In what is likely a recurring topic… let’s update on the “SolarWinds hack”, which will clearly be the name even as the scope expands.
KrebsOnSecurity reported that according to its sources, a flaw in VMWare’s Workspace ONE was being used to access protected data and break authentication. VMWare, however, has disputed those findings, indicating that the zero-day exploit reported by the NSA was not used as an additional attack vector. Additionally, Reuters is reporting that Cox Communications and the local government in Pima County Arizona can be added to the list of intrusions, along with the US nuclear weapons agency.
Reuters is also reporting that a second, different hacking team also targeted SolarWinds products in an effort known as SUPERNOVA, which is a piece of malware that imitates Orion but is not digitally signed like the other, which suggests that the second group did not have access to the internal systems of SolarWinds. This reporting also indicated that Cisco was targeted as well, although the company indicates that while internal research machines were compromised, there is no known impact to Cisco offers or products.
Datto is offering a free scanner for MSPs to search networks for the stolen FireEye tools, which is available to be used with any RMM platform.
Finally, I’m including a link to the full Microsoft research data on the exploit for those who want technical details.
Why do we care?
I’ll start with the name – the “SolarWinds hack” is sticking as a name, and that’s bad for the company’s brand. This one is so high profile, and their name is now front and center, for a company who was virtually hidden before.
That said, the fact that the scope is expanding shows just how critical this discussion will be. A number of years ago, I predicted there would be a “wake up” event, and this could well be it.
The software and IT worlds have tolerated a pretty lax and weak approach to security, in some cases as an afterthought. We’ve already seen calls for more, from industry and government, as the aftermath rolls on.
BEFORE this incident there was a recognition that regulation was coming. This just adds fuel, and very deep government pockets, to that fire.