SolarWinds Hack is our "Cyber Pandemic"

Even as we struggle to distribute the vaccine for the Covid-19 pandemic, more than 18,000 private companies and government agencies recently fell victim to a cyber pandemic.  As with the novel coronavirus, the recent cyberattack came from overseas, arriving unnoticed initially.

Dubbed "Solarigate", the attack is characterized as a supply-chain compromise leveraging compromised versions of Orion management software from SolarWinds, which set the stage for the introduction of a "poisoned" Dynamic Link Library (DLL) enabling the attacks.

It's believed the SolarWinds software was exploited by a large, well-resourced nation-state actor, causing them to push out the malicious updates, with early reports indicating Russia as the likely culprit. This vulnerability gave them what we refer to in the industry as God access, the right to do anything they want to do in stealth mode, completely undetected.

As the CEO of a top-ranked MSP and Microsoft Azure Expert MSP, we at Henson Group were shocked at the event's considerable intelligence failure. Our firm does not use SolarWinds technologies, but some of our clients not using our MSP services, did and were affected. Even though these companies were not Henson Group MSP customers, we donated countless hours to help them clean and secure their networks. At the end of the day, I'm proud of the free work we provided and the impact we had to help companies recover. That said, we wouldn't be a top MSP if we didn't re-review our plans and capability to quickly come back if we were affected by this kind of devastating attack. Ironically, this introspection took longer than the development of the plan. I'm happy to say Henson Group is prepared and has plans for these nation-state of attacks.

No Apparent Damage

First, let me say there is no evidence that anything was destroyed. This would suggest that this was just a mere espionage operation with intelligence gathering as the objective.

However, I'm concerned that the Russians may have placed additional back doors within those networks so they can cause damage or take them down, causing havoc as needed in the future. More directly, they are preparing the battlefield for if/when they need to cause maximum damage during an actual conflict. This could go so far as to take down a cell network, interrupt air traffic control, or disable power plants.

Cyber is the most inexpensive, highly destructive, highly deniable weapon that nation-states can use today. We must practice the utmost vigilance and implement every prevention and protection possible.

We're All In This Pandemic Together, too

Thankfully we do have the capacity to respond to these attacks, enabled by our strong technology partnership and our federal government's assistance when needed, because neither government nor the private sector can defend our networks alone.

It is crucial that we work together against these attacks. Technology providers, including Microsoft, FireEye, and others, have already published volumes of valuable information. It is unlikely that most companies have sufficient technical expertise to interpret and act upon all of this. These are very sophisticated attacks, and protecting against them requires equal or greater sophistication.

If you were affected, need help searching for these possible backdoors, or just want to be more than adequately prepared, we have listed useful resources below that may help you. As always, you can also reach out to me directly to engage Henson Group for expert assistance.

Solorigate Resource Center – updated December 31st, 2020 – Microsoft Security Response Center

Microsoft Internal Solorigate Investigation Update – Microsoft Security Response Center

Important steps for customers to protect themselves from recent nation-state cyberattacks - Microsoft On the Issues

Ensuring customers are protected from Solorigate - Microsoft Security

Global Intrusion Campaign Leverages Software Supply Chain Compromise | FireEye Inc

Security Advisory | SolarWinds