Security Bulletin: SolarWinds Orion
Late yesterday, our team became aware of an attack on SolarWinds Orion, a network management product by SolarWinds who counts 450 of the top Fortune 500 companies in addition several branches of the Federal Government as customers. To be clear, simpleroute does not use or rely on any SolarWinds software in our practice. However, the incident has already lead to significant connectivity issues over the prior 48-hours which we expect to continue for the foreseeable future until parties are confident that effective protective measures are in place.
The extremely sophisticated attack was first detected by FireEye within their own infrastructure. This event has the potential for significant business and governmental harm as the software is ubiquitous in large infrastructure for managing networks. Additionally, the compromised Orion code has been rumored to date back to March of this year allowing a large window of opporunity for harm. Late yesterday, the Department of Homeland Security issued an emergency directive outlining mitigation steps and we expect these mitigation efforts to continue impacting hosted customer platforms and other large company infrastructure in the near term.
Given the potential for business interruption, we felt a bulletin warranted to keep our business partners apprised of the development. We will continue to provide updates should they be necessary. Please report connectivity issues to us but note we may need to wait for upstream providers as they process mitigation steps.
Technical Attack Information
For our more technical partners, the breach was a supply chain attack believed to have been carried out within SolarWinds Orion builds dating back to a code release in March, 2020. This attack specifically allowed malicious actors to insert signed executable binaries into SolarWinds managed endpoints. Our fear is these may have previously been used to delivery payloads publicly that may be dormant given the length of time between incident and detection.
FireEye posted mitigation steps as well as detailed technical data in their analysis that should also be reviewed in addition to the DHS directive. SolarWinds has released a first patch and anticipates a second to start addressing potential new attacks. Other security vendors are undoubtedly going to be issuing updates related to implementing these and similar efforts due to the potential for widespread issues. As always, keeping software and firmware up to date is paramount.
If your firm is currently using SolarWinds in any capacity across your network, we recommend reviewing the FireEye data and contacting us if you need assistance.
For those looking for additional information, please see the links below: