In December 2020, one of the most significant cyber attacks in recent history was discovered: the SolarWinds Orion hack. The attack compromised the supply chain of SolarWinds, a leading IT management software provider, and affected over 18,000 of its customers, including numerous government agencies and Fortune 500 companies. One of the companies that responded to the incident was SecureWorks, a cybersecurity solutions provider that helped several of its clients to detect and mitigate the attack. In this article, we will examine the lessons learned from the SecureWorks and SolarWinds Orion incident.
Background: What is SolarWinds Orion?
SecureWorks and the SolarWinds Orion is a popular network and infrastructure monitoring software that allows IT administrators to manage their systems from a centralized location. The software is widely used by businesses and organizations of all sizes, including government agencies, to monitor and manage their networks, servers, and applications.
The Hack: How did it happen?
The SecureWorks and the SolarWinds Orion hack was a sophisticated supply chain attack that targeted the software update mechanism of SolarWinds Orion. The attackers compromised the software development process and inserted a malicious code into one of the updates, which was then distributed to SolarWinds customers via the software update mechanism. Once installed, the malicious code allowed the attackers to gain remote access to the compromised systems and steal sensitive information.
SecureWorks’ Response: What did they do?
SecureWorks and the SolarWinds Orion was one of the first cybersecurity companies to respond to the SolarWinds Orion hack. They immediately started investigating the incident and provided guidance to their clients on how to detect and mitigate the attack. SecureWorks also used its Threat Intelligence to monitor the activity of the attackers and share information with other organizations and government agencies.
Lessons Learned: What can we learn from this incident?
The SolarWinds Orion hack and SecureWorks’ response to it provide several valuable lessons for businesses, organizations, and individuals to improve their cybersecurity posture.
Supply Chain Risk Management
The SecureWorks and the SolarWinds Orion hack demonstrates the importance of supply chain risk management. Businesses and organizations should implement policies and procedures to assess and manage the risks associated with their third-party vendors and suppliers, including software providers. This includes performing due diligence on the security practices of vendors, conducting regular vulnerability assessments, and implementing security controls to detect and mitigate attacks.
Threat Intelligence Sharing
The SecureWorks and the SolarWinds Orion hack also highlights the importance of threat intelligence sharing among cybersecurity professionals. Threat intelligence is a valuable tool that can help organizations to detect and respond to cyber threats. Sharing threat intelligence with other organizations and government agencies can help to identify and mitigate threats before they cause significant damage.
Finally, the SolarWinds Orion hack underscores the importance of cybersecurity preparedness. Businesses and organizations should have robust incident response plans in place that outline the steps to be taken in the event of a cyber attack. This includes identifying and containing the attack, assessing the impact, notifying stakeholders, and restoring services.
The SecureWorks and the SolarWinds Orion hack was a wake-up call for businesses, organizations, and individuals to take cybersecurity seriously. The incident demonstrated the sophistication and persistence of cyber attackers and the importance of being prepared for such attacks. SecureWorks’ response to the SolarWinds Orion hack provides valuable lessons on supply chain risk management, threat intelligence sharing, and cybersecurity preparedness. By implementing these lessons, businesses and organizations can improve their cybersecurity posture and reduce the risk of cyber attacks.