SolarWinds Inc., has recently been hit by a cybersecurity breach where the hackers at the apex of sprawling spy campaign used the company’s dominance against it. The company has reportedly confirmed that Orion, its flagship network management software tool, has proven to be the unwitting channel for an expansive international operation of cyberespionage. The hackers apparently inserted a malicious code in the software updates of Orion which was pushed out to around 18,000 customers.
It has been reported that the hackers have already augmented their access into important breaches at the U.S. Treasury and Department of Commerce. As per credible sources familiar with the investigation, Russia is the top suspect, however other sources of knowledge have stated that it is still too early to tell.
Chief Executive of SolarWinds, Kevin Thompson had recently boasted about the company’s significant growth through his 11 years at the helm. Thompson further added that there was not an IT deployment model or database out there that did not use certain level of its monitoring or management provided by the firm. The company covers a large part of the market, he added.
As the company’s dominance has become a liability, it has become an example of how the workhorse software that helps in connecting the organizations together can turn destructive when subverted by sophisticated hackers.
SolarWinds’ security has reportedly come under new scrutiny. Citing security concerns, U.S. officials ordered users to immediately disconnect Orion. Consequently, the company’s shares have dropped more than 23% from $23.50 on Friday to $18.06 on Tuesday.
According to an earlier unreported matter, various criminals offered to sell access to SolarWinds’ computers through underground forums. Speaking of which chief executive of cybercrime intelligence firm Intel471, Mark Arena stated that one of those offering this access is named “fxmsp”, who proposed the claimed access over the Exploit forum in 2017 and is wanted by the FBI over involvement in various high-profile incidents.
Meanwhile, Vinoth Kumar, a security researcher has stated that he had alerted the company that its update server can be easily accessed by anyone using the password “solarwinds123”. Apart from this, Kyle Hanslovan, cofounder of Huntress, a cybersecurity firm, observed that days after the company became aware about the security breach, the malicious updates were still available for download.