SolarWinds Provides Update on Major Hack Amid New CISA Venture
CISA aims to prevent major supply chain security incidents like the SolarWinds breach from happening again.
In a new blog post, SolarWinds said the company first noticed “suspicious activity” on its Orion platform in September 2019 — more than a year before discovering the malicious code now referred to as SUNBURST, which induced the December 2020 cyberattack.
According to SolarWinds, the SUNSPOT malware inserted the SUNBURST backdoor “into software builds of the SolarWinds Orion IT management product.”
In other words, the malware mimicked SolarWinds’ own IT product, slipping in during the development process.
“The design of SUNSPOT suggests [the hackers] invested a lot of effort to ensure the code was properly inserted and remained undetected, and prioritized operational security to avoid revealing their presence in the build environment to SolarWinds developers,” according to the blog post.
SolarWinds said it “identified two previous customer support incidents during the timeline referenced above that, with the benefit of hindsight, we believe may be related to SUNBURST.”
Both incidents prompted investigations, but SolarWinds never found the SUNBURST malicious code until December.
On the heels of the SolarWinds update, CISA launched a new Systemic Cyber Risk Reduction Venture, highlighting the SolarWinds Orion hack as a result of the “concentrated sources of cyber risk” the new venture hopes to address.
“The SolarWinds Orion cyber campaign has highlighted how tools that typically leverage a significant number of highly privileged accounts and access to perform normal business functions can themselves actually become adversarial attack vectors if insufficiently hardened,” wrote Bob Kolasky, CISA’s assistant director for the National Risk Management Center.
In the press release, Kolasky underscored open source code libraries as a significant cyber risk. Daniel Kroese, former associate director for CISA’s National Risk Management Center, specifically called out open source software at GovernmentCIO Media & Research’s Infrastructure: Foundations of the Future event.
“Software represents a potentially concentrated source of risk if you don’t have the vulnerability management and acquisition strategies around it,” he said during a panel on IT supply chain security. “We’re working to deploy a series of tools across government agencies, but also private sector partners in the critical infrastructure community to do this supply chain analysis so that if there are vulnerabilities … we can track it, understand where it is and patch that swiftly.”
Kolasky said the Systemic Cyber Risk Reduction Venture will prioritize “software assurance” because it’s an area with “systemic risk.”
In December 2020, CISA released its Information and Communications Technology Supply Chain Risk Management Task Force Year Two Report, which detailed ways in which federal agencies can take stock of their ICT supply chain risk, like software vulnerabilities.
To prevent major hacks like the SolarWinds breach from happening again, the CISA Systemic Cyber Risk Reduction Venture will develop a cyber risk analysis for critical infrastructure and cyber risk metrics, and identify and promote tools to address “concentrated sources of cyber risk,” like software supply chains.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Top Federal AI Leaders to be Honored at GovCIO Media & Research’s AI Summit
The finalists for the AI Summit Flywheel Awards have been announced for the November 7 AI Summit in Reston, VA.
7m read -
Feds Prioritize Open-Source Software Security Initiatives
With the first open-source office established at CMS, a White House-led open-source group aims to advance many other initiatives in 2025.
3m read -
How AI Will Continue to Advance Biometric Tech
At Identity Week, Arun Vemury discussed how error rates in facial recognition have dropped over the past decade thanks to machine learning.
12m listen -
TSA is Innovating Digital Identity Solutions with AI
At Identity Week, Jason Lim talked about the ways that digital identity is changing the way people travel securely.
10m listen