had also been hacked by a second, unrelated malware strain, called ‘Supernova’, which was deployed via a previously undetected software vulnerability in Orion.
SolarWinds has since issued security fixes to protect customers against both Sunburst and Supernova.
What happened in this recent malware attack?
The attackers were able to install malware onto the systems of some 18,000 government and private computer users, who unwittingly gave attackers access to highly secure networks and classified information.
Once the malware was installed, the attackers could then select which organisations they wanted to target further. Around 50 firms are believed to have been ‘genuinely impacted’ by a massive breach, including the US Treasury and departments of homeland security, state, defence and commerce.
Does it affect the UK?
While the US was the main target, SolarWinds is used by a huge number of businesses, including Fortune 500 companies and government agencies globally.
In the UK, the Information Commissioners Office (ICO) has warned that the cyber attack could impact some UK organisations. Only a small number of British companies are thought to have been affected but accountants Deloitte, chip-makers Intel and Nvidia, and cloud-computing software maker VMWare are believed to have used the product involved.
The UK’s National Cyber Security Centre has recognised the attack as a serious, global cyber-incident but confirms that simply having SolarWinds does not automatically make an organisation vulnerable to it.
The ICO has advised businesses to “immediately check” if they have been affected by the SolarWinds hack.
When will we know more?
The US government is investigating the repercussions of the attack and Microsoft is also looking into it. The breach looks to have started in March 2020. As is often the case, hackers were able to trick people into downloading malware. Investigators have warned it could take years to uncover the extent of the damage.
FireEye, the cyber security company who found the breach, said the malware can lie dormant for weeks and can disguise its activity as standard Orion procedures.
While this breach appears to have mainly affected other organisations, as always we advise you to ensure you do a proper cyber security review and have the best protection in place for your organisation.
Train your staff in being cyber aware (see our latest video webinar with Mimecast for details) and talk to us if you need further information.