COVID-19 Update

The SolarWinds Breach and the Cascading Effects of a Cyber Incident

Having various remote connections to customer networks creates a risk that a single breach could provide access to numerous targets.

Rob Simopoulos Leave a Comment
The SolarWinds Breach and the Cascading Effects of a Cyber Incident

The sophisticated supply chain attack of SolarWinds Orion software has surely shaken the cybersecurity world.

Early reporting is that the successful attack allowed adversaries to compromise the code within the Orion software which was sent to thousands of organizations within both the private and government sectors.

By infiltrating the SolarWinds development environment, attackers were able to inject malicious code into the software with the ultimate goal of implementing a backdoor to end-user systems.

The attack appears to have been well orchestrated from the start, from initially gaining access and using numerous camouflage and decoy techniques to avoid detection. SolarWinds has responded with an update to the software along with numerous recommendations and remediation techniques.

It is still early in the investigation and as we learn more, there is no doubt this was a very sophisticated attack aimed at not only at breaching SolarWinds directly but also many other organizations in a cascading fashion.

This incident brings up yet again the unique risk that cyber-attacks themselves pose. The fact that a breach often results in a one-to-many impact. A single cyber breach at a vendor not only affects them but may cascade and effect their customers, partners or vendors.

We must acknowledge that the reality is, this kind of cascading impact is not always caused through sophisticated attacks like seen with SolarWinds. There are much simpler examples, one of which is the constant occurrence of business email compromise.

With employees using weak or reused passwords and a lack of multi-factor authentication being deployed, cyber criminals remain able to breach email user accounts and position themselves within an organization’s email systems.

Once an email account is taken over, they continue their criminal activities by launching phishing campaigns from a legitimate email account towards an entire contact list of unsuspecting recipients whose traditional email protection systems allow the emails to slide right through.

Unaware of a breach, these recipients are often fooled into changing invoice payments, bank account numbers or sending sensitive information.

Why Cyberattacks Are So Hard to Prevent

Quite often it is the customers of these vendors who are most affected, and it is a reminder of how important it is to train teams to communicate and verify with the sender via a separate communication channel before conducting such requests.

Read Next: A Supply Chain Compromise Like SolarWinds Should Concern the AV Industry

With systems integrators continuing to provide valuable managed services to support the systems they deploy, the number of customers they have remote connectivity to is growing.

Having various remote connections to customer networks means there is an inherent risk that a single breach could provide access to numerous new targets for attackers; one of the biggest reasons why service providers are increasingly becoming attack targets.

Recently,  CISA released information about an advanced persistent threat (APT) group who is focusing on compromising managed service providers (MSP’s) that utilize remote management tools with the end goal of launching attacks on several of their customer organizations.

In the past, there have been successful one-to-many attacks on MSP’s that allowed cyber criminals to infiltrate managed service providers then pivot to customer systems with final steps of deploying ransomware on those networks.

That is why it is so vitally important that companies providing managed services establish and maintain safeguards to protect against these types of attacks.

When a systems integrator provides technology solutions to large enterprise customer’s they often find themselves under the microscope of the customers security teams.

As is common in a growing number of industries, systems integrators are now regularly receiving surveys asking that they clearly detail their data protection and cybersecurity posture.

Consistently they are asked to undergo cybersecurity assessments and are required to agree contractually to policies that outline that they will protect the customers data and systems appropriately.

It is with good reason as systems integrators have nearly unparalleled access to these organizations’ IT resources.

They deploy IP enabled devices on the network, technicians plug their own computer resources into those networks to conduct programming and setup, they have access to a variety of sensitive documents including network topology diagrams, configurations, device passwords and building floor plans with device layouts.

With this understanding, customer security teams are increasingly conducting vendor risk assessments and are becoming more adamant about only working with providers who have proper cybersecurity measures in place.

A single systems Integrator experiencing a cyber incident could easily cause a major cascading compromise effect to many of their customers.

With that knowledge we have seen a rise in communication within the industry by organizations such as PSA and NSCA who have committed to continuing to educate and remind integrators about the cyber threats they face and that they pose to their customers.

Cybersecurity involves a process of constant improvement. There will always be sophisticated attacks and successful breaches even if organizations take substantial steps to protect themselves (like we read in the news regularly, including with large enterprises).

But that is by no means a reason to ignore implementing proper cybersecurity programs, rather a supporting reason to put proactive safeguards in place. It is all about a group effort as an industry which requires each company to make a planned and consistent effort to improve their own cybersecurity.

Implement cybersecurity not only for your own business, but for your customers protection as well. Because while you may be the entry point, they may be the crown jewels.

CoronaVirus Update