Supply-Chain Attack: Cybercriminals’ Way to End 2020?
by Raymund Taylan, Senior Security Advisor
15 December 2020
SolarWinds’s Orion Platform, a widely used IT monitoring and infrastructure management software, has been hit by a supply-chain attack. Based on SolarWinds’s investigation, vulnerability was inserted in Orion products updates that were released between March and June 2020.
According to SEC filings, the actual number of customers that may have installed the Orion products that contained this vulnerability is fewer than 18,000.
Based on SolarWinds’s Security Advisory page, aside from initial hotfix provided for Orion Platform on 14 December 2020, customers are also advised to expect an additional hotfix today that will replace the compromised component and provide several additional security enhancements.
FireEye, a US security firm, also confirmed that they have had security breach this week. According to the news, hackers managed to gain access to FireEye’s network using a supply–chain attack by targeting the custom penetration testing tools that are used by FireEye to share indicators of compromise (IOC) and countermeasures on FireEye’s Github account.
With all the breach news coming out, this only tells us that no one is invincible to cyber attacks. Cybercriminals are continuously improving and utilising methods that counter the latest security tools and cyber forensic examination. Aside from having complete visibility and control over security tools deployed in an estate, this also suggests that each organisation must conduct regular penetration testing to increase the visibility over critical vulnerabilities and deploy appropriate security controls over critical operational components to keep the risk of having security breach low. Again, no one is 100% secure. Cybercriminals will always have a motivation and resources to get in and fulfil their personal motives.