Skip to content

SolarWinds: Supply Chain Attack

  • by

What’s Happened? 

There has been a massive and very sophisticated supply chain cyberattack, recently discovered in the US, allegedly perpetrated by an adversary nation-state using compromised Orion business software of US based IT management software firm ‘SolarWinds’, which was targeted against the US government, its agencies and several other private companies. This is now likely becoming a global cyberattack as various companies continue to analyse and discover their exposure and extent of hack. 

How did it Happen? 

This global intrusion campaign involved hackers compromising the infrastructure of SolarWinds through a series of events as mentioned below: 

  • The attackers gained access to elevated credentials through the vulnerable source code of the Orion platform of SolarWinds. The Orion Platform is used by US federal agencies and many Fortune 500 companies to monitor the health of their IT networks. 
  • Once in the network, the attacker acquires administrative permissions to forge trusted SAML tokens to impersonate any of the organization’s existing users and accounts and make API calls with the permission assigned to that application. 
  • The attackers further used this access to distribute trojanized software updates to SolarWinds customers. This trojanized component called SUNBURST is digitally signed and contains a backdoor that communicates with third-party servers controlled by the attackers.  
  • The backdoor was used to deliver a malware dropper called TEARDROP, which after an initial dormant period, started retrieving and executing commands by masquerading its network traffic and blending in with the legitimate SolarWinds activity. 
  • To avoid detection, attackers used temporary file replacement techniques to remotely execute their tools by following the delete-create-execute-delete-create pattern and keeping their malware footprint very low during lateral movement. 
  • As customers install this counterfeit update, the malware will attempt to resolve a Command and Control (C2) domain, mimicking normal SolarWinds API communications. Thus, compromising millions of machines across the globe successfully. 
  • Hacked networks were seen communicating with a malicious domain name registered under GoDaddy. avsvmcloud[.]com – was one of several domains the attackers had set up to control affected systems.  

Mitigation Strategy 

FireEye collaborated with GoDaddy and Microsoft to deactivate SUNBURST infections. Domain seizure was part of a collaborative effort to prevent networks that may have been affected by the compromised SolarWinds software update from communicating with the attackers.  

The control over the domain was transferred to Microsoft and the domain was reconfigured to act as a “killswitch” that would prevent the malware from continuing to operate under some circumstances, i.e.: Depending on the IP address returned when the malware resolves avsvmcloud[.]com, the malware would terminate itself and prevent further execution. 

The attacker infrastructure leaks its configured hostname in RDP SSL certificates, which is identifiable in internet-wide scan data. Therefore, uncovering the malicious IP addresses that may be masquerading as the organization. 

Examination of SMB logs reveal the access to legitimate directories and follow a delete-create-execute-delete-create pattern in a short amount of time using variable file names. 

SolarWinds issued a security advisory urging its customers to update to version 2020.2 HF 1 of its Orion Platform. It also released an additional hotfix 2020.2.1 HF 2 on Orion. 

Recommendations 

  • We should consider mapping your attack surface since major business partners (Microsoft, CISCO, Intel) were compromised in the supply chain attack. 
  • Limit destinations on the edge, i.e.: DNS, proxy and think Zero-Trust networking. 
  • Threat Intel team to conduct threat hunts across the length and breadth of the corporate network and prioritize unusual activities logged during volumetric analysis of events. 
  • Sensor Management Team to alert on events by creating new SIEM rules based on the signatures revealed by FireEye, CISA and several public institutions to manage our attack surface better. 
  • SOC to monitor for intrusions and log events continuously and the Incident Response team to investigate as required.  
  • Vulnerability Management team to patch the SaaS applications regularly to prevent supply chain attacks. 
  • The need for security should be considered as a part of the vendor selection process. 

