Solarwinds Orion Compromise

By Samudra Vijay In Blog, Cybersecurity

24

Dec
2020

The Tale of a Supervisor Who Lost Trust

This is a short article for non-technical persons. It explains the recent compromise of the SolarWinds Orion software platform and its impact on monitoring and management tools and platforms.

What is Orion?

All Hardware, Software and Networks, usually referred to as Cyber Assets, need to be constantly monitored and managed (system administration). These monitoring and management functions and services are provided by Software – since there are too many things to do for human actors. SolarWinds Orion is a monitoring and management Software that collects and reports information about the state of hundreds and thousands of systems – a supervisor.

What happened?

The supervisory role performed by SolarWinds Orion is critical for the overall upkeep of systems. The nature of data collected for monitoring and management can range from secret-sensitive-confidential-unclassified. When a critical component like SolarWinds Orion gets compromised/breached, a lot of information is at stake and can be used by adversaries at any time, in the near or distant future.

The Supervisor (SolarWinds Orion platform) was found to be sending out information (leaking information) to unauthorized locations. The extent of leak and the nature of information leaked, is yet to be ascertained!

How was it done?

Software is made of several parts called its, Components. As Software is modified (for improvement or to fix issues) these components need to be updated at customer sites. The modification of Software follows a secure process. The updates to customer sites are called deployments. In the case of SolarWinds Orion, the attackers hacked the “modification process” and introduced malicious code into the Software. The malicious code got deployed to hundreds and thousands of customer locations. The malicious code was stealthily leaking information over several months!

What should you do if you are using SolarWinds Orion?

What can you do to prevent such occurrences?

The above measures are the opinion of the author and should not considered as professional advice. Please remember any Cybersecurity practice is an iterative process and the goalposts are moving constantly!