virus logo Outbreak Alert

SolarWinds Orion Attack

Released: Dec 15, 2020

Download PDF »

Solarwinds

Critical Severity

SolarWinds Vendor

Attack Type

Subscribe

The SolarWinds supply chain attack

SolarWinds [signed] software containing a planted vulnerability released in March 2020 as a regular (trusted) software patch. The backdoor was not discovered until the FireEye breach became public 9 months later. Learn More »

Common Vulnerabilities and Exposures

CVE-2020-10148

Background

SolarWinds was the victim of a complex & targeted supply chain cyber attack, with the primary goal of inserting a malicious backdoor into trusted (signed) software, which could later be exploited in end-customer installations of the SolarWinds Orion platform. As reported by SolarWinds, the earliest visible account of the attacker shows test code inserted in the October, 2019 software release.
https://www.solarwinds.com/securityadvisory

It’s been claimed the attackers first gained access to SolarWinds infrastructure by exploiting an Authentication Service vulnerability. They were then able to persist and monitor emails & files, to identify the developers they needed to target. Once identified, the targets were infiltrated using Spear Phishing techniques to infect their local compute instances trusted to check-in source code Starting in March, 2020, SolarWinds began distributing infected patches via its website (as regular software patches) to unsuspecting SolarWinds Orion customers. The impacted versions are 2019.4 HF 5, 2020.2 unpatched, and 2020.2 HF 1. Once upgraded to the vulnerable version, the initial foothold is obtained to the end customer’s SolarWinds Development Server, and the malware can then target desired endpoints to install the infiltration malware to those systems. Post-installation to the victim, it may download subsequent malware and eventually make connection to the C&C server. On December 8, 2020, FireEye announced it was the victim of a cyber attack, disclosing that some of its advanced “red team” tools had been stolen. Within the following week, they determined the breach was due to the SolarWinds vulnerability.

Threat Radar Overall Score:
CVSS Rating 9.8
FortiRecon Score 90/100
Known Exploited Yes
Exploit Prediction Score 97.23%
FortiGuard Telemetry 214

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


SolarWinds subsequently released a detailed announcement:
https://www.solarwinds.com/securityadvisory#anchor1


On December 13, 2020, CERT issued Emergency Directive 21-01 regarding this issue:
https://us-cert.cisa.gov/ncas/alerts/aa20-352a

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • AV

  • App Control

  • AV (Pre-filter)

  • IPS

DETECT

  • Outbreak Detection

  • Threat Hunting

  • Playbook

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • NOC/SOC Training

  • End-User Training

IDENTIFY

  • Vulnerability Management

  • Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...