The SolarWinds supply chain attack that came to light nine months ago, brought into sharp focus the risk of purchasing software or hardware with deliberately or accidentally built-in weaknesses. Many organizations around the globe understood for the first time that the risk was higher than they had ever expected.
Perhaps the most shocking thing to come to light was the fact that the software supplier had been compromised more than a year before the breach and malicious activity was discovered, and not by Solar Winds, but a third-party security firm.
By breaching SolarWinds, the attackers were able to insert backdoor malware in the Orion network management system code that was delivered to Orion customers in an update to the Orion software. The backdoor was designed to enable the attackers to impersonate users and accounts of victim organizations.
Because the breach by suspected nation-state attackers affected more than 30,000 organizations, both public and private around the...
This publication is only available to our subscribers.
Register and read on!
Sign up for the Professional or Specialist Subscription Packages to access the entire body of KuppingerCole research including this blog.
Subscribe to our Podcasts
How can we help you