The world has recently learned of the sophisticated supply-chain attack on FireEye by inserting malicious code in a software update for a tool called SolarWinds Orion. The operation may have started as early as mid-2020. The Orion system is used by the U.S. Treasury Department, Commerce Department, Department of Homeland Security, the Pentagon, the Navy and many others. And, even as I type this post, Tuesday evening December 15, the security firm GreyNoise Intelligence reports, “SolarWinds still has not removed the compromised Orion software updates from its distribution server.”
DHS’s Cybersecurity and Infrastructure Security Agency (CISA) purchased $45,000-worth of licenses for Solarwinds tools in 2019 while the U.S. Cyber Command spent over $12,000.
Solarwinds, in a legal filing yesterday, Monday, December 14, says malicious code was pushed to nearly 18,000 customers (that does not mean I am one customer and you are another. It means Microsoft Office 365, for example, is ONE customer.)
We can look to Microsoft to soon get an idea who, and how many, SolarWinds customers were really affected as Microsoft (according to a quick look at the Internet’s “Whois”) has taken control of the Domain (registered and managed by Go Daddy in Arizona) used to control the infected systems.
“Vinoth Kumar, a cybersecurity “bug hunter” who has earned cash bounties and recognition from multiple companies for reporting security flaws in their products and services, posted on Twitter that he notified SolarWinds in November 2019 that the company’s software download website was protected by a simple password that was published in the clear on SolarWinds’ code repository at Github.” – Krebson Security.
I must say that I am shocked… SCHOCKED that the (purportedly) Russian hackers were able to get through the sophisticated systems in place at Solarwinds, a company so advanced I have heard they did not even see the need for an internal chief of cybersecurity. I mean who at the Russian FSB, even tho they have some of the best cyber-hackers on the planet, would ever have thought to build code-busting software to break the heavy-duty security at Solarwinds?
Oh… wait a minute! The password was published amongst the public repository of Solarwinds files at Github. It was a masterful password most of us would have had to write on the back of our hands to remember: solarwinds123
I. could. not. make. this. s—. up.