Further attacks weigh on SolarWinds. Bruce Schneier criticizes that the company’s profit was generated by increasing the security risk.
SolarWinds is not getting out of the negative headlines. Just last week, the new SolarWinds boss had to admit that attackers had remained undetected in the company’s Office365 mail system for nine months. The Chinese are now suspected of attacking a US tax authority and stealing personal data from thousands of employees.
Russian hack was just the beginning
In December 2020, attacks on various US authorities became public. The Russian-sponsored group, which is also said to be responsible for the successful break-in at the IT security company FireEye, used infected updates for the Orion network management software from SolarWinds as an attack tool. They channeled this, provided with a valid digital SolarWinds signature, to the company’s update server and from there to the target systems.
Last week, a Trustwave employee discovered three vulnerabilities in SolarWinds products. Two of them, including the most dangerous, remotely exploitable, concern the Orion platform; another is in the FTP server software Serv-U FTP. SolarWinds has already released urgent updates to close the dangerous gaps .
Then the new SolarWinds CEO Sudhakar Ramakrishna, who only took office in January 2021, had to admit in an interview with the Wall Street Journal that attackers were able to hack the internal Office365 mail system as early as December 2019 and gain access to an account. From there, they compromised other mail accounts. According to Ramakrishna, these processes will be further investigated. Only dozen of victims have been officially identified so far, but the attacks could affect up to 18,000 of SolarWinds customers.
China under suspicion
Reuters is now reporting another cyber attack on the National Finance Center, the US Department of Agriculture’s finance agency . This should use other methods than the previous attacks, but also exploit loopholes in the SolarWinds network software . The attackers allegedly used infrastructures and methods that were previously used in other attacks supported by the Chinese government.
The attack on the US tax authorities could affect the data of thousands of employees. This includes social security numbers, phone numbers, personal email addresses, and bank account information. The “National Finance Center” claims to be responsible for the salaries of more than 600,000 employees.
The recent attack on Orion network management software has led the well-known IT security expert Bruce Schneier to criticize SolarWinds : “This horrific IT security is the result of a conscious company decision to reduce costs in favor of short-term profits. SolarWinds increased its profits by increasing it the security risk and then passed that risk on to its customers without their knowledge or consent. “