SolarWinds’ IT management platform Orion came under attack recently. Although the full harm of this burst is still not known it is noticeable that it was deep in reach, global in scope, and hit mostly the highest-values assets. For a very long period, the internal networks of agencies, the military, and the government were compromised.
Who is speculated to be behind this attack?
Officials and experts, after researching and analyzing, have concluded that it was most probably a state attack. Looking at capabilities, the highly advanced technologies, and MO it is most likely a job done by Russian agencies. This burst revealed a very good knowledge of both the fabric of modern IT infrastructure and the psychology of those who maintain and develop for it. This hack into the Sunburst system is bound to trigger another arms race between opsec researchers and hackers.
How were the systems hacked?
The attack swept into the system in the form of SolarWinds’ standard distribution update system for Orion. This trick, no matter how old, is very much powerful when used in the right way. The use of an old technique skillfully is what compelled the authorities to believe that it was a state-blown attack.
It is still unclear whether the .dll that was compromised was built on SolarWinds’ server by the company developers or whether a trojan version of the .dll was uploaded and signed by the attacking team. The customer, and in this case vital and central government agencies, is rendered useless when it comes to the product that the company is delivering. It was near to impossible for the agencies to have checked the software for malware and virus as this Orion is third-party software.
Is there a solution to avoid this kind of attack in the future?
The most trivial step would be to make arbitrarily complex internal checks before shipping the product to the customers on the company’s end. CI/CD pipelines with their deployment test suites don’t by and large retest code whenever it’s constructed, confirmed, and conveyed, and their robotization and a high volume of updates pushed live make a high data transmission channel to the client base that is difficult to screen for disruption. Proficiency turns into a weapon in the possession of a foe.
If the pipeline, in contrast to the existing one, rebuilds everything monetarily and checks the files supposed to go live with a high amount of isolation from the network framework and with an intensive process of checking the file through, the system could be made resilient to external attacks. No system is completely whatsoever but the idea is to build a sturdy framework for the system with regular, intensive, and strong checks that are strongly defended.
