The SolarWinds Attack: What you Need to Know

Imagine being hacked and downloading malware from an attacker. Instead of deleting the malware, you install it on your computer. Imagine your IT staff installing the malware on every computer, server, and system in your company.
Next, open up your network and allow malware to communicate with the system for months without interruption. Imagine the scenario being repeated 18,000 more times across many industries or government agencies.
This was the SolarWinds attack.
The SolarWinds cyberattack was among the most complex and extensive in history. As a case study of a supply chain attack, cybersecurity researchers will likely continue to study it for years. Russian hackers gained access the computer networks of 18,000 SolarWinds clients. It seems that they were primarily targeting U.S. government agencies like:
U.S. Homeland Security Department
U.S. State Department
Nuclear research labs
Contracting agencies for government
IT companies

The execution, planning, and integration of the attack were carefully managed by skilled and resourceful attackers. The code structure and style of Russian attackers are clear. This attack was extremely successful and affected thousands large companies as well government agencies.
SolarWinds is the most widely used management tool for large businesses. It has over 200,000 customers worldwide. Over 30,000 organizations have downloaded the update immediately, and at least 18,000 were activated for monitoring IT systems. These attackers were able penetrate any system at will and to remain undetected.
Cybersecurity professionals, students, and IT personnel can all learn a lot from this article about the sophisticated strategies used to attack nation-states. It is possible that smaller-scale attackers will employ the same tactics, strategies, and tools as the SolarWinds hackattack. It is therefore important to know how to identify them.
SolarWinds cyberattack is a wake up call for organizations that fail learning. They could be next victims.

Why was SolarWinds chosen as an attack vehicle?
SolarWinds is a leader for monitoring and analysis tools that are used worldwide in data centers to monitor the health system. It is based out of Austin, Texas.
SolarWinds Orion is a dashboard and collector for IT professionals that can be used to monitor the status servers, networks, or other related systems.
It must have access almost all modern IT infrastructures in order to gather logs and alarms. This is how the attackers gained access.
Instead of attacking organizations directly the attackers used Orion software by SolarWinds to gain secure entry into the heart IT systems. Because SolarWinds was a trusted supplier to organizations all over the globe, this attack is called a Supply Chain attack. This includes top-level U.S government agencies.

What You Can Learn from the SolarWinds Attack Global Knowledge

What was the timeline?
Experts from Crowdstrike and FireEye have reviewed log files and tools in order to determine the likely timeline for SolarWinds. This is a great place for learning and studying the timeline.
September 4, 2019, Attackers gain SolarWinds’ network access
Although it is unclear how this happened it is most likely that an email based malware attack was carried out on a specific machine. This compromised user credentials, which allowed remote execution. After scanning the network carefully, the attackers found the development environment in which SolarWinds creates its production code.

September 12, 2019, — This attack was not accidental.
The attackers knew exactly where they were looking. The attackers had already created a small code piece and inserted it into the Orion release.