How companies could prevent “SolarWinds Supply chain” kind of attacks

SolarWinds is a well-known company that provides the tools & offers services for real-time monitoring and analyzing the IT infrastructure & Applications, it’s “easy-to-use” interface makes it popular amongst many large-scale corporations, mid-market & small businesses across the globe.

In 2020, a major cyberattack (popularly known as “SolarWinds Supply chain attack”) suspected to have been committed by a group known as “cozy bear” backed by the Russian government penetrated thousands (estimated to be 18,000+) of organizations globally including the likes of Microsoft, Google, Intel to name a few. Even multiple departments of the United States federal government were not spared, Intelligence agencies also suspect that this attack could have stolen critical insights on covid-19 vaccine research.

Ironically the hackers first gained access to the SolarWinds systems in January 2019 and the attack not being publicly discovered or reported until December 2020, several months earlier than previously known , revealed Mr. Sudhakar Ramakrishna CEO @SolarWinds.

Just like programmers across the globe, even SolarWinds Orion programmers leveraged GitHub for distributed version control and source code management which mostly has sensitive information which unfortunately got compromised because someone mistakenly marked it public instead of private. According to the company sources one of their Interns (who is no more working) probably used a fairly simple password “solarwinds123 whichever the case maybe it opened the door for the hackers who could have then meddled with and usernames and passwords & even deployed malicious software update package called sunburst into the build process this then allowed them to target SolarWinds customers.

However, this intrusion was first uncovered by the cyber security company FireEye because it too was a victim of this attack & it was detected when one of the employees of FireEye got a request to reset their multi-factor authentication which they had not done.

Here is the list of practices Companies could adapt in order to prevent SolarWinds & similar kinds of attacks :

• By deploying a proven Two-factor authentication along with a third-party password manager
• By keeping their Security & Network Appliances (AV, Firewalls, Switches, Routers, etc. ) & Software (Applications, Databases, Operating Systems, etc.) patches updated
• By training their employees using interactive training methods comprising of videos, simulations, quizzes, etc.
• By making Network VA/PT & Application code reviews a regular practice