Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » SolarWinds Hack Explained: Understand the Implications and Reduce the Risk to Your Organisation
Most of the thousands of cyber-attacks that are launched each year fly well under the mainstream news radar. So when a cyber-attack reaches international headlines, all organisations should sit up and pay attention. Earlier this year, hackers thought to be sponsored by the Russian state compromised software developed and managed by SolarWinds, an IT monitoring and management software provider. It went big: according to reports from Reuters, The Guardian and The Wall Street Journal, the hackers were able to deliver malware payloads that have to date affected the US Homeland Security, State, Commerce and Treasury Departments – and possibly more.
If you’re currently thinking “that’s fine – I doubt Russian state-sponsored hackers will target my organisation” then that’s a totally understandable response. However, we’d caution against it. The SolarWinds hack has implications that all organisations – including yours, including ours – should account for. Fortunately, there are also steps we can all take to reduce the risks our organisations face of suffering a similar fate. We’ll get to them a little later. But first, what actually is the SolarWinds hack?
SolarWinds provides IT monitoring and management software that gives organisations visibility of what’s happening on their networks. If you want to know why a particular circuit is running slowly, or if you want to understand the journey of a specific data packet, SolarWinds software can do that. In order to, however, SolarWinds needs what one of our cyber security experts described recently as ‘god-like’ access to your network.
The SolarWinds Orion Platform delivers centralised monitoring and management across organisations’ network, IT operations and security products. In order to function, it needs that ‘god-like’ access our expert described. Orion is a popular product – it’s used by several US federal agencies, along with a number of large companies including Microsoft and Cisco. What if you could hack the SolarWinds Orion Platform and leverage its access to launch cyber-attacks against these organisations?
Well, that’s exactly what happened. Hackers managed to access a system that SolarWinds uses to put together updates to its Orion Platform, enabling them to insert malicious code into otherwise legitimate software updates. Around 18,000 SolarWinds customers installed the tainted updates onto their systems, enabling hackers to gain access to confidential information and exfiltrate it away from the targeted organisations.
We’re still trying to understand the implications of the SolarWinds hack. At the time of writing investigators are still trying to determine what information the hackers may have stolen, and what they could do with it. But in the meantime, what are the lessons we can learn that we can apply to our own organisations in order to reduce risk and maintain operational integrity?
At Six Degrees we believe there are three key take-homes from the SolarWinds hack: the importance of supply chain security, the need to apply zero trust-aligned principles, and the need to proactively detect and respond to events throughout your network. Let’s take a look at these one at a time.
The SolarWinds hack was what is known as a supply chain compromise, as the hackers targeted their victims by first compromising a trusted supplier. This is a big deal for hackers: instead of having to trick individual targets into downloading malicious software, they can package their malicious code in otherwise legitimate software updates that they can simply leave the software provider to prompt its customers into downloading.
Put simply, every one of SolarWinds’ vast number of Orion Platform customers became a potential hacking target. So even if you’re not the US Treasury and the Russian state has no interest in you, your organisation could just as well be a victim, too.
The lesson here is about auditing and monitoring your organisation’s supply chain maturity. Supply chain attacks will become more commonplace as they continue to be a successful route to revenue for hackers. Therefore you need assurance from your suppliers – especially those that have intimate access to your network – that they don’t pose a cyber security risk to you. Here’s how you can go about doing that.
Your organisation probably outsources a number of services that were traditionally carried out in-house. The supply chain that delivers these outsourced services is typically split into two tiers: tier one suppliers directly contracted by you, and the tier two suppliers that they themselves outsource to.
Right now, there’s a good chance that your tier one suppliers are assessed during the contract onboarding process and then forgotten. Not great, but probably better than the diligence placed around the tier two suppliers.
At Six Degrees, we recommend carrying out continual diligence around your supply chain in order to mitigate the risk of a supply chain compromise causing financial, operational and reputational damage to your organisation. By benchmarking your suppliers against key domains such as compliance and accreditation and technical compliance, you can establish the areas of security weakness within your supply chain that present the greatest threat to your organisation. You can then prioritise remediation activities to reduce this threat.
