What happened on SolarWinds advanced cyberattack recently?

On 13 December 2020, there was a new development when IT company SolarWinds announced it had been hacked and that its compromised software channel was used to push out malicious updates onto 18,000 of its Orion platform customers. This attack was very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being to attack subsequent users of the software.

As part of the attack, the threat actors gained access to the SolarWinds Orion build system and added a backdoor to the legitimate DLL file. This DLL file was then distributed to SolarWinds clients via an automatic update platform used to push out new software updates. Lastly, once loaded, it will connect back to the remote command and control server to receive jobs to execute on infected devices.

Attacks might be also happening in your factory / #SCADA System that you might neglect. It is crucial to stop the #cyberthreat in an early stage in the kill chain across both the #IT and #OT environment.

“SolarWinds has many high profile clients, including Fortune 500 companies and multiple agencies in the US government, the breach could be massive.” – SolarWinds Orion Security Breach

In early of 2020, an estimated 18,000 of them downloaded the malware-ridden updates, which were embedded in a SolarWinds software called Orion. The code created a backdoor to customer’s information technology systems, which hackers then used to install even more malware that helped them spy on companies and organizations. Once they succeed, the hackers were able to roam about customer’s networks, undetected, for at least nine months which preferring to steal and use credentials to perform lateral movement through the network and establish legitimate remote access.

Do watch #Virsec demonstration shows how the culprits infiltrated and deposited a backdoor into the well-protected SolarWinds software infrastructure. – SolarWinds Attack End-to-End Demo

To know more about how to protect your control solution system? Find out more here: Cybersecurity.