Description
On the 14th December 2020, SolarWinds indicated that their systems had experienced a highly sophisticated, manual supply chain attack affecting the SolarWinds Orion Platform.
A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data.[1]
Summary
The SolarWinds Orion Platform is a powerful, scalable infrastructure monitoring and management platform designed to simplify IT administration for on-premises, hybrid, and software as a service (SaaS) environment in a single pane of glass.
The versions affected by this attack are the 2019.4 Hot Fix (HF) 5 and 2020.2 with no hotfix or 2020.2 HF 1 including:
- Application Centric Monitor (ACM)
- Database Performance Analyzer Integration Module (DPAIM)
- Enterprise Operations Console (EOC)
- High Availability (HA)
- IP Address Manager (IPAM)
- Log Analyzer (LA)
- Network Automation Manager (NAM)
- Network Configuration Manager (NCM)
- Network Operations Manager (NOM)
- Network Performance Monitor (NPM)
- NetFlow Traffic Analyzer (NTA)
- Server & Application Monitor (SAM)
- Server Configuration Monitor (SCM)
- Storage Resource Monitor (SCM)
- User Device Tracker (UDT)
- Virtualization Manager (VMAN)
- VoIP & Network Quality Manager (VNQM)
- Web Performance Monitor (WPM)
Solutions and Work arounds
- Immediately update the Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to the Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment.
- Immediately update the Orion Platform v2019.4 HF 5 to 2019.4 HF 6.
For more information on this attack, please visit the URL: https://www.solarwinds.com/securityadvisory
The Guyana National CIRT recommends that users and administrators review this alert and the remediation strategies and apply them where necessary.
Reference
- SolarWinds Security Advisory (14th December 2020). Retrieved from SolarWinds:
https://www.solarwinds.com/securityadvisory
- Security Advisory Regarding SolarWinds Supply Chain Compromise (14th December 2020). Retrieved from Security Boulevard:
- Active Exploitation of SolarWinds Software (13th December 2020). Retrieved from US-Cert: https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software
[1] https://www.csoonline.com/article/3191947/supply-chain-attacks-show-why-you-should-be-wary-of-third-party-providers.html