205 thoughts on “SolarWinds: Supply Chain Attack”

  1. As someone who just tried cbd products like cbd recovery representing the at the outset heyday, I requirement bring up I’m genuinely impressed! I’ve been hearing adjacent to CBD in place of or like cbd for sleep a while seldom, but I was a particle skeptical thither how it would touch me. I irrefutable to examine a small dosage of CBD fuel to reflect on if it would avoid with my chronic mix with pang and anxiety, and the results were more certain than I anticipated.

  2. As someone who just tried cbd products like cbd recovery for the foremost heyday, I be required to say I’m genuinely impressed! I’ve been hearing nearby CBD in place of or like https://greenrevolutioncbd.com/product/cbd-cbg-tincture/ a while now, but I was a particle skeptical thither how it would affect me. I marked to have a stab a niggardly prescribe of CBD oil to appreciate if it would serve with my chronic ostracize distress and anxiety, and the results were more reliable than I anticipated.

  3. As someone who principled tried cbd products like cbd recovery with a view the at the outset dilly-dally, I requirement bruit about I’m genuinely impressed! I’ve been hearing nearby CBD in search or like https://greenrevolutioncbd.com/choose-experience/cbd-for-energy/ a while seldom, but I was a crumb skeptical thither how it would upset me. I marked to try a negligible administer of CBD lubricant to appreciate if it would avoid with my long-lasting shoulder hurt and desire, and the results were more express than I anticipated.

  4. As someone who fair-minded tried cbd products like cbd recovery representing the first heyday, I requirement bring up I’m genuinely impressed! I’ve been hearing about CBD in search or like a while now, but I was a bit skeptical almost how it would upset me. I marked to have a stab a lesser dosage of CBD fuel to appreciate if it would avoid with my chronic arm in arm distress and foreboding, and the results were more express than I anticipated.

  5. Excellent insights! Your breakdown of the topic is clear and concise. For further exploration, I recommend visiting: READ MORE. Keen to hear everyone’s opinions!

  6. I like the helpful info you provide in your articles.
    I will bookmark your blog and check again here
    regularly. I am quite sure I will learn many new stuff right here!
    Good luck for the next!

  7. Hi, I do believe this is an excellent web site. I stumbledupon it 😉 I will return once again since i have book marked it. Money and freedom is the best way to change, may you be rich and continue to help others.

  8. Howdy, I do think your website could be having web browser compatibility problems. Whenever I look at your web site in Safari, it looks fine however, if opening in I.E., it’s got some overlapping issues. I simply wanted to give you a quick heads up! Aside from that, fantastic website!

  9. Your style is unique compared to other folks I have read stuff from. Thanks for posting when you have the opportunity, Guess I’ll just bookmark this web site.

  10. I blog quite often and I genuinely appreciate your content. The article has truly peaked my interest. I’m going to book mark your website and keep checking for new details about once a week. I subscribed to your Feed as well.

  11. I’m pretty pleased to uncover this web site. I want to to thank you for your time for this fantastic read!! I definitely enjoyed every little bit of it and I have you bookmarked to see new information in your website.

  12. An impressive share! I have just forwarded this onto a coworker who was doing a little research on this. And he actually ordered me lunch because I discovered it for him… lol. So allow me to reword this…. Thanks for the meal!! But yeah, thanx for spending some time to discuss this matter here on your blog.

  13. Oh my goodness! Awesome article dude! Many thanks, However I am having issues with your RSS. I don’t understand the reason why I can’t join it. Is there anybody having the same RSS issues? Anybody who knows the solution can you kindly respond? Thanks.

  14. An outstanding share! I’ve just forwarded this onto a colleague who was conducting a little homework on this. And he actually ordered me lunch simply because I found it for him… lol. So allow me to reword this…. Thanks for the meal!! But yeah, thanx for spending the time to discuss this subject here on your web page.

  15. Hello! I could have sworn I’ve visited this site before but after going through many of the posts I realized it’s new to me. Anyhow, I’m definitely pleased I discovered it and I’ll be bookmarking it and checking back frequently!

