Many organisation in the Channel Islands and Isle of Man use a tool called Orion from Solarwinds, to monitor the health, status and security of their computer networks. These organisations must urgently upgrade their software as directed by the supplier.
The Austin, Texas-based company, Solarwinds, which provides computer network management tools to a wide variety of clients including the government and financial sectors, recently disclosed that one of its leading products had been compromised – in fact not once, but twice, with the second incident being a compromise by malware from a suspected second perpetrator, adding a separate backdoor. The company has 18,000 clients around the globe.
It has been reported that Microsoft, Deloitte, Cisco, Intel, Nvidia, VMWare, Belkin, at least one hospital and a university are all among those who have used the Orion network monitoring tool that was manipulated to provide the hackers a backdoor exploit.
It is also understood that the USA Treasury and departments of Homeland Security, State, Defence and Commerce were also targeted via the breach, which has been dubbed “Sunburst”.
The sophisticated hack has been described as ‘grave’ and ongoing. SolarWinds has released an update that they claim closes the backdoor vulnerability, and Microsoft has taken control of part of the hackers’ infrastructure to prevent the attack from spreading further.
A particular concern of this exploit, is that the monitoring software often sits in the heart of a corporate network with elevated access rights, meaning that it could potentially access corporate systems and data.
The UK’s data privacy regulator has warned organisations that they should immediately check if they have been affected by the hack. Under the Jersey, Guernsey and UK data protection laws, companies have 72 hours to report a breach once discovered.
As a result of the attack, Solarwinds’ share price nose-dived from $23.55 to $14.18, but recovered very slightly to $16.06.
President Donald Trump has suggested that China could be behind the attack, whilst President-elect Joe Biden mentioned suspicions that Russia was to blame.
- Solarwinds clients should read and follow this security advice from Solarwinds.
- More details can be read here from FireEye’s security threat research.
