SolarWinds Attack: What Do I Need to Know?

In December of last year, it was reported that SolarWinds had experienced a massive security breach. An IT company with extraordinarily high-profile clients — including Fortune 500 companies and government agencies — SolarWinds had potentially been compromised for months. 

The security breach that left SolarWinds vulnerable potentially compromised high-level government agencies, including the Department of Homeland Security and the Treasury Department.

But how did it happen?

Orion, by SolarWinds, Compromised by Attackers

In early 2020, it’s believed that malicious attackers had inserted code into SolarWinds’ product, Orion. Orion is an IT resource management system, which is used by over 30,000 clients. But how the hackers inserted this code is interesting.

Malicious attackers included a backdoor into a patch that SolarWinds sent out. Solar Winds, therefore, distributed the mechanism of its compromise, pushing the update in the form of a patch to its clients. By compromising SolarWinds’ patch system, they were able to compromise the systems on end-user computers.

Through this, the malicious attackers were able to spy on those who were using the Orion system. And because the Orion system is an IT resource management system, it had in-depth information on the organizations’ infrastructure and data.

While there are over 30,000 clients, only about 18,000 had updated their systems; perhaps the only time not accepting patches led to widespread increases in system security. Microsoft, Intel, and Cisco were all companies that used the Orion system. 

A Problem of Detection

A major issue is that the SolarWinds attack was unnoticed for the better part of the year. Though the update was pushed in early 2020, it wasn’t announced until December 2020.

Because the update came in the form of a patch from Solar Winds, it could not be detected as malicious by those who had installed it; it was an accepted update of a known system. It would have been up to Solar Winds to identify the malicious code in their patch, which is something they would have needed to do through a code auditing and review process.

Many believe that Russia’s foreign intelligence branch is responsible for the attack; if this is true, then there was a significant amount of resources put toward the attack, as well as a significant amount of computing talent. But Russian intelligence denied that they were responsible for the breach.

The Consequences of the SolarWinds Attack

It’s not yet known what the true consequences of the data breach will be; the information has not yet been used and may never be used, or it may be already in use in ways that cannot be or have not been detected.

But on a broader scope, the data breach has consequences for the entire cybersecurity industry. Because the attack was so discrete, it went on for some time without being noticed. And these types of attacks could happen at virtually any time without an organization being able to detect them. 

Many organizations operate with third-party systems such as Orion, including government organizations; it is no longer cost-effective for organizations to be able to develop their own systems. By using these systems, they have to be able to trust that the system they are using (and its patches) are not compromised.

This becomes even more obvious when cloud-based services are being used; there’s no way for an enterprise or agency to identify whether suspicious amounts of data are being sent when an application is fully hosted and managed on a cloud server.

Consequently, many companies are starting to operate on the assumption that there already have been breaches, and what they should do for their next steps. Cyber insurance is becoming increasingly important as a form of risk management.

The Key Takeaways of The SolarWinds Attack

The SolarWinds data breach represents a dramatic shift in cybersecurity measures for modern organizations. Today, many organizations rely upon third-party application providers. These application providers can be breached themselves, leaving an organization potentially unable to defend against threats. Not only is the cleverness of the SolarWinds attack a concern, but the amount of time it took to be detected is also of great concern. 

Organizations are going to need to find new ways to secure their data or there will need to be new safety protocols developed. For now, organizations need to assume at any moment that they could be breached, and take the steps to plan for that eventuality.  Cyber insurance can help. With cyber insurance, companies are protected in the event that they discover a breach — both for the direct and indirect costs of such a scenario.

If you have questions about E&O insurance or would like more insight on what E&O coverage would be best for your specific needs, get in touch.