  16. Hi, I do think this is an excellent site. I stumbledupon it 😉 I may return once again since i have book marked it. Money and freedom is the greatest way to change, may you be rich and continue to guide others.

  17. Nice post. I learn something new and challenging on blogs I stumbleupon everyday. It’s always useful to read through articles from other authors and use something from their web sites.

  18. A motivating discussion is definitely worth comment. I believe that you need to publish more about this subject, it might not be a taboo matter but usually people don’t discuss such subjects. To the next! Best wishes.

  19. I blog quite often and I genuinely appreciate your content. The article has really peaked my interest. I am going to take a note of your website and keep checking for new details about once a week. I subscribed to your Feed as well.

  20. You’re so interesting! I don’t think I’ve read through something like that before. So wonderful to discover someone with some unique thoughts on this subject matter. Really.. many thanks for starting this up. This web site is one thing that is needed on the web, someone with some originality.

  21. Having read this I thought it was rather informative. I appreciate you finding the time and effort to put this content together. I once again find myself personally spending way too much time both reading and commenting. But so what, it was still worth it.

  22. This is a really good tip especially to those new to the blogosphere. Simple but very accurate information… Appreciate your sharing this one. A must read post.

  23. Good day! I could have sworn I’ve visited this blog before but after browsing through many of the articles I realized it’s new to me. Regardless, I’m definitely pleased I discovered it and I’ll be bookmarking it and checking back regularly.

  24. Hello there! This article couldn’t be written any better! Looking at this post reminds me of my previous roommate! He continually kept preaching about this. I’ll send this information to him. Pretty sure he will have a good read. Thank you for sharing!

  25. This is the right site for everyone who wants to understand this topic. You realize a whole lot its almost tough to argue with you (not that I really will need to…HaHa). You definitely put a fresh spin on a subject that has been written about for years. Wonderful stuff, just wonderful.

  26. I was excited to uncover this page. I wanted to thank you for ones time due to this wonderful read!! I definitely liked every bit of it and i also have you bookmarked to see new information in your website.

  27. Hi, I do believe this is a great blog. I stumbledupon it 😉 I may come back yet again since i have saved as a favorite it. Money and freedom is the greatest way to change, may you be rich and continue to guide others.

  28. Spot on with this write-up, I actually believe that this amazing site needs far more attention. I’ll probably be back again to read through more, thanks for the information!

  29. Right here is the perfect webpage for everyone who really wants to understand this topic. You know a whole lot its almost tough to argue with you (not that I personally would want to…HaHa). You definitely put a fresh spin on a subject that has been written about for years. Wonderful stuff, just excellent.

  30. After I initially commented I appear to have clicked the -Notify me when new comments are added- checkbox and from now on whenever a comment is added I recieve four emails with the exact same comment. There has to be a way you are able to remove me from that service? Thanks.

  31. You’re so interesting! I don’t think I’ve truly read a single thing like that before. So great to discover another person with a few unique thoughts on this topic. Seriously.. thank you for starting this up. This web site is one thing that’s needed on the internet, someone with some originality.

  32. An outstanding share! I’ve just forwarded this onto a co-worker who had been conducting a little research on this. And he in fact ordered me lunch due to the fact that I found it for him… lol. So let me reword this…. Thank YOU for the meal!! But yeah, thanks for spending some time to talk about this topic here on your web page.

  33. Disquieting nothing but hemp has been perfectly the journey. As someone keen on spontaneous remedies, delving into the in every respect of hemp has been eye-opening. From THC tinctures to hemp seeds and protein competency, I’ve explored a miscellany of goods. Teeth of the misunderstanding bordering hemp, researching and consulting experts receive helped navigate this burgeoning field. Entire, my experience with hemp has been positive, offering holistic well-being solutions and sustainable choices.

  34. I was more than happy to find this great site. I need to to thank you for your time just for this wonderful read!! I definitely liked every little bit of it and I have you bookmarked to look at new information in your blog.

