Vulnerable to a SolarWinds-style attack?

Can I still be hacked if I have all my security in place?

Supply chain security is at the forefront of cybersecurity discussions following the SolarWinds hack in 2020, affecting users of their SolarWinds Orion product globally – including nine US federal agencies.  

The attackers believed to be a Russian state-sponsored hacking group, gained access to SolarWinds’ software development system and injected malicious code into the company’s Orion platform, a widely used network monitoring and management software. This allowed the attackers to infiltrate the networks of SolarWinds’ customers who had installed the software, granting them access to sensitive data and potentially compromising national security.

Microsoft resellers are a target

In another incident related to the SolarWinds hack, CrowdStrike successfully fended off an attack attempt by the hackers. In this case, a reseller’s Azure account was used for managing CrowdStrike’s Microsoft Office licenses, and the hackers attempted to read the company’s email, but their attempt was unsuccessful. 

Microsoft clarified that if a customer buys a cloud service from a reseller and allows the reseller to retain administrative access, then a compromise of reseller credentials would grant access to the customer’s tenant. The company emphasized that this abuse of access would not be a compromise of Microsoft’s services themselves. 

Taking Action

These incidents underscore the need for companies to prioritize supply chain security and take proactive measures to assess and monitor the cybersecurity of their suppliers and partners. As the SolarWinds hack and its aftermath demonstrate, even a seemingly minor vulnerability in a supplier’s network can have far-reaching consequences for businesses and the broader economy.

By implementing robust security controls and limiting supplier access to the minimum required, businesses can reduce their exposure to cyber threats and ensure the resilience of their operations in the face of growing security risks. 

FoxTech’s Security Operations Centre can monitor the actions of your suppliers in your systems, and our security configuration advice helps you protect your systems for the least cost and maximum impact.

References:

  • crn.com Dec 2020 – Crowdstrike fends off attack attempted by SolarWinds hacker 
  • Infosecurity Magazine Feb 2021
giles.atkinson

Why SIEM?

Security Information and Event Management (SIEM) is an essential tool for organisations to protect their IT infrastructure from Cyber threats.

Read More »