The recent cyber-attack on SolarWinds has had far and wide reaching implications not just for the company itself and its users, but for organisations from all sectors too, given the nature of the attack and the implications and potential for data to be controlled and compromised.
SolarWinds is an American company who provide solutions to both governments and enterprise, allowing them to monitor and manage their infrastructures. Their customers range from smaller SME’s all the way up to Government agencies, who use this as part of their security protocols. On 13th December 2020, SolarWinds reported being a victim of a cyber-attack on their Orion Platform, which could potentially lead to a compromise of servers on which the Orion product runs on. The attack is said to have been perpetrated by hackers affiliated with the Russian government.
The attack involved hackers compromising SolarWinds and then subsequently producing and distributing trojanized updates to the software users. The malware seeded into Solarwinds Orion platform is now known to be called ‘Sunburst’.
The reason this attack was effective is because it was embedded within the trusted SolarWinds Orion product by the hackers, which users had no reason to doubt or question when updating their software. The problem then becomes one which results in users unknowingly downloading this malware into their own infrastructures. Hind sight is a beautiful thing, and with the benefit there of, many catastrophes could have been avoided; but could this one have been avoided without the benefit of hindsight? We think the answer to this question is a resounding ‘Yes’!
There is no doubt that internet revolution brings with it a host of positives including automation, accessibility, communication and productivity, to name a few, however, it is also the door to more sinister activity in our new digital world if not used, managed and policed with vigour. We have basically taken the common thief from the street and given them a global platform in which to carry out their wrong doings! The obvious solution is to restrict or minimise Internet access to trusted cloud-based services for your corporate servers, i.e lock your doors! Having robust and sensible security policies, which are managed on an on-going basis, will help you to minimise the negative traffic driven from the internet, when carrying out everyday tasks.
For instance, as a previous user of SolarWinds, the Network Performance Manager (NPM) server resided in an air gap (DMZ) with access controlled by NextGen firewalls, leaving no direct access to the internet. To ensure secure and limited access to both our own and our client’s environment, SNMPv3 read-only was used to poll and receive monitoring statistics. Clearly, from time to time, the NPM server would require a software upgrade for security advisories or feature enhancements, in this case, software was retrieved through a jump server and copied across to the NPM server. In addition to this, security policies dictated that any new software upgrades were not immediately implemented and instead given 7 days grace period to monitor any adverse effects of any such upgrade.
There is a delicate balance when it comes to upgrading the software on your servers and respective devices, i.e, do you execute the implementation straight away and risk the fall out of any teething issues of the release or do you wait to ensure the upgrade is effective, but then you risk a compromise from the very attack the upgrade is supposed to be protecting you against? It can seem like a ‘heads I win, tail you lose’ situation, but don’t lose faith! There is no right or wrong answer to this question, as it depends upon your organisation and your views on such matters, but what is clear is that risks can be significantly reduced by way of a well thought out security policy which involves a comprehensive understanding of the infrastructure under which you operate.
Whether you have been instrumental in the design and implementation of your current infrastructure or you have inherited it, we can help you to implement a cohesive and sound security policy, which will promote productivity whilst in a safe and secure environment.