  35. Hi, I do believe this is a great website. I stumbledupon it 😉 I’m going to revisit once again since i have book-marked it. Money and freedom is the best way to change, may you be rich and continue to guide other people.

  36. Spot on with this write-up, I seriously feel this site needs a great deal more attention. I’ll probably be back again to see more, thanks for the info!

  37. Worrisome mood gummies has been perfectly the journey. As someone fervent on spontaneous remedies, delving into the coterie of hemp has been eye-opening. From THC tinctures to hemp seeds and protein pulverize, I’ve explored a miscellany of goods. In defiance of the misunderstanding neighbourhood hemp, researching and consulting experts tease helped navigate this burgeoning field. Entire, my live with hemp has been positive, gift holistic well-being solutions and sustainable choices.

  38. An impressive share! I’ve just forwarded this onto a friend who had been conducting a little homework on this. And he in fact bought me dinner simply because I found it for him… lol. So allow me to reword this…. Thank YOU for the meal!! But yeah, thanks for spending time to talk about this topic here on your web site.

  39. When I initially left a comment I seem to have clicked on the -Notify me when new comments are added- checkbox and now each time a comment is added I receive 4 emails with the exact same comment. There has to be a way you can remove me from that service? Appreciate it.

  40. After exploring a handful of the blog posts on your website, I honestly appreciate your technique of writing a blog. I saved it to my bookmark website list and will be checking back soon. Please visit my website as well and let me know what you think.

  41. Having read this I believed it was very informative. I appreciate you spending some time and energy to put this informative article together. I once again find myself spending way too much time both reading and leaving comments. But so what, it was still worth it.

  42. Hello! I just would like to give you a huge thumbs up for your excellent info you have here on this post. I will be coming back to your web site for more soon.

  43. Can I just say what a comfort to uncover someone that genuinely understands what they’re discussing on the internet. You definitely understand how to bring an issue to light and make it important. A lot more people have to check this out and understand this side of the story. It’s surprising you are not more popular because you definitely possess the gift.

  44. I absolutely love your site.. Very nice colors & theme. Did you build this amazing site yourself? Please reply back as I’m trying to create my very own website and want to learn where you got this from or just what the theme is called. Appreciate it!

  45. An outstanding share! I have just forwarded this onto a colleague who has been doing a little research on this. And he in fact ordered me dinner because I found it for him… lol. So let me reword this…. Thanks for the meal!! But yeah, thanx for spending time to discuss this topic here on your web site.

  46. Hi there, There’s no doubt that your website could be having internet browser compatibility issues. Whenever I look at your site in Safari, it looks fine but when opening in Internet Explorer, it has some overlapping issues. I simply wanted to give you a quick heads up! Apart from that, wonderful site!

  47. Right here is the perfect web site for everyone who hopes to understand this topic. You understand so much its almost tough to argue with you (not that I actually will need to…HaHa). You definitely put a brand new spin on a topic that’s been written about for many years. Great stuff, just excellent.

  48. After I originally left a comment I appear to have clicked the -Notify me when new comments are added- checkbox and now whenever a comment is added I get 4 emails with the same comment. Perhaps there is a means you are able to remove me from that service? Thanks a lot.

  49. Hi, I do believe this is a great blog. I stumbledupon it 😉 I may come back yet again since i have book-marked it. Money and freedom is the best way to change, may you be rich and continue to help other people.

  50. An intriguing discussion is worth comment. I believe that you ought to write more about this subject matter, it may not be a taboo subject but typically people don’t speak about such subjects. To the next! Kind regards!

  51. Hello there! This post could not be written much better! Looking at this article reminds me of my previous roommate! He constantly kept preaching about this. I’ll forward this information to him. Fairly certain he’ll have a very good read. I appreciate you for sharing!

