Many organisation in the Channel Islands and Isle of Man use (or until recently, used) a tool called Orion from Solarwinds, to monitor the health, status and security of their computer networks. These organisations must urgently upgrade their software as directed by the supplier.
The Austin, Texas-based company, Solarwinds, which provides computer network management tools to a wide variety of clients including the government and financial sectors, recently disclosed that one of its leading products had been compromised – in fact not once, but twice, with the second incident being a compromise by malware from a suspected second perpetrator, adding a separate backdoor. The company has 18,000 clients around the globe.
It is estimated that 18,000 organizations are potentially infected. It has been reported that Microsoft, Deloitte, Cisco, Intel, Nvidia, VMWare, Belkin, at least one hospital and a university are all among those who have used the Orion network monitoring tool that was manipulated to provide the hackers a backdoor exploit.
It is also understood that the USA Treasury and departments of Homeland Security, State, Defence and Commerce were also targeted via the breach, which has been dubbed “Sunburst”.
The sophisticated hack has been described as ‘grave’ and ongoing. SolarWinds has released an update that they claim closes the backdoor vulnerability, and Microsoft has taken control of part of the hackers’ infrastructure to prevent the attack from spreading further.
A particular concern of this exploit, is that the monitoring software often sits in the heart of a corporate network with elevated access rights, meaning that it could potentially access corporate systems and data.
The UK’s data privacy regulator has warned organisations that they should immediately check if they have been affected by the hack. Under the Jersey, Guernsey and UK data protection laws, companies have 72 hours to report a breach once discovered.
As a result of the attack, Solarwinds’ share price nose-dived from $23.55 to $14.18, but recovered slightly to $15.85.
Intelligence services and computer security experts have concluded that the attackers were state-sponsored Russians.
Documents detailing what happened and what to do if you use these Solarwinds products are listed below.
A free tool on GitHub called the ‘Azure AD Investigator’ has been released on GitHub, that will warn organizations if there are signs that their networks were compromised via the SolarWinds’ backdoored Orion software.
- Solarwinds clients should read and follow this security advice from Solarwinds.
- More details can be read here from FireEye’s security threat research:
Please note that Channel Eye is not mandating or recommending this technical software and advice.
