Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the acf domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/ardentmcprod_597/public/wp-includes/functions.php on line 6121
Solarwinds: Part One - Ardent MC
Insights Mar 04, 2021

SolarWinds: Part One

Read the Full Story

Solar Winds: The Story of Espionage & Exfiltration

Last year was a difficult one—the Covid-19 global pandemic, economic recession, social strife, and the ever-present threats of war and climate change-accelerated natural disaster. Yet 2020 was also a milestone year for cybersecurity attacks globally. The FBI reported a dramatic 400% increase1 in cyber-attacks after the onset of the pandemic, as expected with the massive online shift of work, school, and commerce. One of the largest cybersecurity breaches in history occurred during this period: SolarWinds. The US cybersecurity community learns more every day about the depth of this attack.

Impacting 18,000 of SolarWinds’s 300,000 customers, the breach is a sprawling international cyber espionage operation that will serve as a case study for security and intelligence specialists for years to come. Enabled by the malware, now known as Sunburst, the hack epitomizes the kind of Exfiltration and Espionage (E2) attacks that will only become more common and more sophisticated as cyber becomes the preferred modus operandi of 21st Century geopolitical proxy wars.

For the uninitiated, SolarWinds (SWI) is a publicly traded, Austin-based IT infrastructure management firm that is deeply embedded in the IT management supply chain of many Fortune 500 companies and several critical government agencies. SolarWinds is known for its Orion Platform, a suite of network management, IT operations, and security products. Several of these products effectively became carriers that propagated malicious code throughout the company’s network of clients, including DHS-CISA, DoD Cyber Command, DISA, NNSA, and the US Treasury Department. This attack itself has come to be known as Sunburst, Solarigate, and UNC2452.

Figure 1: Known affected agencies

Continue Reading

Solarwinds: Part Two

About Ardent Insights

Ardent Insights is a monthly blog series, showcasing ‘actionable intelligence’ on technology- and data-related risks and opportunities facing governments and the constituents they serve, especially in the realms of public safety, disaster management, national security, law enforcement, public health, and smart/resilient infrastructure and systems.

Continue reading the Solarwinds series to discover how this attack happened and what can be learned.

Related Posts

Insights
Solarwinds: Part Two
Cloud
Top Benefits of Moving to the Cloud