  52. I’m impressed, I must say. Rarely do I encounter a blog that’s equally educative and interesting, and without a doubt, you’ve hit the nail on the head. The issue is something which not enough people are speaking intelligently about. I’m very happy I stumbled across this during my hunt for something regarding this.

  53. Howdy! This post couldn’t be written much better! Going through this post reminds me of my previous roommate! He always kept talking about this. I’ll forward this information to him. Pretty sure he will have a very good read. Thanks for sharing!

  54. Nice post. I learn something new and challenging on blogs I stumbleupon on a daily basis. It will always be helpful to read through articles from other authors and use a little something from other web sites.

  55. Having read this I thought it was really enlightening. I appreciate you spending some time and effort to put this short article together. I once again find myself spending a lot of time both reading and commenting. But so what, it was still worthwhile.

  56. Oh my goodness! Awesome article dude! Many thanks, However I am encountering difficulties with your RSS. I don’t know the reason why I can’t join it. Is there anybody else getting the same RSS issues? Anybody who knows the solution will you kindly respond? Thanks.

  57. Spot on with this write-up, I really believe this web site needs far more attention. I’ll probably be back again to read through more, thanks for the information!

  58. Having read this I thought it was very informative. I appreciate you finding the time and effort to put this information together. I once again find myself spending a lot of time both reading and leaving comments. But so what, it was still worth it!

  59. May I just say what a relief to discover somebody who genuinely understands what they’re discussing on the internet. You actually understand how to bring an issue to light and make it important. More people must read this and understand this side of your story. I was surprised that you’re not more popular given that you most certainly possess the gift.

  60. Aw, this was an incredibly nice post. Finding the time and actual effort to make a superb article… but what can I say… I put things off a lot and never manage to get anything done.

  61. After looking into a few of the blog articles on your site, I seriously appreciate your technique of writing a blog. I saved it to my bookmark website list and will be checking back soon. Take a look at my web site as well and tell me how you feel.

  62. The next time I read a blog, Hopefully it does not disappoint me as much as this particular one. I mean, Yes, it was my choice to read, however I truly believed you would probably have something useful to talk about. All I hear is a bunch of moaning about something you could possibly fix if you were not too busy searching for attention.

  63. Having read this I believed it was extremely informative. I appreciate you taking the time and energy to put this informative article together. I once again find myself personally spending a significant amount of time both reading and leaving comments. But so what, it was still worth it.

  64. An outstanding share! I’ve just forwarded this onto a friend who was conducting a little research on this. And he actually bought me breakfast simply because I found it for him… lol. So let me reword this…. Thanks for the meal!! But yeah, thanx for spending some time to discuss this issue here on your website.

  65. Hi, I do think this is a great website. I stumbledupon it 😉 I will revisit once again since I book-marked it. Money and freedom is the best way to change, may you be rich and continue to guide others.

  66. Aw, this was an incredibly nice post. Spending some time and actual effort to create a top notch article… but what can I say… I hesitate a whole lot and never manage to get nearly anything done.

  67. An outstanding share! I’ve just forwarded this onto a colleague who has been doing a little research on this. And he in fact bought me lunch simply because I stumbled upon it for him… lol. So allow me to reword this…. Thanks for the meal!! But yeah, thanks for spending the time to discuss this topic here on your blog.

  68. Oh my goodness! Impressive article dude! Many thanks, However I am experiencing issues with your RSS. I don’t understand the reason why I am unable to subscribe to it. Is there anybody getting similar RSS issues? Anybody who knows the answer will you kindly respond? Thanx!

  69. Greetings, I do think your web site could be having web browser compatibility problems. Whenever I take a look at your website in Safari, it looks fine however, if opening in Internet Explorer, it has some overlapping issues. I merely wanted to give you a quick heads up! Aside from that, great blog!

  70. Howdy! I could have sworn I’ve been to your blog before but after looking at a few of the posts I realized it’s new to me. Regardless, I’m certainly happy I came across it and I’ll be bookmarking it and checking back regularly!

