The recent news of a large-scale attack on the part of a foreign government utilizing popular network monitoring tools should have integrators questioning the security of the remote monitoring tools they use.
U.S. government officials, cybersecurity experts and tech giants are working around the clock to uncover more evidence and possibly other supply chain attack vectors after IT software company SolarWinds disclosed that versions of its popular Orion product was compromised by foreign cyber actors.
Since then, the once obscure company – outside of IT circles – has been thrust into the mainstream with loads of negative press, including one report about poor security practices at the firm itself.
However, bad press is the least of the company’s problems. It will now have to deal with investors, as its stock price has fallen nearly 25% since the firm disclosed the hack.
Read Next: What We Know About the SolarWinds Hack
SolarWinds Orion is an enterprise network management solution that includes performance and application monitoring, network configuration management and other tools, and it was a gold mine for hackers, as compromising a single target gave it access to 18,000 organizations, including some of the most powerful U.S. government agencies.
According to the U.S. Cybersecurity and Infrastructure Agency, SolarWinds may not be the only initial access vector.
“This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks,” the agency’s Thursday alert said.
“It is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures (TTPs) that have not yet been discovered. CISA will continue to update this Alert and the corresponding indicators of compromise (IOCs) as new information becomes available.”
With IT becoming more a part of the AV ecosystem, and things like AV-over-IP becoming mainstream in the industry, integrators and their end customers should be aware of the threats that can come with these internet-connected systems.
We advise integrators to stay up to date on this news, ensure that products they’re using don’t have vulnerabilities, and watch for indicators of a compromise.