In the movie Men in Black, Rosenburg, a dying Arquilian, tells Jay that the “Arquilian Galaxy is on Orion’s Belt”. This Orion may have led a galaxy’s worth of organization hacks – more than 425 of the Fortune 500 list of top companies; all of the top 10 telecommunications companies; all five branches of the military; and all of the top five accounting firms as part of 300,000 global customers potentially impacted, which also include UK government agencies and private sector companies.
As Sharon Nelson reports in her excellent blog Ride the Lightning, the the United States Department of Commerce, Treasury, State Department, National Institutes of Health, Homeland Security, and the Pentagon are all included in the list of organizations that have had their networks compromised.
The unwitting source seems to be enterprise monitoring software company SolarWinds. According to the Austin, TX based company, hackers “inserted a vulnerability within its Orion monitoring products which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run.”
The vulnerability was present within the Orion products and existed in updates to the product released between March and June 2020, after the attackers compromised the software build system for Orion.
SolarWinds said that it believed the security breach was likely the result of “a highly sophisticated, targeted and manual supply chain attack by an outside nation state.”
Some experts are already blaming the APT29 hacking group (also known as “the Dukes” or “Cozy Bear”), which has close ties to Russian intelligence, but SolarWinds says it has not confirmed the identity of its attackers.
The breaches, which were made public after the high-profile state-sponsored compromise of cybersecurity company FireEye, is said to have resulted in some 18,000 customers of SolarWinds downloading malicious versions of Orion that could have been exploited by the hackers to gain backdoor access to networks.
According to The Guardian, the US Cybersecurity and Infrastructure Security Agency issued an emergency directive late on Sunday night advising all federal civilian agencies to “review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately”. The acting director, Brandon Wales, said the compromise “poses unacceptable risks” to the security of federal networks.
Currently, we don’t know how many of those customers have actually experienced a data breach. Hopefully, it’s not as bad as it seems, but it seems REALLY BAD. Just when you thought we had run out of significant challenges for 2020 – there’s yet one more! Only 15 days to go, people!
So, what do you think? Does this latest hack change the way you think about how your organization handles its data? Please share any comments you might have or if you’d like to know more about a particular topic.
Image Copyright © Columbia Pictures
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.