SolarWinds (2020) 
Injecting malicious software into widely distributed software updates

CASE STUDY

SolarWinds (2020) : Injecting malicious software into widely distributed software updates

What happened at SolarWinds?

Hackers were able to gain access (possibly through phishing or an exposed remote desktop protocol port) to SolarWinds systems and injected malicious code into their Orion IT network performance monitoring and management software. Coincidentally SolarWinds performed a regular software update to all its Orion customers and distributed the malicious software to everyone. The regular updates allowed the hackers to distribute the malicious software almost virally.

What was the malicious software capable of?

Since it was installed as part of a privileged network management software update, the malicious code, known as Sunburst ,was able to gain access to the inner systems of all of the target victims and install a backdoor, compromising data and network access of thousands of customers.

The security issue here is the software supply chain. By hacking into the distributors network and installing malware into their software updates, the entire dowstream customer base gets infected and compromised. The contamination scheme is exponentially fast and effective. 

What was the security issue?

Who was affected?

More than 30,000 enterprises and government agencies were the victim of the attack; they included Microsoft, Intel, Cisco, Deloitte, and FireEye who was the first to detect the malicious software. 

 

What is the solution?

ICENI Hardware-Enforced Memory Safety

The software supply chain issue gets more complex and the security risk more widespread every day. A single piece of malicious software injected into the early stages of the supply chain spreads exponentially fast. With CHERI and CHERIoT memory safety technology, even compromised software cannot escalate its privileges and gain access to unauthorized resources. The blast radius of any individual piece of software is severely limited and all other portions of the system continue to function normally as expected. The virus-like propagating infection is isolated and can easily be dealt with. 
 

This technology is readily available in the new SCI Semiconductor's ICENI series of memory safety devices.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.