SolarWinds Cyberattack

SolarWinds is a software company primarily focused on system and network management software for companies/organizations.

Primarily the software that was involved in this incident was SolarWinds Orion Platform. According to solarwinds.com, "The SolarWinds^® Orion^® Platform is a powerful, scalable infrastructure monitoring and management platform designed to simplify IT administration for on-premises, hybrid, and software as a service (SaaS) environments in a single pane of glass. ".

https://www.solarwinds.com/orion-platform

In summary, the hack resulted when a software update for SolarWinds Orion Platform was pushed. SolarWinds state on their website, "This attack was a very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software.". The code pushed in the illegitimated software update/attack also contained backdoor accessibility along with secondary malware injectors.

https://www.solarwinds.com/sa-overview/securityadvisory#anchor1

How I would handle this incident:

First and foremost it would be important to isolate the vulnerability/attack by disconnecting this software from connected hardware/services.

Then it would be ideal to identify and study the incident that took place. This would allow better understanding and allow more possible solutions to this and future incidents.

To ensure proper security and recovery of your connected hardware/services, with the knowledge that the incident was caused by the newest software patch, going back to a previous installation would be best after formatting and removing any hidden malware that may have been injected.

Finally after these steps are taken it would be important to preform an incident report. This would include documenting hardware performance, security, and overall reliability before the final implementation onto your network.

SolarWinds also provides more in-depth recommended actions on https://www.solarwinds.com/sa-overview/securityadvisory.

SolarWinds Cyberattack

Brenden Michael Ray

Brenden Michael Ray

Web Tools To Consider In Web Enumeration and Compromise

Hardening an Operating System

Two Attacks That Can Affect a Linux Install or Network

Programming Languages, Python.

Handling a Malware Infection