IT disaster recovery, cloud computing and information security news

SolarWinds compromise highlights the threat of attacks on trusted business software

CISA, the Cybersecurity & Infrastructure Security Agency, has issued a warning about the ‘active exploitation of SolarWinds Orion Platform software versions 2019.4 HF 5 through 2020.2.1 HF 1, released between March 2020 and June 2020’.

The incident is unusual in that it is an attack on trusted business software, with attackers engineered the software to deliver malware under the cover of a standard software update.

SolarWinds has confirmed the validity of the issue, stating that it “has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1.”

It appears that the attack was conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack, says SolarWinds.

FireEye, the company that discovered the issue, states that the actors behind this attack have used it to gain access to numerous public and private organizations around the world, beginning as early as Spring 2020 and currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft.

Read the CISA warning.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.