Skip to main content
 
nz

  • Increase Speed to Market
    Deliver quality quicker by optimising your delivery pipeline, removing bottlenecks, getting faster feedback from customers and iterating quickly.

  • Enhance Customer Experience
    Delight your customers in every digital interaction by optimising system quality and performance to provide a smooth, speedy and seamless user experience.

  • Maximise Your Investment
    Realise a positive ROI sooner and maximise your investment by focusing your energy on high-value features, reducing waste, and finding and fixing defects early.
  • The Wellington City Council (WCC) wanted to deliver quality outcomes without breaking the bank. Find out how Planit’s fast and flexible resources helped WCC achieve this goal.

this is a test Who We Are Landing Page


INSIGHTS / Articles

What Can We Learn From the Orion Hack?

 25 Jan 2021 
What Can We Learn From the Orion Hack? What Can We Learn From the Orion Hack?
What Can We Learn From the Orion Hack?
INSIGHTS / Articles

What Can We Learn From the Orion Hack?

 25 Jan 2021 

SolarWinds Orion is an infrastructure monitoring and management platform designed to simplify IT administration through a single view of the IT stack. It also manages security and is linked to all core IT infrastructure in an organisation running it.

Orion was a safe and secure product that was used by over 18,000 users at governments and large enterprises. That was, until it was breached and misappropriated by hackers.

What happened?

The initial access to SolarWinds used external remote access services with a combination of password guessing and spraying, and insecure administrator credentials.

Once they gained access to the internal networks or Cloud services, hackers had administrator rights that allowed them access to all local and Cloud resources. With this access, they injected their code into the build systems, leaving the source code untouched.

Any one of the 18,000 users who applied these patches was then infected with the Sunspot malware, which inserted the Sunburst backdoor code into affected systems. It is known that all patches between March 2019 and December 2020 had the actors’ code attached.

Its sophisticated design made it very hard to detect. Since Orion is a security product, it was also not scanned by malware checkers due to false positives.  

A joint statement from FBI, ODI, NSA, and CISA said that Russia was likely responsible for the attack. It was also believed to be an “intelligence gathering effort”.

The larger implications

Digital security systems are particularly vulnerable to this type of attack. This is because they use the IT infrastructure to link monitoring and management tools to CCTV, and access control infrastructure in the facilities.

Given the nature of the infrastructure used, it is common that:

  • Systems are installed to stay in place for decades.
  • Allow access to business networks.
  • Security on devices is typically weak (i.e. default or shared passwords between devices, no 2FA, etc.).
  • They get infrequent patching once installed, if ever.

When you consider all of these weaknesses, any part of a physical security network could be infected with a trojan or malware without anyone’s knowledge. This network is then typically monitored by tools like SolarWinds.

As the SolarWinds attack demonstrated, the ability to go detected enables malware to burrow deeper into a network and cause more damage. When you add poor security practices to the mix, it creates a perfect vector for such an attack.

A valuable lesson

The attack on SolarWinds highlights how security has to be part of IT design and not an afterthought. Constant vigilance is also required to stay safe.

Don’t wait until your network is breached to start protecting yourself. Find out how our 5 day penetration testing package can help you uncover vulnerabilities and safeguard against these threats for as little as $9,000 + GST.

Protect Your Data and Reputation

We can help you protect your valuable assets and brand reputation. Following an international best practice methodical approach, we provide you with in-depth reports into weaknesses that attackers could exploit in your specific systems. We can then work with you to close these loopholes.
 
Find out how Planit’s three-pronged approach to security testing can help you protect your systems by addressing development, use, and infrastructure.

 

Find out more

Get updates

Get the latest articles, reports, and job alerts.