SolarWinds Security Alert (14th December 2020)

Description

On the 14th December 2020, SolarWinds indicated that their systems had experienced a highly sophisticated, manual supply chain attack affecting the SolarWinds Orion Platform.

A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data.[1]

Summary

The SolarWinds Orion Platform is a powerful, scalable infrastructure monitoring and management platform designed to simplify IT administration for on-premises, hybrid, and software as a service (SaaS) environment in a single pane of glass. 

The versions affected by this attack are the 2019.4 Hot Fix (HF) 5 and 2020.2 with no hotfix or 2020.2 HF 1 including:

• Application Centric Monitor (ACM)
• Database Performance Analyzer Integration Module (DPAIM)
• Enterprise Operations Console (EOC)
• High Availability (HA)
• IP Address Manager (IPAM)
• Log Analyzer (LA)
• Network Automation Manager (NAM)
• Network Configuration Manager (NCM)
• Network Operations Manager (NOM)
• Network Performance Monitor (NPM)
• NetFlow Traffic Analyzer (NTA)
• Server & Application Monitor (SAM)
• Server Configuration Monitor (SCM)
• Storage Resource Monitor (SCM)
• User Device Tracker (UDT)
• Virtualization Manager (VMAN)
• VoIP & Network Quality Manager (VNQM)
• Web Performance Monitor (WPM)

Solutions and Work arounds

• Immediately update the Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to the Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment.
• Immediately update the Orion Platform v2019.4 HF 5 to 2019.4 HF 6.

For more information on this attack, please visit the URL: https://www.solarwinds.com/securityadvisory

The Guyana National CIRT recommends that users and administrators review this alert and the remediation strategies and apply them where necessary.

Reference

•  SolarWinds Security Advisory (14th December 2020). Retrieved from SolarWinds:

          https://www.solarwinds.com/securityadvisory

• Security Advisory Regarding SolarWinds Supply Chain Compromise (14th December 2020). Retrieved from Security Boulevard:

           https://securityboulevard.com/2020/12/security-advisory-regarding-solarwinds-supply-chain-compromise/

• Active Exploitation of SolarWinds Software (13th December 2020). Retrieved from US-Cert: https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software

---

[1] https://www.csoonline.com/article/3191947/supply-chain-attacks-show-why-you-should-be-wary-of-third-party-providers.html