Solarwinds Saga Keeps Going Like The Energizer Bunny

We recently reported on the Solarwinds Supply Chain hack that resulted in over 18,000 large corporations, organizations and government agencies all being infected with malware. Since the attack was publicized, thousands of articles have been written about the hack, as well as the incredible, far-reaching fallout from the attack.

Some of the news implies that the Solarwinds hack could mean lights-out for your company...literally. Among the many organizations hacked were the U.S. Department of Energy and many energy companies, each of whom were using Solarwinds to help manage their IT infrastructure. What they didn’t expect is that Solarwinds would help to infect their infrastructures with malware and actually result in power being shut off to millions of people. Ironically, the Solarwinds saga keeps going like the Energizer Bunny even if the power eventually shuts off.

Solarwinds Saga Revisited - What Happened

As our original story about the Solarwinds Supply Chain hack explained, Solarwinds creates software that helps large enterprises and organizations manage their IT infrastructure. As a result, their software runs on nearly every piece of computer hardware on the network.

Some cybercriminals -- generally thought to be hackers aligned with the Russian government -- managed to gain access to the Solarwinds servers that store and manage Solarwinds’ own software. Some security researchers have found evidence that this access was gained via a publicly posted password to the Solarwinds servers...a password that violated the company’s password strength requirements: “Solarwinds123.”

Whatever the method used to gain access, the hackers added their own code to the Solarwinds servers so that when the next version of their software was released, it included the hack. This hack, once installed on Solarwinds’ clients’ networks along with the rest of the new Solarwinds software, gives the hackers “backdoor access” to those computers and networks.

This can be very, very, very bad for the infected organization. And very, very bad for the country and your business, too.

The Solarwinds Potential To Affect Infrastructure

The potential for harmful effects resulting from the Solarwinds hack may go on for years, and perhaps decades. It’s the “Energizer Bunny” of hacks because it just doesn’t quit. One very real possibility has to do with the nation’s power grid. In addition to the Department of Energy itself being a victim of the Solarwinds hack, the Utility Industry website, Utilitydive.com, says that among the companies who use Solarwinds are hundreds of Industrial Control Systems, including several companies in the “critical manufacturing, energy, water and wastewater, and commercial facilities sectors.”

If the Solarwinds hack results in those same Russian hackers -- or other bad actors -- gaining access to those companies, then large parts of the country could be without power, water, and waste control systems. Manufacturing and other commercial facilities could also be disabled. Entire states or regions could be disabled with the push of a few buttons on a keyboard.

And if those manufacturing capabilities happen to be within the defense sector, the USA’s ability to defend itself may be at stake.

UtilityDive.com quoted Robert Lee, who spoke at the DOE’s Electric Advisory Committee meeting, as saying that “fallout from the SolarWinds attack could continue for years.”

Second and Third Generation Effects of the Solarwinds Saga

As bad as that all sounds, these first generation effects sound distant and far-fetched to many people. But second and third generation effects of the Solarwinds Saga can bring damages right into your business and onto your desk.

The original Russian hackers, who now have the ability to install software on millions of computers, could potentially install software that does a variety of very bad things.

Ransomware

We have written about Ransomware many times in this space, and if there is one thing that remains the same about Ransomware is that it continually gets worse. The hackers could install Ransomware via the Solarwinds back door and potentially disable entire government departments, non-governmental organizations (NGO’s), large corporations, and others and then demand millions, if not billions of dollars in ransom. The organization would be hobbled until the issue was resolved.

And if the ransom were not paid, Data Exfiltration (which is common part ransomware these days) could expose data for millions of consumers and businesses.

Making matters even worse, imagine if terabytes of government data, including secret military data, were released to global enemies, including ISIS, Al Qaeda, and countries like the very belligerent Iran.

Software Vendors

Those results could be devastating on a global scale. But there could also be effects closer to home...as in YOUR home and business. Microsoft, who claims to have isolated and removed the Solarwinds malware, has software in millions of homes and businesses. But other software publishers may not have been as successful as Microsoft claims to be, and might be distributing software today that is infected by software inserted via the Solarwinds hack. That means your own personal data could be at risk, because your cybersecurity systems might view the software as legitimate and harmless.

CyberSecurity Vendors

In an article about the discovery of three more pieces of malware used by the Solarwinds Hackers, by ZDNet, “some of the cyber security companies were compromised via SolarWinds' tainted Orion update”. That means that the companies whose business it is to protect you from malware were themselves infected with malware. ZDNet goes on to say “as many as 30% of the organisations breached had no direct link to Solar Winds and were attacked by other means,” proof of these second and third generation hacks.

What You Can Do About The Solarwinds Hack

It might sound like there is nothing you can do to help protect your organization from the effects of the Solarwinds hack, but that is not at all the case. Not all cybersecurity systems have been infected by the Solarwinds hack. In fact, the majority have not. So the first line of defense against this and other malware is a strong cybersecurity strategy built on robust detection and protection systems, which include security information and event management systems (SIEM) to coordinate cybersecurity data from your entire organization. Endpoint protection, patch management, advanced email and web filtering and more are all part of a good cybersecurity plan.

But there’s more to cybersecurity than that.

Hacks and malware like this are not found by security systems alone. They are found by skilled researches and white-hat hackers who are looking 24/7 for malicious code. At DigitalUppercut, we offer our clients a staff full of cybersecurity experts in our Security Operations Center. They are trained to use their experience and human intuition to discover attempted hacks and breaches, and help protect your company from them.

They, like the automated cybersecurity systems listed above, are all part of our Business Protection Toolkit, designed specifically to give you “big business” cybersecurity on a small business budget.

Solarwinds Saga’s Energizer Bunny Won’t Stop

The Solarwinds Saga isn’t the first of its kind, and it certainly will not be the last. This hack will breed and inspire others, and some could potentially be much worse. Your business deserves to be protected, no matter what happens. If you don’t have faith that your current cybersecurity strategy will hold up to the more dangerous and aggressive hacks that are sure to come, talk to Digital Uppercut today. Contact us online or call us at 818-913-1335.