  71. After I originally commented I seem to have clicked on the -Notify me when new comments are added- checkbox and now whenever a comment is added I get four emails with the same comment. Is there a means you are able to remove me from that service? Thank you.

  72. An intriguing discussion is definitely worth comment. I do think that you ought to write more about this issue, it might not be a taboo matter but usually people do not speak about such issues. To the next! Many thanks.

  73. I truly love your website.. Pleasant colors & theme. Did you develop this website yourself? Please reply back as I’m looking to create my very own site and would like to know where you got this from or what the theme is called. Kudos.

  74. May I simply just say what a comfort to uncover somebody who really understands what they’re talking about online. You actually know how to bring an issue to light and make it important. A lot more people should check this out and understand this side of your story. I can’t believe you are not more popular since you certainly possess the gift.

  75. I blog frequently and I truly thank you for your content. This article has really peaked my interest. I am going to book mark your site and keep checking for new information about once per week. I subscribed to your RSS feed too.

  76. Oh my goodness! Impressive article dude! Many thanks, However I am having issues with your RSS. I don’t understand why I can’t subscribe to it. Is there anybody else getting the same RSS problems? Anyone that knows the solution will you kindly respond? Thanks.

  77. Good day! Do you know if they make any plugins to help with SEO?

    I’m trying to get my site to rank for some targeted
    keywords but I’m not seeing very good success. If you know of any please share.
    Thank you! I saw similar blog here: Blankets

  78. Having read this I thought it was very enlightening. I appreciate you spending some time and effort to put this information together. I once again find myself personally spending way too much time both reading and posting comments. But so what, it was still worth it.

  79. May I simply just say what a relief to find someone that genuinely knows what they are talking about on the internet. You definitely realize how to bring a problem to light and make it important. More and more people really need to look at this and understand this side of your story. I was surprised you are not more popular because you certainly possess the gift.

  80. The very next time I read a blog, I hope that it won’t fail me just as much as this one. After all, Yes, it was my choice to read through, however I really believed you would probably have something helpful to talk about. All I hear is a bunch of complaining about something that you could fix if you weren’t too busy searching for attention.

  81. A motivating discussion is definitely worth comment. I believe that you should write more on this subject matter, it may not be a taboo matter but generally people do not talk about these subjects. To the next! Best wishes.

  82. When I originally left a comment I seem to have clicked on the -Notify me when new comments are added- checkbox and now each time a comment is added I recieve four emails with the same comment. There has to be an easy method you are able to remove me from that service? Many thanks.

  83. I would like to thank you for the efforts you have put in writing this blog. I am hoping to check out the same high-grade content by you in the future as well. In truth, your creative writing abilities has motivated me to get my very own website now 😉

  84. The SolarWinds supply chain attack exposed vulnerabilities in major organizations, compromising security software through updates. This attack highlighted the risks of interconnected systems. Much like how the Jesus is King hoodie Kanye West reflects personal identity, the breach revealed the need for strong security to protect digital identities and infrastructure.

  85. You’re so interesting! I do not suppose I have read through something like that before. So wonderful to discover somebody with unique thoughts on this subject matter. Seriously.. many thanks for starting this up. This site is something that is needed on the web, someone with some originality.

  86. When I originally left a comment I appear to have clicked the -Notify me when new comments are added- checkbox and from now on every time a comment is added I get four emails with the exact same comment. Perhaps there is a way you are able to remove me from that service? Thank you.

  87. You’re so interesting! I don’t believe I’ve truly read through anything like this before. So good to discover someone with genuine thoughts on this issue. Seriously.. many thanks for starting this up. This site is something that is needed on the web, someone with some originality.

Comments are closed.

Call Our Experts:

+91 95577 22103

small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png

We’d love to help your organization achieve your Data Protection goals!

Schedule a complimentary consultation with our Team of Experts.