Our Aegis cyber security benchmarking tool features a supply chain assurance module that enables you to do just this. To learn more about the Aegis tool and how we tailor it to enhance your organisation’s cyber security maturity, book an appointment to speak to one of our experts.
According to reports, the hackers that launched the SolarWinds hack had access to compromised systems as early as March. That’s the best part of a year to snoop around, find and exfiltrate highly sensitive data as they pleased. Not good. But if you download malicious code as part of an otherwise legitimate software update in a supply chain attack, how can you detect the compromise and respond to it quickly in order to minimise its impact?
There are two methods your organisation can employ that will reduce your attack surface and enable you to minimise the impact of a cyber-attack. Let’s take a look at how Managed Detection and Response begins to create a zero trust posture.
Zero trust is at best the future of cyber security and at worst an annoying buzzword that professionals throw around to sound smart. However, even though its interpretation can depend on who you speak to, its principles are sound. But what exactly is it?
With most organisations in 2020 having to deal with remote users, overlapping multi-cloud environments and Internet of Things devices, security focus is moving away from network perimeters and towards protecting assets individually. Zero trust shifts focus from where you are (on the network or at the perimeter) to who you are (your identity or device), challenging and authenticating every action you take.
Zero trust nirvana is a long way off for most organisations, but the journey to zero trust is one we believe organisations should take. Adhering to best practice zero trust-aligned security principles such as using multi-factor authentication and applying policy-based access to applications will reduce hackers’ ability to expand cyber-attacks throughout your network.
If you’ve heard the term zero trust bandied about and want to understand how it can relate to your organisation, get in touch. In the meantime though, here’s how detection and response complements zero trust to protect your organisation from cyber-attack.
The SolarWinds hack would have been far less damaging if its victims had been able to identify and address the threat sooner. Moving forward, how can your organisation achieve this? Well, that’s where managed endpoint security comes in.
Endpoint security is an approach to cyber security that follows zero trust principles to focus on end user devices — or endpoints. However, the goal isn’t to protect each individual endpoint — desktop, laptop, virtual environment etc. — but the system as a whole. This is done by managing the flow of information between the network and device, centralising security and control while decentralising risk.
Microsoft Defender for Endpoint is an endpoint security system that is able to automatically isolate active threats, minimise risk exposure, and provide advanced attack detection and response capabilities. When configured and managed correctly, this delivers a preventative security system and real-time defence that enables security analysts to prioritise threat alerts, view the full scope of any breaches and act immediately to rectify identified threats.
Put simply, if hackers gain access to your network, Microsoft Defender for Endpoint will generate alerts that identify the suspicious activity. Which is great. But who’s going to manage and act on the alerts the endpoint security system generates? The best security tools can only quarantine an issue and alert you to a problem. It’s then your responsibility to act upon the intelligence you’ve received to eliminate and remediate that treat.
Our Managed Detection and Response service handles this for you. Managed Detection and Response is a fully-managed endpoint protection service that keeps your organisation safe 24×7. Our experienced cyber security experts harness the power of Microsoft’s industry-leading Defender for Endpoint security solution to deliver:
By implementing Managed Detection and Response, you can reduce hackers’ ability to expand cyber-attacks across your infrastructure and minimise the risk of data breach resulting in financial, operational and reputational damage. You can learn more about Managed Detection and Response and book a demo here.
The SolarWinds hack has opened up a real Pandora’s box of cyber security implications, and these touch on some pretty fundamental aspects of your organisation’s operational approach. In this blog we’ve explained the importance of supply chain security, applying zero trust-aligned principles and implementing detection and response capabilities to minimise the cyber risk your organisation faces.
At Six Degrees we have the expertise and the experience to deliver tailored solutions that will enhance your organisation’s cyber security posture. But before we start, we always want to understand your organisation and where you are on your own cyber security journey. That’s why we offer a cyber security assessment that will give us – and you – the knowledge and tools to roadmap the next steps of your journey. Schedule a call if you want to learn more.
Cyber security has a visibility problem. Outside of…
The dramatic shift to remote workflows has increased…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
