Emergency Update if Your IT Team Uses SolarWinds Products, and How to Protect Against Supply Chain Attacks
Bad Actors compromised a product called SolarWinds Orion and then used that as a vector attack organization. Ask your IT team if they use SolarWinds products, and if so, they must visit SolarWinds dot com/security advisory immediately for more information.
SolarWinds is a well-respected organization, and many organizations utilize their products. Not enough details are known to discredit their organization. Clearly, attackers see them as valuable enough to use as an infection vector.
This is called a supply chain attack because bad actors use a trusted product in an organization’s supply chain to attack the organization. A similar well-publicized attack happened with a popular tool, with many benefits, called CCleaner. The attackers successfully compromised 2.3 Million PCs.
The CCleaner supply chain attack is an illustration of dwell time. Attackers waited five months from the time they gained access to CCleaner before they launched the attack on CCleaner users. Many computers were safe, but not 2.3 Million of them.
Remember: Just because your organization fixes a vector through which the infection came does not eliminate damage already done. As an analogy, if you were the king or queen of a castle, and you found that attackers entered your castle walls to attack your city, raising the bridge over your moat does not eliminate the attackers who already made it inside.
Supply chain attacks are one of many reasons to eliminate as much software as possible at your organization. If a program is not essential, remove it asap. SolarWinds is vital for many organizations.
Please forward this to your friends so they can alert their IT departments to address this situation, and know to remove all non-essential software from all computers.