SolarWinds attack renews focus on supply chain security
Perhaps more than any other recent threat, the SolarWinds supply chain attack has rocked the infosec industry and sent shockwaves through enterprise and government security teams alike.
Investigators, law enforcement and incident response specialists are still assessing the full extent of the damage, but infosec experts are alarmed that nation-state hackers achieved such pervasive access inside so many major enterprises and government agencies. The suspected cyberespionage campaign began in 2019 when threat actors breached SolarWinds and gained access to the development environment vendor's Orion platform, a widely used suite of IT management products.
The threat actors hijacked the software compilation process for the platform and placed a backdoor inside legitimate, digitally signed Orion software updates. Those poisoned updates were pushed out to thousands of customers over several months. The threat actors exploited some of those backdoors to breach U.S. government agencies, such as the Departments of Justice and Homeland Security, as well as technology giants, including FireEye and Microsoft.
It's still unclear how many backdoors were exploited by the threat actors and how many organizations were breached as a result. But one thing is clear: The SolarWinds attacks will have long-lasting repercussions on enterprise security practices and strategies, from incident response and threat detection to supply chain protection and privileged account management.