SolarWinds details Orion cyber attack
SolarWinds’ new CEO Sudhakar Ramakrishna has provided details into investigations into the compromise of its Orion network monitoring platform in a sophisticated cyber attack.
In an update, Ramakrishna said the company is working with DLA Piper, CrowdStrike, KPMG and other industry experts on a root cause analysis for the attack aimed at examining how malicious code was inserted into the software without its knowledge.
The investigation to date suggests the use of a “highly sophisticated and novel malicious code injection source” to insert the malicious code into the software.
The malware, which appears to have been carefully crafted to avoid detection, is so sophisticated that the US government and many private sector experts are speculating that a foreign nation state conducted the operation as part of a targeted attack on US cyberinfrastructure.
Analysis suggests that the attackers were able to circumvent threat detection techniques employed by SolarWinds, other private companies and even the US government. The code itself appears to have been designed to provide the perpetrators a way to enter a customer’s IT environment.
SolarWinds, CrowdStrike and KPMG have reverse engineered the code responsible for the attack as part of the investigation. The company has expressed concern that other software development environments could be vulnerable to a similar attack.
How the explosion of non-human identities is changing cybersecurity
A surge in machine-to-machine communication and non-human...
Building stronger critical infrastructure with Zero Trust
Zero Trust provides a way to stay ahead of cyber attacks by assuming breaches will happen and...
Happy birthday, Active Directory!
Active Directory is a technology that has proved its staying power and has shaped enterprise IT...
